Bug 479016
Summary: | Rebase netpbm package for RHEL4 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Petr Šplíchal <psplicha> |
Component: | netpbm | Assignee: | Jindrich Novy <jnovy> |
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE <qe-baseos-auto> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 4.7 | CC: | mmcallis, ohudlick, pknirsch, rlerch, rvokal |
Target Milestone: | rc | Keywords: | Rebase |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Rebase: Bug Fixes and Enhancements | |
Doc Text: |
The netpbm package has been updated to fix the following bugs:
* Several utilities shipped with netpbm did not accept files from standard input even though this method was in accordance with documentation. With this update, this issue has been resolved.
* Several utilities shipped with netpbm may have crashed during processing of image files. With this update, this issue has been resolved.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2009-05-18 20:21:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 458752, 476863 |
Description
Petr Šplíchal
2009-01-06 15:26:43 UTC
+1 for it. The old netpbm contains old and vulnerable libjasper. Given that a lot of work has been done upstream with regards to implement a secure API for safe allocations and lots of utilities were updated to use the secure API I'm all for the rebase. On the other hand upstream changed release policy and we get netpbm from their stable branch, not latest one. So the rebase could be safe with minimal regression risk. This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?". *** Bug 476863 has been marked as a duplicate of this bug. *** Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code with both usage and security consequences. Utilities that convert from and to JPEG2000 image format contained code causing these utilities to crash when processing a malicious file. These utilities are fixed by the update. GIF image format converting utility may crash while processing a crafted image. This utility is now fixed. Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed. Several utilities crash during processing of image files because of faulty code. These utilities are now fixed. Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,9 +1,4 @@ -Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code with both usage and security consequences. - -Utilities that convert from and to JPEG2000 image format contained code causing these utilities to crash when processing a malicious file. These -utilities are fixed by the update. - -GIF image format converting utility may crash while processing a crafted image. This utility is now fixed. +Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code. Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed. Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,4 +1,4 @@ -Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code. +Multiple issues have been found in netpbm version currently shipped. It contains conversion utilities with faulty code. Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed. Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,5 +1,5 @@ -Multiple issues have been found in netpbm version currently shipped. It contains conversion utilities with faulty code. +The netpbm package has been updated to fix the following bugs: -Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed. +* Several utilities shipped with netpbm did not accept files from standard input even though this method was in accordance with documentation. With this update, this issue has been resolved. -Several utilities crash during processing of image files because of faulty code. These utilities are now fixed.+* Several utilities shipped with netpbm may have crashed during processing of image files. With this update, this issue has been resolved. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0990.html |