Bug 479016 - Rebase netpbm package for RHEL4
Rebase netpbm package for RHEL4
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: netpbm (Show other bugs)
4.7
All Linux
low Severity medium
: rc
: ---
Assigned To: Jindrich Novy
BaseOS QE
: Rebase
: 476863 (view as bug list)
Depends On:
Blocks: RHEL4u8_relnotes 476863
  Show dependency treegraph
 
Reported: 2009-01-06 10:26 EST by Petr Šplíchal
Modified: 2016-05-31 21:37 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
The netpbm package has been updated to fix the following bugs: * Several utilities shipped with netpbm did not accept files from standard input even though this method was in accordance with documentation. With this update, this issue has been resolved. * Several utilities shipped with netpbm may have crashed during processing of image files. With this update, this issue has been resolved.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-18 16:21:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Petr Šplíchal 2009-01-06 10:26:43 EST
Recent testing discovered quite many failing tools in netpbm package on RHEL4. We should rebase to the latest version to cover all these issues.
For more details see the bug 476863 and fedora bug 476989.
Comment 1 Jindrich Novy 2009-01-07 08:07:38 EST
+1 for it.

The old netpbm contains old and vulnerable libjasper. Given that a lot of work
has been done upstream with regards to implement a secure API for safe
allocations and lots of utilities were updated to use the secure API I'm all
for the rebase.

On the other hand upstream changed release policy and we get netpbm from their
stable branch, not latest one. So the rebase could be safe with minimal
regression risk.
Comment 2 RHEL Product and Program Management 2009-01-08 03:07:39 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 6 Jindrich Novy 2009-01-14 13:13:58 EST
*** Bug 476863 has been marked as a duplicate of this bug. ***
Comment 9 Radek Vokal 2009-01-22 03:59:49 EST
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code with both usage and security consequences.

Utilities that convert from and to JPEG2000 image format contained code causing these utilities to crash when processing a malicious file. These
utilities are fixed by the update.

GIF image format converting utility may crash while processing a crafted image. This utility is now fixed.

Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed.

Several utilities crash during processing of image files because of faulty code. These utilities are now fixed.
Comment 14 Murray McAllister 2009-03-24 19:56:12 EDT
Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1,9 +1,4 @@
-Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code with both usage and security consequences.
-
-Utilities that convert from and to JPEG2000 image format contained code causing these utilities to crash when processing a malicious file. These
-utilities are fixed by the update.
-
-GIF image format converting utility may crash while processing a crafted image. This utility is now fixed.
+Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code.
 
 Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed.
Comment 15 Murray McAllister 2009-03-24 19:58:35 EDT
Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1,4 +1,4 @@
-Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code.
+Multiple issues have been found in netpbm version currently shipped. It contains conversion utilities with faulty code.
 
 Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed.
Comment 17 Ryan Lerch 2009-03-26 19:36:07 EDT
Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1,5 +1,5 @@
-Multiple issues have been found in netpbm version currently shipped. It contains conversion utilities with faulty code.
+The netpbm package has been updated to fix the following bugs:  
 
-Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed.
+* Several utilities shipped with netpbm did not accept files from standard input even though this method was in accordance with documentation. With this update, this issue has been resolved.
 
-Several utilities crash during processing of image files because of faulty code. These utilities are now fixed.+* Several utilities shipped with netpbm may have crashed during processing of image files. With this update, this issue has been resolved.
Comment 20 errata-xmlrpc 2009-05-18 16:21:30 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0990.html

Note You need to log in before you can comment on or make changes to this bug.