Mandrake Linux Security Advisory : netpbm (MDKSA-2005:133)
High Nessus Plugin ID 19892
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMax Vozeler discovered that pstopnm, a part of the netpbm graphics utility suite, would call the GhostScript interpreter on untrusted PostScript files without using the -dSAFER option when converting a PostScript file into a PBM, PGM, or PNM file. This could result in the execution of arbitrary commands with the privileges of the user running pstopnm if they could be convinced to try to convert a malicious PostScript file.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected packages.