RHEL 2.1 / 3 : netpbm (RHSA-2004:031)
Low Nessus Plugin ID 12454
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated NetPBM packages are available that fix a number of temporary file vulnerabilities in the netpbm libraries.
The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others.
A number of temporary file bugs have been found in versions of NetPBM.
These could make it possible for a local user to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0924 to this issue.
Users are advised to upgrade to the erratum packages, which contain patches from Debian that correct these bugs.
SolutionUpdate the affected netpbm, netpbm-devel and / or netpbm-progs packages.