Debian Security Advisory DSA 1021-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
March 28th, 2006 http://www.debian.org/security/faq
Package : netpbm-free
Vulnerability : insecure program execution
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2005-2471
Debian Bug : 319757
Max Vozeler from the Debian Audit Project discovered that
pstopnm, a converter from Postscript to the PBM, PGM and PNM
formats, launches Ghostscript in an insecure manner, which might
lead to the execution of arbitrary shell commands, when converting
specially crafted Postscript files.
For the old stable distribution (woody) this problem has been
fixed in version 9.20-8.6.
For the stable distribution (sarge) this problem has been fixed
in version 10.0-8sarge3.
For the unstable distribution (sid) this problem has been fixed
in version 10.0-9.
We recommend that you upgrade your netpbm package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.dsc
Size/MD5 checksum: 664
4d28f633be81630bd2845aff41590abb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.diff.gz
Size/MD5 checksum: 53735
721ed5b2af8111f48d0ffab313fece69
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
Size/MD5 checksum: 1882851
0f153116c21bc7d2e167e574a486c22f
Alpha architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_alpha.deb
Size/MD5 checksum: 77934
e2e0bb84761a35a46b2a0db57a145646
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_alpha.deb
Size/MD5 checksum: 135660
afc6e169bced434e661835106c597f64
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_alpha.deb
Size/MD5 checksum: 1414088
692774770e3aac3a165e45b62f466623
ARM architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_arm.deb
Size/MD5 checksum: 64334
f61ca7f799f0fb20461d4d6b4e6ea946
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_arm.deb
Size/MD5 checksum: 125684
1f11e24c409c3e5128383587483ce236
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_arm.deb
Size/MD5 checksum: 1128062
6b5f3f419ee8d9f07cbc1e557adc89c2
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_i386.deb
Size/MD5 checksum: 62644
7f3ece42e96b1ec7a5b52638580788e9
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_i386.deb
Size/MD5 checksum: 103602
45e47348eff9e48f9687363d9733fe41
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_i386.deb
Size/MD5 checksum: 1078848
55877f41a6b4aa14072de2356e192c5c
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_ia64.deb
Size/MD5 checksum: 96688
782325e8e697a8a4e9ea79dfc345018d
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_ia64.deb
Size/MD5 checksum: 170642
5292926ad4b91df8310b0430e97b051d
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_ia64.deb
Size/MD5 checksum: 1608894
c4c511f5dd7a23e26e8788c9b6f7701d
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_hppa.deb
Size/MD5 checksum: 84104
d5ab411020701cb2eb869497435d507f
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_hppa.deb
Size/MD5 checksum: 123122
d67f46ae8c79acbd7a572999b4909d13
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_hppa.deb
Size/MD5 checksum: 1337970
d939151b2a783d3c89c009330e5bc491
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_m68k.deb
Size/MD5 checksum: 62236
c2a234c3dfb2f0aa4fe8f139c21d11d1
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_m68k.deb
Size/MD5 checksum: 102440
3bd3b1f2d960d1689f7e06676ee4ad07
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_m68k.deb
Size/MD5 checksum: 1016786
1e08722ae46252fdba678f4d28bdac7a
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mips.deb
Size/MD5 checksum: 67080
7988f7d23d859a04d0a42dcdb57e2370
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mips.deb
Size/MD5 checksum: 123652
6f7b169efe40754df02ac1ffe4f5bc86
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mips.deb
Size/MD5 checksum: 1180936
721c0e7e0c8bef40ff9b83aa9533f823
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mipsel.deb
Size/MD5 checksum: 66914
b1d80946941c3306f5aa8b0262aae87d
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mipsel.deb
Size/MD5 checksum: 123740
e5dff11f31132d4f0b808ceb8629ea3f
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mipsel.deb
Size/MD5 checksum: 1180002
553799f08fab46c8789467103daed1a7
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_powerpc.deb
Size/MD5 checksum: 69122
96ffb9c4f60901d822ecb005ed24994e
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_powerpc.deb
Size/MD5 checksum: 118036
56d9b95e050f7b2cb4c014806032e150
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_powerpc.deb
Size/MD5 checksum: 1153944
c308b576e056202af50e1e49052ae994
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_s390.deb
Size/MD5 checksum: 66876
82a3e0716816282db92f24a5798b570e
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_s390.deb
Size/MD5 checksum: 116214
8d1a403a99823b689fce638c5c5bc0a8
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_s390.deb
Size/MD5 checksum: 1130592
ac158fbc6f38cf55e0ed0f779a688850
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_sparc.deb
Size/MD5 checksum: 65482
0d710f633cd9baf5172149ad9902ae20
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_sparc.deb
Size/MD5 checksum: 118780
63fe4c0bbfdac11772170184c27d2f30
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_sparc.deb
Size/MD5 checksum: 1435764
fd632f3008eac5b07759b8e811704bd4
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.dsc
Size/MD5 checksum: 751
9bb07cc5b5f1dc68e673fc4d634ea47a
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.diff.gz
Size/MD5 checksum: 46144
e647ebd57851ee4143f1a323847972fa
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5 checksum: 1926538
985e9f6d531ac0b2004f5cbebdeea87d
Alpha architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 82754
0dcf5824a2cac073efc3e0fe23d1d169
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 146060
f9968efb1999ec81f46bf5f3f7d9c1a2
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 91676
9144928b38ea7e7cd6690891b6d45e15
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 146468
9121761edebde4bbc5e52d2136132539
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 1594994
e6ce747f3430efa7a397080719ac5342
AMD64 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 68838
9de4acc90dfea3a2151be1294cded32c
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 118074
d1818d1fa6b50b2cca67b0d386a2d448
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 77218
f461a1534155d14d088d1a35cf94ca55
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 118470
d8ba27472d84604d44ec62980383e228
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 1277544
95d31444582a35c1bec3b3de390175a5
ARM architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_arm.deb
Size/MD5 checksum: 61906
c45a373869757a78a2dc56850d052bec
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_arm.deb
Size/MD5 checksum: 114730
9d22f8d0d825f4cc46c2d42d371af074
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_arm.deb
Size/MD5 checksum: 68990
1d3572760f38724c2827e1c89abfc633
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_arm.deb
Size/MD5 checksum: 115128
7dd9c69212c671887ba327f1c9329845
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_arm.deb
Size/MD5 checksum: 1226748
c4af4638688cd84e0375d8df116ab82f
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_i386.deb
Size/MD5 checksum: 65044
b1bc6d245794ac7e5a309412fdd16ee1
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_i386.deb
Size/MD5 checksum: 110616
04ddd06a3123a5c845097999aa2a1ee0
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_i386.deb
Size/MD5 checksum: 72126
08703104d2bb7c079b49f5882f0d857e
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_i386.deb
Size/MD5 checksum: 110794
0f222a569c99875b8a57ad67aaf8ba5a
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_i386.deb
Size/MD5 checksum: 1199592
f188e9a9b2a51ef9b14821b449a32762
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 96562
1c13844f22a43bd0a3c6bbc513077f44
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 154744
7c2ee1187e81edab894946e915e72ea3
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 107300
6be0ca5d5ab077bb835512a71a043fb0
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 155086
25b6bdb1b24d2cd3ed72b769ef3ad86e
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 1816682
af1cc6c400e6886fc54586f032fd0598
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 78046
a0e4c45e15e6fab90cfdec4dc390c5fd
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 128158
1b0773fce61c13522212db7ebf539a71
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 88692
e58e427d27e4a44b4716236f5aec9c12
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 128598
98c093ab671f3bab24f268b3c7585264
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 1410222
0ba110fa378d121d062de06d408b16b6
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 62368
a45755f99286e6bb6b91a2bb1714b110
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 105462
6f055c7c83c58e9bad393d7bf7843f58
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 69684
cbc9edf8df5dff5eb8b36ea616ad5614
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 105692
c4e0a32abb85a0163a5c4dbff72aeb08
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 1119318
46439a0c83a1f5ffec00d0c059bdcd28
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mips.deb
Size/MD5 checksum: 68774
ef59d0b8df5cf4f6169ffbbcafe48c4f
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mips.deb
Size/MD5 checksum: 120088
36a96b933b8c3402c30e0a88193cfd91
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mips.deb
Size/MD5 checksum: 75586
5ac797c97977f0ff5b88c3adea415161
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mips.deb
Size/MD5 checksum: 120448
efe1caff0de74873bcc3f963fa9ec96f
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mips.deb
Size/MD5 checksum: 1671220
2930529698c1278308e5b303b53d8fb1
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 68478
7b3096ec24ce3c48e9f3dd2a0c361db5
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 120198
8b1fab1594d00bf345381c140118ff75
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 75248
a4a4ece604f1c66ec869b144f7ae85ac
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 120512
4852a2d6bddfb862adc3a316a779fb9d
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 1678132
9af4d1f2951bc3893e3324d9eddff6e5
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 71218
76d6b6f4cf2c8a158d335f6e54c23e05
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 123644
35c5e119de071196c444e3be4477a4ca
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 83410
99b0eb7540481c0c6df768a845efe230
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 123942
09ab06bb83a6c99cb798651ed2e7e608
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 1521484
4a8459e40d8fb2abe1d995653ff21a11
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_s390.deb
Size/MD5 checksum: 70518
4445977f65a5cae98c0865cada636133
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_s390.deb
Size/MD5 checksum: 115276
86542c64b14be55f44cccf3c4000ed53
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_s390.deb
Size/MD5 checksum: 77694
aee811d396c593dddbb7e419cfa54a69
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_s390.deb
Size/MD5 checksum: 115734
1bdb57b109389b24e74b8e4ced024a4c
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_s390.deb
Size/MD5 checksum: 1256970
cf95c5fe46657084c6d57d3280577b1b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 67822
77ebd64234266c031a4ef3d7224bd0eb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 117370
578ee01c401f5e431b94a1f313c1563c
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 74580
5ccffb3fab23b591c9ef2356492f5e10
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 117754
30fcb12a7d466a46854963d7d5e1233b
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 1279526
9fd316722e0358d32b3e5d4cd616f4df
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>