Synopsis:	Moderate: netpbm security update
Issue date:	2009-02-11
CVE Names:	CVE-2007-2721 CVE-2008-3520

An input validation flaw and multiple integer overflows were discovered 
in the JasPer library providing support for JPEG-2000 image format and 
used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could 
create a carefully-crafted JPEG file which could cause jpeg2ktopam to 
crash or, possibly, execute arbitrary code as the user running 
jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)

SL 4.x

      SRPMS:
netpbm-10.25-2.1.el4_7.4.src.rpm
      i386:
netpbm-10.25-2.1.el4_7.4.i386.rpm
netpbm-devel-10.25-2.1.el4_7.4.i386.rpm
netpbm-progs-10.25-2.1.el4_7.4.i386.rpm
      x86_64:
netpbm-10.25-2.1.el4_7.4.i386.rpm
netpbm-10.25-2.1.el4_7.4.x86_64.rpm
netpbm-devel-10.25-2.1.el4_7.4.x86_64.rpm
netpbm-progs-10.25-2.1.el4_7.4.x86_64.rpm

SL 5.x

      SRPMS:
netpbm-10.35-6.1.el5_3.1.src.rpm
      i386:
netpbm-10.35-6.1.el5_3.1.i386.rpm
netpbm-devel-10.35-6.1.el5_3.1.i386.rpm
netpbm-progs-10.35-6.1.el5_3.1.i386.rpm
      x86_64:
netpbm-10.35-6.1.el5_3.1.i386.rpm
netpbm-10.35-6.1.el5_3.1.x86_64.rpm
netpbm-devel-10.35-6.1.el5_3.1.i386.rpm
netpbm-devel-10.35-6.1.el5_3.1.x86_64.rpm
netpbm-progs-10.35-6.1.el5_3.1.x86_64.rpm

-Connie Sieh
-Troy Dawson