SCIENTIFIC-LINUX-ERRATA Archives

February 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: netpbm on SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 11 Feb 2009 14:25:09 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (43 lines) 
Synopsis:	Moderate: netpbm security update
Issue date:	2009-02-11
CVE Names:	CVE-2007-2721 CVE-2008-3520

An input validation flaw and multiple integer overflows were discovered 
in the JasPer library providing support for JPEG-2000 image format and 
used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could 
create a carefully-crafted JPEG file which could cause jpeg2ktopam to 
crash or, possibly, execute arbitrary code as the user running 
jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)

SL 4.x

      SRPMS:
netpbm-10.25-2.1.el4_7.4.src.rpm
      i386:
netpbm-10.25-2.1.el4_7.4.i386.rpm
netpbm-devel-10.25-2.1.el4_7.4.i386.rpm
netpbm-progs-10.25-2.1.el4_7.4.i386.rpm
      x86_64:
netpbm-10.25-2.1.el4_7.4.i386.rpm
netpbm-10.25-2.1.el4_7.4.x86_64.rpm
netpbm-devel-10.25-2.1.el4_7.4.x86_64.rpm
netpbm-progs-10.25-2.1.el4_7.4.x86_64.rpm

SL 5.x

      SRPMS:
netpbm-10.35-6.1.el5_3.1.src.rpm
      i386:
netpbm-10.35-6.1.el5_3.1.i386.rpm
netpbm-devel-10.35-6.1.el5_3.1.i386.rpm
netpbm-progs-10.35-6.1.el5_3.1.i386.rpm
      x86_64:
netpbm-10.35-6.1.el5_3.1.i386.rpm
netpbm-10.35-6.1.el5_3.1.x86_64.rpm
netpbm-devel-10.35-6.1.el5_3.1.i386.rpm
netpbm-devel-10.35-6.1.el5_3.1.x86_64.rpm
netpbm-progs-10.35-6.1.el5_3.1.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2