A new update is available for Fedora Core - [SECURITY] Fedora Core 4 Update: netpbm-10.28-1.FC4.2. Here the announcement:
Fedora Update Notification
FEDORA-2005-728
2005-08-17
---------------------------------------------------------------------
Product : Fedora Core 4
Name : netpbm
Version : 10.28
Release : 1.FC4.2
Summary : A library for handling different graphics file formats.
Description :
The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.
---------------------------------------------------------------------
Update Information:
pstopnm in netpbm does not properly use the "-dSAFER" option
when calling Ghostscript to convert a PostScript file into a
(1) PBM, (2) PGM, or (3) PNM file, which allows external
user-complicit attackers to execute arbitrary commands.
---------------------------------------------------------------------
* Tue Aug 9 2005 Jindrich Novy <jnovy@redhat.com> 10.28-1.FC4.2
- fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
c75f2c0006ab6426c1bac141ed356a48 SRPMS/netpbm-10.28-1.FC4.2.src.rpm
ca0c2e549644066eb9c7c138516835b0 ppc/netpbm-10.28-1.FC4.2.ppc.rpm
1bd1efa2ae963b6b334c872af0fd6d69 ppc/netpbm-devel-10.28-1.FC4.2.ppc.rpm
ee199a8a3564ca536fc3a913b2616b4d ppc/netpbm-progs-10.28-1.FC4.2.ppc.rpm
ea3cc0fcb9da447b0d9afa3444046578 ppc/debug/netpbm-debuginfo-10.28-1.FC4.2.ppc.rpm
cb51d09e97c1bc99a07c1fbc71c47dbb ppc/netpbm-10.28-1.FC4.2.ppc64.rpm
d0cd8297ab8834026f6869775d5da348 x86_64/netpbm-10.28-1.FC4.2.x86_64.rpm
d4693dec7263b06ed6f83fe6bc193910 x86_64/netpbm-devel-10.28-1.FC4.2.x86_64.rpm
4edf64b8929c8e9bb6519ea595bae6ec x86_64/netpbm-progs-10.28-1.FC4.2.x86_64.rpm
0b8e26bbcf2026cc9e39e553550827fc
x86_64/debug/netpbm-debuginfo-10.28-1.FC4.2.x86_64.rpm
7dfa20764e441856e3bd693649a6fd45 x86_64/netpbm-10.28-1.FC4.2.i386.rpm
7dfa20764e441856e3bd693649a6fd45 i386/netpbm-10.28-1.FC4.2.i386.rpm
21207195f92b79d9fa489b18d0d76041 i386/netpbm-devel-10.28-1.FC4.2.i386.rpm
d5be30f7bb4099ba335f77efa70448b3 i386/netpbm-progs-10.28-1.FC4.2.i386.rpm
2487ef9bc6fcd162587a3f128a2556b8 i386/debug/netpbm-debuginfo-10.28-1.FC4.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.