|
|
|
Choosing A Webhost: |
[USN-48-1] xpdf, tetex-bin vulnerabilities: msg#00012linux.ubuntu.security.announce
=========================================================== Ubuntu Security Notice USN-48-1 December 23, 2004 xpdf, tetex-bin vulnerabilities CAN-2004-1125 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: tetex-bin xpdf-reader xpdf-utils The problem can be corrected by upgrading the affected package to version 2.0.2-21ubuntu0.3 (tetex-bin) and 3.00-8ubuntu1.3 (xpdf-reader and xpdf-utils). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A potential buffer overflow has been found in the xpdf viewer. An insufficient input validation could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user's privileges. The tetex-bin package contains the affected xpdf code to generate PDF output and process included PDF files, thus is vulnerable as well. Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3.diff.gz Size/MD5: 111516 91d5121871fbc40325c64f71c52d2368 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3.dsc Size/MD5: 1062 96188950b927b1f8a1abaa020d8b2b46 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.3.diff.gz Size/MD5: 47708 301d787a7c85511fdc23fca240a8e424 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.3.dsc Size/MD5: 788 f7410eb3d47f5d0fba5e1e480018fe91 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.3_all.deb Size/MD5: 56312 1aa9d38c4a2dbd3b552762c013e91b89 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.3_all.deb Size/MD5: 1272 2ea4f0c32b5c1e521753d69c1c886d43 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.3_amd64.deb Size/MD5: 72758 29c480c72ca84511db3ed6e880874ce9 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.3_amd64.deb Size/MD5: 60046 3dcd0a9401e21f776a42987acc0dab43 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3_amd64.deb Size/MD5: 4327878 afed2656b07dfea49662560a58c8f454 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.3_amd64.deb Size/MD5: 666706 df21bfd2fedc4b4cf3a05bace8304bca http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.3_amd64.deb Size/MD5: 1270646 976e998a96fc010123d1650a3bd8dd28 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.3_i386.deb Size/MD5: 64826 41c1d3ab86254e405449381262d43e4e http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.3_i386.deb Size/MD5: 56442 8ae2437dbfa2a308ffbc59d946866714 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3_i386.deb Size/MD5: 3812642 eff8ee40905d78b281f18f64d173ea4f http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.3_i386.deb Size/MD5: 631658 d33df980b98ad9a97e78204ae4d9bbba http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.3_i386.deb Size/MD5: 1193090 24d5f6d5e263b4b5dfcc0ae1b4e91b89 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.3_powerpc.deb Size/MD5: 74900 87ff745622df30898482b18c0fd5c263 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.3_powerpc.deb Size/MD5: 61378 8930202da97da548026bfb4c7014fa56 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3_powerpc.deb Size/MD5: 4350626 4917e0611f4265352ce197cb59932fe0 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.3_powerpc.deb Size/MD5: 692858 f6a3f6c7a201455b526529f57b95ed1b http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.3_powerpc.deb Size/MD5: 1310934 b63924810ff3f14934bc6ca48f8a1a0f
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [USN-47-1] Linux kernel vulnerabilities, Martin Pitt |
|---|---|
| Next by Date: | [USN-49-1] debmake vulnerability, Martin Pitt |
| Previous by Thread: | [USN-47-1] Linux kernel vulnerabilities, Martin Pitt |
| Next by Thread: | [USN-49-1] debmake vulnerability, Martin Pitt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
