Debian: New xpdf packages fix arbitrary code execution

    Date27 Jan 2006
    CategoryDebian
    3345
    Posted ByJoe Shakespeare
    "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 931-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    January 9th, 2006                       http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : xpdf
    Vulnerability  : buffer overflows
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CAN-2005-3191 CAN-2005-3192 CAN-2005-3193 CVE-2005-3624
                     CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
    Debian Bug     : 342281
    
    "infamous41md" and Chris Evans discovered several heap based buffer
    overflows in xpdf, the Portable Document Format (PDF) suite, that can
    lead to a denial of service by crashing the application or possibly to
    the execution of arbitrary code.
    
    For the old stable distribution (woody) these problems have been fixed in
    version 1.00-3.8.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 3.00-13.4.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 3.01-4.
    
    We recommend that you upgrade your xpdf package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.dsc
          Size/MD5 checksum:      706 f8091cb4e0b0c7baa8ccc4ee75a50699
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.diff.gz
          Size/MD5 checksum:    11832 ab0665a0fa767785037ceff313cbc1b3
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
          Size/MD5 checksum:   397750 81f3c381cef729e4b6f4ce21cf5bbf3c
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.8_all.deb
          Size/MD5 checksum:    38826 43072ed4680dab2c7d68eec7b3f7c45a
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8_all.deb
          Size/MD5 checksum:     1286 7bd55048fc7aab6c9c35f65d472932da
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_alpha.deb
          Size/MD5 checksum:   571434 7be66f32548c87a66c2353d976a99c36
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_alpha.deb
          Size/MD5 checksum:  1046964 c83387b2ce2c92faa2cbbc86f2d9a9a8
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_arm.deb
          Size/MD5 checksum:   487502 655007df84b968ec59de01638b77f0b8
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_arm.deb
          Size/MD5 checksum:   887368 a2d7e4052bf2a5c4a495c4e45dedf89b
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_i386.deb
          Size/MD5 checksum:   449748 0ae0c17cc4624b254b2aeac09c995d6f
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_i386.deb
          Size/MD5 checksum:   828498 530637087a864c6def87e31283bdeceb
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_ia64.deb
          Size/MD5 checksum:   683068 19ecb0905f8636e67bf7238c10f59ad5
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_ia64.deb
          Size/MD5 checksum:  1230046 ed52eb1ba803c65bed5b9b82ec551eef
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_hppa.deb
          Size/MD5 checksum:   564570 e375463f1a090ee04616a2a28d074792
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_hppa.deb
          Size/MD5 checksum:  1034076 c7baa8decb624ae001b8325c426c3e83
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_m68k.deb
          Size/MD5 checksum:   427756 e516e992cf634de082e9261fec596417
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_m68k.deb
          Size/MD5 checksum:   795168 5315ec1734af63b31df537992fd575d7
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mips.deb
          Size/MD5 checksum:   555626 38b3797dc8685b374bfa4d5b8310e002
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mips.deb
          Size/MD5 checksum:  1017302 f1420c53961b3574c404e3dcee80e633
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mipsel.deb
          Size/MD5 checksum:   546712 be27f108ed722e04bee9473fb463a749
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mipsel.deb
          Size/MD5 checksum:   999554 d8983b16cb67d5b5da734e8a166079b1
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_powerpc.deb
          Size/MD5 checksum:   470466 c90999ac3ffef0f1ca9907ec0c52e8ca
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_powerpc.deb
          Size/MD5 checksum:   860678 1b79e9b04f6b86cee3365c27c99b8c8a
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_s390.deb
          Size/MD5 checksum:   430408 09493b1bae3177137a922adbaee7af25
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_s390.deb
          Size/MD5 checksum:   786644 98062cef2cfd5f78eba94f92f7ffc7ec
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_sparc.deb
          Size/MD5 checksum:   444146 9bb3e73108672a45c87eb172b30b645e
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_sparc.deb
          Size/MD5 checksum:   810204 53735cf450d1ff09449dd4e744e31f4a
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.dsc
          Size/MD5 checksum:      781 df2be00a261c47ed25cbf00bdcefcc32
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.diff.gz
          Size/MD5 checksum:    50734 3018a9155bbcf704f47132bbefddd5b5
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
          Size/MD5 checksum:   534697 95294cef3031dd68e65f331e8750b2c2
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.4_all.deb
          Size/MD5 checksum:    56504 333976022e4bd6b1a241844231f2db30
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4_all.deb
          Size/MD5 checksum:     1284 1b077a992654b8df5727d844deb84e0c
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_alpha.deb
          Size/MD5 checksum:   802112 93e96a4213f4966d8c0bb2c1e34b572d
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_alpha.deb
          Size/MD5 checksum:  1528190 5db2e3cd7ab5f2865d5303163c3d08a7
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_amd64.deb
          Size/MD5 checksum:   667754 df5e85b58bcb2f7b86837e7a79b745f9
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_amd64.deb
          Size/MD5 checksum:  1273734 5554c8f473a892cc8478f50bc1dd96dd
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_arm.deb
          Size/MD5 checksum:   674458 b419a39cb5b1bbaefe52c51f163913d5
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_arm.deb
          Size/MD5 checksum:  1279040 fe5af7d7209bb14e865404ea695a6df3
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_i386.deb
          Size/MD5 checksum:   656804 e319b835c10f76ad7946b74da24ba1bf
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_i386.deb
          Size/MD5 checksum:  1242164 731e556748f3f84465bd6537462fde03
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_ia64.deb
          Size/MD5 checksum:   950974 fe4f3be5aa05772806309faaa3847db3
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_ia64.deb
          Size/MD5 checksum:  1801950 27c19b5813e7d2aa34aca9847c277b40
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_hppa.deb
          Size/MD5 checksum:   832646 a2504b353573d384d443e923782775f1
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_hppa.deb
          Size/MD5 checksum:  1580478 72266677b36f9ec9ab2c2bcac1dfe7ac
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_m68k.deb
          Size/MD5 checksum:   585736 e1331547251b0d5eba96c68e6665abf2
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_m68k.deb
          Size/MD5 checksum:  1116746 46d969a98302c1b49b5e9a355047adfc
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mips.deb
          Size/MD5 checksum:   807800 d1acd349bc0a932ea3467db9796919f5
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mips.deb
          Size/MD5 checksum:  1524848 685d65d2a07676b55fa3abd8505018a9
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mipsel.deb
          Size/MD5 checksum:   798090 18503fbab79be783005bed35d4cdb02d
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mipsel.deb
          Size/MD5 checksum:  1503796 aaa4b1de4370d52cc2b3e595542f82c3
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_powerpc.deb
          Size/MD5 checksum:   694126 08e64354f30b1bd573092925b894c77f
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_powerpc.deb
          Size/MD5 checksum:  1313048 5f39d0ffe44186db884a7c1115704666
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_s390.deb
          Size/MD5 checksum:   630774 8b48412164ae96066c61399a5c7b3cd7
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_s390.deb
          Size/MD5 checksum:  1198670 6b837427a05f0b19630197183c9c50f1
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_sparc.deb
          Size/MD5 checksum:   626394 0bbb59b11b9d11f9129fbd475e3ab186
        http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_sparc.deb
          Size/MD5 checksum:  1181726 a523c04a7ae1c3b8fc24c29f46d3c589
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.