Debian: New tetex-bin packages fix arbitrary code execution

    Date27 Jan 2006
    CategoryDebian
    4074
    Posted ByJoe Shakespeare
    "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 937-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    January 12th, 2006                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : tetex-bin
    Vulnerability  : buffer overflows
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625
                     CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
    CERT advisory  : 
    BugTraq ID     : 
    Debian Bug     : 342292
    
    "infamous41md" and Chris Evans discovered several heap based buffer
    overflows in xpdf, the Portable Document Format (PDF) suite, which is
    also present in tetex-bin, the binary files of teTeX, and which can
    lead to a denial of service by crashing the application or possibly to
    the execution of arbitrary code.
    
    For the old stable distribution (woody) these problems have been fixed in
    version 1.0.7+20011202-7.7.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 2.0.2-30sarge4.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.4.3-2 of poppler against which tetex-bin links.
    
    We recommend that you upgrade your tetex-bin package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.dsc
          Size/MD5 checksum:      874 4fe4cb1a4bb2d39afc7f92948bafe6af
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.tar.gz
          Size/MD5 checksum: 10328904 be3ba73c70f6c50637069868c56a7d9e
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_alpha.deb
          Size/MD5 checksum:    84666 14987fa20077b5ce0a10f64d0df7e25f
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_alpha.deb
          Size/MD5 checksum:    53260 7736b2f52cbdd476e8d4b8339b5d8b72
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_alpha.deb
          Size/MD5 checksum:  4569310 e5063538a36c4fd7aa514f2e8711aea0
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_arm.deb
          Size/MD5 checksum:    65270 472d8a8a0f9823eab4b57a9a95515c01
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_arm.deb
          Size/MD5 checksum:    43782 d2dde880cf11acfdaa89d51dbc3735d5
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_arm.deb
          Size/MD5 checksum:  3704454 62ecd37b4548deed4aa633083eda9e3a
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_i386.deb
          Size/MD5 checksum:    62610 b019a923fe66e306fe5864373f35e24a
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_i386.deb
          Size/MD5 checksum:    40920 f42ec41bd53e2a99315aae7f3dd5657a
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_i386.deb
          Size/MD5 checksum:  3137616 24d0d5e485fd32f004aba99607d5b267
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_ia64.deb
          Size/MD5 checksum:    89722 3ff4685d8757f3f34f69d1d3038b99ee
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_ia64.deb
          Size/MD5 checksum:    63476 2d5255d1a7e38287f68692f0fe5dd171
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_ia64.deb
          Size/MD5 checksum:  5599966 6cd21572aad64c291f728cfd8ddf5753
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_hppa.deb
          Size/MD5 checksum:    79344 6cd09b3241459a76bc333ec2cca26eb3
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_hppa.deb
          Size/MD5 checksum:    49540 042b7d2e4889fbed4165d86e3841c396
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_hppa.deb
          Size/MD5 checksum:  4107634 2253868a707890f55508be0a8d2b5084
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_m68k.deb
          Size/MD5 checksum:    61938 328fa7a34388dbdd0bf3d77199f46e83
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_m68k.deb
          Size/MD5 checksum:    41538 6e3a03abbf8382b2aaed4abc95115e34
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_m68k.deb
          Size/MD5 checksum:  2923636 fcd6d90ba74b613de76fd32834c2f250
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mips.deb
          Size/MD5 checksum:    75074 410d60865596a9e67e0dc721b703610e
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mips.deb
          Size/MD5 checksum:    42556 9a09bb7af1668ce16cee128f67d2da50
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mips.deb
          Size/MD5 checksum:  3941504 a6f1b0d37fc2f6dcbfd9d6c245551cf1
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mipsel.deb
          Size/MD5 checksum:    74864 db91b18d0295fd07a1771f0fdc910730
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mipsel.deb
          Size/MD5 checksum:    42760 293b2e9ea53c8664208b4eaa5d7d038b
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mipsel.deb
          Size/MD5 checksum:  3899710 d160c22beba8a431496557b59218ebee
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_powerpc.deb
          Size/MD5 checksum:    73944 edc0023d5a5f6c7810e5e39518e9075c
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_powerpc.deb
          Size/MD5 checksum:    45460 1fa491c88047f14874e162129943a0f2
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_powerpc.deb
          Size/MD5 checksum:  3588892 ec0621101b8f88a8e6886611f476a23b
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_s390.deb
          Size/MD5 checksum:    64262 f8383550467d7d3f0dddb35694b4b453
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_s390.deb
          Size/MD5 checksum:    43938 dc3005de68ffb1f120af9b98a4138ad7
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_s390.deb
          Size/MD5 checksum:  3441798 30d05314a39832a47b3b91f900e78d10
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_sparc.deb
          Size/MD5 checksum:    70704 dc6dd4572fe8dc8d79d645190dd5b9e8
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_sparc.deb
          Size/MD5 checksum:    48910 cfe4a6905dbd392494d200a64240604d
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_sparc.deb
          Size/MD5 checksum:  3599016 000aa70472574b64334c612e8dc6f79b
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.dsc
          Size/MD5 checksum:     1004 983ccc6f8176a0beedda5df8a06e3537
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.diff.gz
          Size/MD5 checksum:   154375 3d72a9201f38d2dde021df25b6e1649c
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
          Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_alpha.deb
          Size/MD5 checksum:    89842 6de1e46a20510337254c069cec4d8590
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_alpha.deb
          Size/MD5 checksum:    65424 ceb0f7a0bba00d19b0e787d465ccfe2d
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_alpha.deb
          Size/MD5 checksum:  5135466 f1ee07be1b52761c5c421252e69b5fec
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_amd64.deb
          Size/MD5 checksum:    72772 c7912ef834249631873ca38061306b32
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_amd64.deb
          Size/MD5 checksum:    61922 7601e110af324ee3cb90aec31c1a2c4b
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_amd64.deb
          Size/MD5 checksum:  4356908 4fd1dd53475b92b7d3ded8bc23a84d23
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_arm.deb
          Size/MD5 checksum:    67808 ee9b99d5159d1651f6a29768b4cf0854
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_arm.deb
          Size/MD5 checksum:    58142 48e671e8b106b363d8761b3d20acc5ec
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_arm.deb
          Size/MD5 checksum:  4300642 c8049249d1904b75c38081129bc5467e
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_i386.deb
          Size/MD5 checksum:    66218 d349881df541b5f7383e5a5390ac238a
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_i386.deb
          Size/MD5 checksum:    59176 81412a2ee64924929205b718813970bb
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_i386.deb
          Size/MD5 checksum:  3939522 fe9e13180506bb76b073be1e289d214e
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_ia64.deb
          Size/MD5 checksum:    89822 abc527d1eccb607d0731be6200352e75
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_ia64.deb
          Size/MD5 checksum:    73492 b7ba1d9e84583256f33a1c5abe76162e
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_ia64.deb
          Size/MD5 checksum:  5909228 984e273287f9d5dbee2e8310ab43ae69
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_hppa.deb
          Size/MD5 checksum:    78310 0e86d99930bf65fdc9c3479089a6a20b
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_hppa.deb
          Size/MD5 checksum:    66644 21cab5ff1f28857f08b1771de7c3f461
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_hppa.deb
          Size/MD5 checksum:  4612710 fdab445f3c33ae90180d3c834044fc40
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_m68k.deb
          Size/MD5 checksum:    63502 78c53919dcfe97aedbc80b1fc887e204
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_m68k.deb
          Size/MD5 checksum:    58736 69a55de426d9e122adc441b26c9bb062
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_m68k.deb
          Size/MD5 checksum:  3600916 b05f9a5118f7028e5c437c5749bfe79f
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mips.deb
          Size/MD5 checksum:    75558 6449710e39b1ebad2c982bcad599e7f0
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mips.deb
          Size/MD5 checksum:    59190 d1fa5b3b77fd4a24d1bc65fb5bce6a90
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mips.deb
          Size/MD5 checksum:  4602728 8454c9ddb3922c981e8d5cc5bf59ad1e
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mipsel.deb
          Size/MD5 checksum:    75546 7bbac980fa4a95d71ebd4de2fe2b2b5b
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mipsel.deb
          Size/MD5 checksum:    59430 ea2fd76fbc73cad63efef3b939c89aa1
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mipsel.deb
          Size/MD5 checksum:  4559108 fc52f040b130e7954230cffdd91d1145
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_powerpc.deb
          Size/MD5 checksum:    74904 8a3d0d1292f0978eab3b39d6f96a97e9
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_powerpc.deb
          Size/MD5 checksum:    63372 09c6961bbf8e5280ab1f618dd443106c
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_powerpc.deb
          Size/MD5 checksum:  4382198 62e8dec6600f7fdcee4e11bc29258766
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_s390.deb
          Size/MD5 checksum:    71844 48a4bded5ebdb5719f5b72fc0bb4ea60
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_s390.deb
          Size/MD5 checksum:    63614 9fdebe54556dba9bb6fd3cdd5bab2034
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_s390.deb
          Size/MD5 checksum:  4269024 36f0cf0d6f8f73f569af231b7b47c53e
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_sparc.deb
          Size/MD5 checksum:    70022 7cfdf14b376e0249ae24bb77fb1ae73a
        http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_sparc.deb
          Size/MD5 checksum:    60990 f25104fe0c734c162f75876bdaf797aa
        http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_sparc.deb
          Size/MD5 checksum:  4156948 a5ae0e1018b2ddc41de89accf9aa10d6
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.