Users login

Create an account »


Users login

Home » Security Advisories» Trustix » Kernel, netpbm multiple vulnerabilities

Kernel, netpbm multiple vulnerabilities

Multiple vulnerabilities have been fixed in kernel and netpbm. Users are advised to update their systems with this packages installed.

Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0037

Package names: kernel, netpbm
Summary: Multiple vulnerabilities
Date: 2006-06-23
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0

- --------------------------------------------------------------------------
Package description:
The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.

The netpbm package contains a library of functions which support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps) and others.

Problem description:
kernel < TSL 3.0 >
- New upstream.
- Module qlogicfc successfully replaced with qla2xxx.
- Added scsi_transport_spi to initrd module list.
- SECURITY FIX: A race condition error in the "posix-cpu-timers.c"
script that does not prevent another CPU from attaching the timer
to an exiting process, which could be exploited by attackers to
cause a denial of service.
- Flaw due to errors in "powerpc/kernel/signal_32.c" and
"powerpc/kernel/signal_32.c", which could allow userspace to
provoke a machine check on 32-bit kernels.
- An infinite loop in "netfilter/xt_sctp.c", which could be exploited
by attackers to exhaust all available memory resources, creating
a denial of service condition.

The Common Vulnerabilities and Exposures project (
has assigned the name CVE-2006-2445, CVE-2006-2448 and
CVE-2006-3085 to this issue.

netpbm < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: A vulnerability has been reported in NetPBM, caused due
to an off-by-one boundary error within "pamtofits". This can be
exploited to cause a single byte buffer overflow when processing
a specially crafted input file.

We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.

All Trustix Secure Linux updates are available from

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.

Check out our mailing lists:

This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:

The advisory itself is available from the errata pages at

or directly at

MD5sums of the packages:
- --------------------------------------------------------------------------
ae7e3694eba27ec7af20bfadc1638315 3.0/rpms/kernel-
cfbc555e5e86ba415ab094e974f2b6f2 3.0/rpms/kernel-doc-
c1423efc2597311d2b3b1a8ee38ab290 3.0/rpms/kernel-headers-
6ec505e5241a5eb46ff8b543a414c581 3.0/rpms/kernel-smp-
d49930ce1311746c267597ac746307d8 3.0/rpms/kernel-smp-headers-
02e00fa5331718396926d0a3731dfe38 3.0/rpms/kernel-source-
f41bb3d37a2c4aa544f1f6e4febaccbe 3.0/rpms/kernel-utils-
50b0ae6413722d2a1bdae33351681f91 3.0/rpms/netpbm-10.30-2tr.i586.rpm
3920883cc71f6cb001fc6af104ccc683 3.0/rpms/netpbm-devel-10.30-2tr.i586.rpm
4a18575d3cec2782273cdfd273d83cc7 3.0/rpms/netpbm-progs-10.30-2tr.i586.rpm

005b2a0731b52605636428d177347f89 2.2/rpms/netpbm-10.30-2tr.i586.rpm
f8f08954e91ea373d461baf65b0a85d1 2.2/rpms/netpbm-devel-10.30-2tr.i586.rpm
ac86b308ccf229ee6715619b38b07fac 2.2/rpms/netpbm-progs-10.30-2tr.i586.rpm
- --------------------------------------------------------------------------

Trustix Security Team

Version: GnuPG v1.4.2.2 (GNU/Linux)


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »