---

Advisories, March 28, 2006


Debian Security Advisory DSA 1021-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
March 28th, 2006 http://www.debian.org/security/faq


Package : netpbm-free
Vulnerability : insecure program execution
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2005-2471
Debian Bug : 319757

Max Vozeler from the Debian Audit Project discovered that
pstopnm, a converter from Postscript to the PBM, PGM and PNM
formats, launches Ghostscript in an insecure manner, which might
lead to the execution of arbitrary shell commands, when converting
specially crafted Postscript files.

For the old stable distribution (woody) this problem has been
fixed in version 9.20-8.6.

For the stable distribution (sarge) this problem has been fixed
in version 10.0-8sarge3.

For the unstable distribution (sid) this problem has been fixed
in version 10.0-9.

We recommend that you upgrade your netpbm package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.dsc

      Size/MD5 checksum: 664
4d28f633be81630bd2845aff41590abb
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.diff.gz

      Size/MD5 checksum: 53735
721ed5b2af8111f48d0ffab313fece69
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz

      Size/MD5 checksum: 1882851
0f153116c21bc7d2e167e574a486c22f

Alpha architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_alpha.deb

      Size/MD5 checksum: 77934
e2e0bb84761a35a46b2a0db57a145646
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_alpha.deb

      Size/MD5 checksum: 135660
afc6e169bced434e661835106c597f64
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_alpha.deb

      Size/MD5 checksum: 1414088
692774770e3aac3a165e45b62f466623

ARM architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_arm.deb

      Size/MD5 checksum: 64334
f61ca7f799f0fb20461d4d6b4e6ea946
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_arm.deb

      Size/MD5 checksum: 125684
1f11e24c409c3e5128383587483ce236
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_arm.deb

      Size/MD5 checksum: 1128062
6b5f3f419ee8d9f07cbc1e557adc89c2

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_i386.deb

      Size/MD5 checksum: 62644
7f3ece42e96b1ec7a5b52638580788e9
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_i386.deb

      Size/MD5 checksum: 103602
45e47348eff9e48f9687363d9733fe41
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_i386.deb

      Size/MD5 checksum: 1078848
55877f41a6b4aa14072de2356e192c5c

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_ia64.deb

      Size/MD5 checksum: 96688
782325e8e697a8a4e9ea79dfc345018d
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_ia64.deb

      Size/MD5 checksum: 170642
5292926ad4b91df8310b0430e97b051d
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_ia64.deb

      Size/MD5 checksum: 1608894
c4c511f5dd7a23e26e8788c9b6f7701d

HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_hppa.deb

      Size/MD5 checksum: 84104
d5ab411020701cb2eb869497435d507f
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_hppa.deb

      Size/MD5 checksum: 123122
d67f46ae8c79acbd7a572999b4909d13
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_hppa.deb

      Size/MD5 checksum: 1337970
d939151b2a783d3c89c009330e5bc491

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_m68k.deb

      Size/MD5 checksum: 62236
c2a234c3dfb2f0aa4fe8f139c21d11d1
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_m68k.deb

      Size/MD5 checksum: 102440
3bd3b1f2d960d1689f7e06676ee4ad07
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_m68k.deb

      Size/MD5 checksum: 1016786
1e08722ae46252fdba678f4d28bdac7a

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mips.deb

      Size/MD5 checksum: 67080
7988f7d23d859a04d0a42dcdb57e2370
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mips.deb

      Size/MD5 checksum: 123652
6f7b169efe40754df02ac1ffe4f5bc86
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mips.deb

      Size/MD5 checksum: 1180936
721c0e7e0c8bef40ff9b83aa9533f823

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mipsel.deb

      Size/MD5 checksum: 66914
b1d80946941c3306f5aa8b0262aae87d
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mipsel.deb

      Size/MD5 checksum: 123740
e5dff11f31132d4f0b808ceb8629ea3f
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mipsel.deb

      Size/MD5 checksum: 1180002
553799f08fab46c8789467103daed1a7

PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_powerpc.deb

      Size/MD5 checksum: 69122
96ffb9c4f60901d822ecb005ed24994e
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_powerpc.deb

      Size/MD5 checksum: 118036
56d9b95e050f7b2cb4c014806032e150
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_powerpc.deb

      Size/MD5 checksum: 1153944
c308b576e056202af50e1e49052ae994

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_s390.deb

      Size/MD5 checksum: 66876
82a3e0716816282db92f24a5798b570e
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_s390.deb

      Size/MD5 checksum: 116214
8d1a403a99823b689fce638c5c5bc0a8
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_s390.deb

      Size/MD5 checksum: 1130592
ac158fbc6f38cf55e0ed0f779a688850

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_sparc.deb

      Size/MD5 checksum: 65482
0d710f633cd9baf5172149ad9902ae20
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_sparc.deb

      Size/MD5 checksum: 118780
63fe4c0bbfdac11772170184c27d2f30
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_sparc.deb

      Size/MD5 checksum: 1435764
fd632f3008eac5b07759b8e811704bd4

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.dsc

      Size/MD5 checksum: 751
9bb07cc5b5f1dc68e673fc4d634ea47a
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.diff.gz

      Size/MD5 checksum: 46144
e647ebd57851ee4143f1a323847972fa
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz

      Size/MD5 checksum: 1926538
985e9f6d531ac0b2004f5cbebdeea87d

Alpha architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_alpha.deb

      Size/MD5 checksum: 82754
0dcf5824a2cac073efc3e0fe23d1d169
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_alpha.deb

      Size/MD5 checksum: 146060
f9968efb1999ec81f46bf5f3f7d9c1a2
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_alpha.deb

      Size/MD5 checksum: 91676
9144928b38ea7e7cd6690891b6d45e15
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_alpha.deb

      Size/MD5 checksum: 146468
9121761edebde4bbc5e52d2136132539
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_alpha.deb

      Size/MD5 checksum: 1594994
e6ce747f3430efa7a397080719ac5342

AMD64 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_amd64.deb

      Size/MD5 checksum: 68838
9de4acc90dfea3a2151be1294cded32c
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_amd64.deb

      Size/MD5 checksum: 118074
d1818d1fa6b50b2cca67b0d386a2d448
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_amd64.deb

      Size/MD5 checksum: 77218
f461a1534155d14d088d1a35cf94ca55
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_amd64.deb

      Size/MD5 checksum: 118470
d8ba27472d84604d44ec62980383e228
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_amd64.deb

      Size/MD5 checksum: 1277544
95d31444582a35c1bec3b3de390175a5

ARM architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_arm.deb

      Size/MD5 checksum: 61906
c45a373869757a78a2dc56850d052bec
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_arm.deb

      Size/MD5 checksum: 114730
9d22f8d0d825f4cc46c2d42d371af074
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_arm.deb

      Size/MD5 checksum: 68990
1d3572760f38724c2827e1c89abfc633
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_arm.deb

      Size/MD5 checksum: 115128
7dd9c69212c671887ba327f1c9329845
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_arm.deb

      Size/MD5 checksum: 1226748
c4af4638688cd84e0375d8df116ab82f

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_i386.deb

      Size/MD5 checksum: 65044
b1bc6d245794ac7e5a309412fdd16ee1
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_i386.deb

      Size/MD5 checksum: 110616
04ddd06a3123a5c845097999aa2a1ee0
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_i386.deb

      Size/MD5 checksum: 72126
08703104d2bb7c079b49f5882f0d857e
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_i386.deb

      Size/MD5 checksum: 110794
0f222a569c99875b8a57ad67aaf8ba5a
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_i386.deb

      Size/MD5 checksum: 1199592
f188e9a9b2a51ef9b14821b449a32762

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_ia64.deb

      Size/MD5 checksum: 96562
1c13844f22a43bd0a3c6bbc513077f44
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_ia64.deb

      Size/MD5 checksum: 154744
7c2ee1187e81edab894946e915e72ea3
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_ia64.deb

      Size/MD5 checksum: 107300
6be0ca5d5ab077bb835512a71a043fb0
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_ia64.deb

      Size/MD5 checksum: 155086
25b6bdb1b24d2cd3ed72b769ef3ad86e
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_ia64.deb

      Size/MD5 checksum: 1816682
af1cc6c400e6886fc54586f032fd0598

HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_hppa.deb

      Size/MD5 checksum: 78046
a0e4c45e15e6fab90cfdec4dc390c5fd
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_hppa.deb

      Size/MD5 checksum: 128158
1b0773fce61c13522212db7ebf539a71
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_hppa.deb

      Size/MD5 checksum: 88692
e58e427d27e4a44b4716236f5aec9c12
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_hppa.deb

      Size/MD5 checksum: 128598
98c093ab671f3bab24f268b3c7585264
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_hppa.deb

      Size/MD5 checksum: 1410222
0ba110fa378d121d062de06d408b16b6

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_m68k.deb

      Size/MD5 checksum: 62368
a45755f99286e6bb6b91a2bb1714b110
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_m68k.deb

      Size/MD5 checksum: 105462
6f055c7c83c58e9bad393d7bf7843f58
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_m68k.deb

      Size/MD5 checksum: 69684
cbc9edf8df5dff5eb8b36ea616ad5614
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_m68k.deb

      Size/MD5 checksum: 105692
c4e0a32abb85a0163a5c4dbff72aeb08
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_m68k.deb

      Size/MD5 checksum: 1119318
46439a0c83a1f5ffec00d0c059bdcd28

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mips.deb

      Size/MD5 checksum: 68774
ef59d0b8df5cf4f6169ffbbcafe48c4f
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mips.deb

      Size/MD5 checksum: 120088
36a96b933b8c3402c30e0a88193cfd91
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mips.deb

      Size/MD5 checksum: 75586
5ac797c97977f0ff5b88c3adea415161
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mips.deb

      Size/MD5 checksum: 120448
efe1caff0de74873bcc3f963fa9ec96f
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mips.deb

      Size/MD5 checksum: 1671220
2930529698c1278308e5b303b53d8fb1

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mipsel.deb

      Size/MD5 checksum: 68478
7b3096ec24ce3c48e9f3dd2a0c361db5
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mipsel.deb

      Size/MD5 checksum: 120198
8b1fab1594d00bf345381c140118ff75
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mipsel.deb

      Size/MD5 checksum: 75248
a4a4ece604f1c66ec869b144f7ae85ac
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mipsel.deb

      Size/MD5 checksum: 120512
4852a2d6bddfb862adc3a316a779fb9d
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mipsel.deb

      Size/MD5 checksum: 1678132
9af4d1f2951bc3893e3324d9eddff6e5

PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_powerpc.deb

      Size/MD5 checksum: 71218
76d6b6f4cf2c8a158d335f6e54c23e05
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_powerpc.deb

      Size/MD5 checksum: 123644
35c5e119de071196c444e3be4477a4ca
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_powerpc.deb

      Size/MD5 checksum: 83410
99b0eb7540481c0c6df768a845efe230
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_powerpc.deb

      Size/MD5 checksum: 123942
09ab06bb83a6c99cb798651ed2e7e608
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_powerpc.deb

      Size/MD5 checksum: 1521484
4a8459e40d8fb2abe1d995653ff21a11

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_s390.deb

      Size/MD5 checksum: 70518
4445977f65a5cae98c0865cada636133
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_s390.deb

      Size/MD5 checksum: 115276
86542c64b14be55f44cccf3c4000ed53
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_s390.deb

      Size/MD5 checksum: 77694
aee811d396c593dddbb7e419cfa54a69
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_s390.deb

      Size/MD5 checksum: 115734
1bdb57b109389b24e74b8e4ced024a4c
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_s390.deb

      Size/MD5 checksum: 1256970
cf95c5fe46657084c6d57d3280577b1b

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_sparc.deb

      Size/MD5 checksum: 67822
77ebd64234266c031a4ef3d7224bd0eb
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_sparc.deb

      Size/MD5 checksum: 117370
578ee01c401f5e431b94a1f313c1563c
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_sparc.deb

      Size/MD5 checksum: 74580
5ccffb3fab23b591c9ef2356492f5e10
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_sparc.deb

      Size/MD5 checksum: 117754
30fcb12a7d466a46854963d7d5e1233b
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_sparc.deb

      Size/MD5 checksum: 1279526
9fd316722e0358d32b3e5d4cd616f4df

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis