|
Family: Ubuntu Local Security Checks --> Category: infos
USN164-1 : netpbm-free vulnerability Vulnerability Scan
Vulnerability Scan Summary netpbm-free vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libnetpbm10
- libnetpbm10-dev
- libnetpbm9
- libnetpbm9-dev
- netpbm
Description :
Max Vozeler discovered that the the "pstopnm" conversion tool did not
use the -dSAFER option when calling ghostscript. This option prohibits
file operations and calling commands within PostScript code. This flaw
could be exploited by a possible hacker to execute arbitrary code if he
tricked an user (or an automatic server) into processing a specially
crafted PostScript document with pstopnm.
Solution :
Upgrade to :
- libnetpbm10-10.0-8ubuntu0.1 (Ubuntu 5.04)
- libnetpbm10-dev-10.0-8ubuntu0.1 (Ubuntu 5.04)
- libnetpbm9-10.0-8ubuntu0.1 (Ubuntu 5.04)
- libnetpbm9-dev-10.0-8ubuntu0.1 (Ubuntu 5.04)
- netpbm-10.0-8ubuntu0.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|