Updated netpbm packages fix security vulnerability
Publication date: 20 Feb 2017Modification date: 20 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2579 , CVE-2017-2580 , CVE-2017-2581 , CVE-2017-2586 , CVE-2017-2587
Description
Version 10.73.07 fixes security vulnerabilities:
* Out-of-bounds write in writeRasterPbm() (CVE-2017-2581)
* Out-of-bounds read in expandCodeOntoStack() (CVE-2017-2579)
* Out-of-bounds write of heap data in addPixelToRaster() (CVE-2017-2580)
* Null pointer dereference in stringToUint (CVE-2017-2586)
* Insufficient size check of memory allocation in createCanvas()
(CVE-2017-2587)
References
- https://bugs.mageia.org/show_bug.cgi?id=20245
- http://openwall.com/lists/oss-security/2017/02/05/7
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2579
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2580
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2581
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2586
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2587
SRPMS
5/core
- netpbm-10.73.07-1.mga5