Debian: New xpdf packages fix arbitrary code exitution

    Date 17 Apr 2008
    3200
    Posted By LinuxSecurity Advisories
    Xpdf's handling of embedded fonts lacks sufficient validation and type checking. If a maliciously-crafted PDF file is opened, the vulnerability may allow the execution of arbitrary code with the privileges of the user running xpdf.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1548-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                           Devin Carraway
    April 17, 2008                        https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : xpdf
    Vulnerability  : multiple
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-1693
    
    Kees Cook discovered a vulnerability in xpdf, set set of tools for
    display and conversion of Portable Document Format (PDF) files.  The
    Common Vulnerabilities and Exposures project identifies the following
    problem:
    
    CVE-2008-1693
    
        Xpdf's handling of embedded fonts lacks sufficient validation
        and type checking.  If a maliciously-crafted PDF file is opened, 
        the vulnerability may allow the execution of arbitrary code with
        the privileges of the user running xpdf.
    
    For the stable distribution (etch), these problems have been fixed in
    version 3.01-9.1+etch3.
    
    For the unstable distribution (sid), these problems were fixed in
    version 3.02-1.2.
    
    We recommend that you upgrade your xpdf package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, powerpc, s390.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.dsc
        Size/MD5 checksum:      974 b5ae1ed7abc02a808b97f9e8b1c08e6d
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.diff.gz
        Size/MD5 checksum:    39829 8b0fe2c7568c3f82d6b3d5d4742b52d9
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz
        Size/MD5 checksum:   599778 e004c69c7dddef165d768b1362b44268
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4_all.deb
        Size/MD5 checksum:     1274 e7fcf339747f547b7519cbd1df2f9338
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch4_all.deb
        Size/MD5 checksum:    61358 7a76c4dc0a5eeb0b71fbc2807fc8ad21
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_alpha.deb
        Size/MD5 checksum:   915780 40c67cd9c1b54b2f61e783df57b9f1b0
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_alpha.deb
        Size/MD5 checksum:  1675464 0ec4308b0a7a6a9281b436b536c2b4a4
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_amd64.deb
        Size/MD5 checksum:  1480468 cc550f3994bdab8fd1534d0c00111723
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_amd64.deb
        Size/MD5 checksum:   804240 cca7233b1fe75ed2772af5d2f8e6d49d
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_arm.deb
        Size/MD5 checksum:  1458046 46b5a1a1503ad522b310ecbb8ce64bcc
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_arm.deb
        Size/MD5 checksum:   799814 97e080dec03c0393d8fee63e1a005f1d
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_hppa.deb
        Size/MD5 checksum:  1765316 5c465e20d6a5b285da773eda66c7497c
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_hppa.deb
        Size/MD5 checksum:   959886 5a5192fc84768372b5370464d646bc64
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_i386.deb
        Size/MD5 checksum:   793560 5c6a968f356623a7db8c1b88e8ef40c4
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_i386.deb
        Size/MD5 checksum:  1450746 701944ba02dbe4dd852bd22bb0ca3ab2
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_ia64.deb
        Size/MD5 checksum:  1212440 256c451d95495fa2689d1cca4c98e7e5
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_ia64.deb
        Size/MD5 checksum:  2203266 f73f1d87341e34c9f405c2c75b6f459d
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_mips.deb
        Size/MD5 checksum:  1730844 fbc5b43b2558c59e6a2d6630d1371a88
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_mips.deb
        Size/MD5 checksum:   954942 e0decffa31ae494958afecb231abee9f
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_powerpc.deb
        Size/MD5 checksum:   845404 543e7f16a393736880f2d3eafae8c26f
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_powerpc.deb
        Size/MD5 checksum:  1546580 61e23c448d7a81c80ee9f75bff993e80
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_s390.deb
        Size/MD5 checksum:  1390938 0823e7675a54c9991880b5e057d079da
      https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_s390.deb
        Size/MD5 checksum:   763906 0c891488a3bf7595c20a8063cdc9feca
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/31-are-you-considering-making-the-switch-to-purism-s-new-librem-14-linux-laptop-to-improve-your-security-and-privacy-online?task=poll.vote&format=json
    31
    radio
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"3","type":"x","order":"1","pct":37.5,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"4","type":"x","order":"2","pct":50,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.