|
Family: Debian Local Security Checks --> Category: infos
[DSA1021] DSA-1021-1 netpbm-free Vulnerability Scan
Vulnerability Scan Summary DSA-1021-1 netpbm-free
Detailed Explanation for this Vulnerability Test
Max Vozeler from the Debian Audit Project discovered that pstopnm, a
converter from Postscript to the PBM, PGM and PNM formats, launches
Ghostscript in an insecure manner, which might lead to the execution
of arbitrary shell commands, when converting specially crafted Postscript
files.
For the old stable distribution (woody) this problem has been fixed in
version 9.20-8.6.
For the stable distribution (sarge) this problem has been fixed in
version 10.0-8sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 10.0-9.
We recommend that you upgrade your netpbm package.
Solution : http://www.debian.org/security/2006/dsa-1021
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|