USN-164-1: netpbm vulnerability

11 August 2005

netpbm-free vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Max Vozeler discovered that the the “pstopnm” conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a specially crafted PostScript document with pstopnm.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
netpbm
Ubuntu 4.10
netpbm

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References