aru Posted April 3, 2003 Report Share Posted April 3, 2003 MandrakeSoft Security Advisory MDKSA-2003:036-1 : netpbm April 3rd, 2003 Updated netpbm packages fix math overflow errors Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scripts that use these graphics conversion tools. Update: The packages for Mandrake Linux 9.1/PPC were not GPG-signed. This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out. The released versions of Mandrake GNU/Linux affected are: Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:036-1 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0146 Posted automatically by aru (mdksec2mub v0.0.5) Link to comment Share on other sites More sharing options...
Recommended Posts