This is not public until February 28th 2003
During an audit of the NetPBM library, Al Viro and Alan Cox found a number
of bugs that are potentially exploitable. These bugs could be exploited by
creating a carefully crafted image in such a way that it executes arbitrary
code when it is processed by either an application from the netpbm-progs
package or an application that uses the vulnerable netpbm library.
One way that an attacker could exploit these vulnerabilities would be to
submit a carefully crafted image to be printed, as the LPRng print spooler
used by default in Red Hat Linux releases uses netpbm utilities to parse
various types of image files.
errata RHSA-2003:061 in progress
This was released now, right?
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.