Debian: xpdf arbitrary code execution fix DSA-581-1

    Date 02 Nov 2004
    2232
    Posted By LinuxSecurity Advisories
    Chris Evans discovered several integer overflows in xpdf, a viewer for PDF files, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 581-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                             Martin Schulze
    November 2nd, 2004                       https://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : xpdf
    Vulnerability  : integer overflows
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0888
    Debian Bug     : 278298
    
    Chris Evans discovered several integer overflows in xpdf, a viewer for
    PDF files, which can be exploited remotely by a specially crafted PDF
    document and lead to the execution of arbitrary code.
    
    For the stable distribution (woody) these problems have been fixed in
    version 1.00-3.2.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 3.00-9.
    
    We recommend that you upgrade your xpdf package.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.2.dsc
          Size/MD5 checksum:      706 9f5d7d51a4bc6d71a06dd4a5f02f3729
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.2.diff.gz
          Size/MD5 checksum:    10058 15d41abe3fa8a2d78c6b041c748f208e
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
          Size/MD5 checksum:   397750 81f3c381cef729e4b6f4ce21cf5bbf3c
    
      Architecture independent components:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.2_all.deb
          Size/MD5 checksum:    38514 c09d234c1a76172cb43a97856de16b2d
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.2_all.deb
          Size/MD5 checksum:     1292 3fec4c8ebb50145440c5036c1a7e293d
    
      Alpha architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_alpha.deb
          Size/MD5 checksum:   570922 67ff32dd5a579977a931445ed893d085
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_alpha.deb
          Size/MD5 checksum:  1045100 884ede86ce33bda2ac61bb70e45020d6
    
      ARM architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_arm.deb
          Size/MD5 checksum:   487036 8b1e20731ab6733ba9407fbdcfdda7eb
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_arm.deb
          Size/MD5 checksum:   886032 b1bf52b32ab24c5a6f27a10284af8a19
    
      Intel IA-32 architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_i386.deb
          Size/MD5 checksum:   449348 d4df5561128f35da0d12b0308c0fb0fd
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_i386.deb
          Size/MD5 checksum:   827652 54710c21c73a005b5733cc0b2ebd8fc1
    
      Intel IA-64 architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_ia64.deb
          Size/MD5 checksum:   682162 52cf660fd4aa6e34a567cc2c4b35f602
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_ia64.deb
          Size/MD5 checksum:  1227894 ec5525ea02b45edbc77d9aa92a9f15d9
    
      HP Precision architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_hppa.deb
          Size/MD5 checksum:   563642 787e6969b5523b594ba48757e648e63f
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_hppa.deb
          Size/MD5 checksum:  1032382 3d5b816589415127a6b339bb564d4617
    
      Motorola 680x0 architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_m68k.deb
          Size/MD5 checksum:   427490 c389ebf13a5cac9aa9198d8e065e4f18
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_m68k.deb
          Size/MD5 checksum:   794176 4b996f2daa35ee1a5769077a9a156ad2
    
      Big endian MIPS architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_mips.deb
          Size/MD5 checksum:   555000 ac278836ba797ee23d08cd4f0f00fcb5
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_mips.deb
          Size/MD5 checksum:  1016288 04e8cef118a28a1504d5dd34d662fddb
    
      Little endian MIPS architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_mipsel.deb
          Size/MD5 checksum:   546044 d9ce2aa3c6d6f9d8b78b1c9fa1756c1c
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_mipsel.deb
          Size/MD5 checksum:   998132 ca0548cb69d7809606e82fd99a73fa92
    
      PowerPC architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_powerpc.deb
          Size/MD5 checksum:   469980 6b8da3e2e44bde50792185f59690951a
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_powerpc.deb
          Size/MD5 checksum:   859330 eeadbcb97f1cd21a11c23b58149ecb57
    
      IBM S/390 architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_s390.deb
          Size/MD5 checksum:   429866 e66715f9fee0a9d3b9e4fbb7167baf7a
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_s390.deb
          Size/MD5 checksum:   785356 f6913f88e3dd30a6237c77bf2fb99ff6
    
      Sun Sparc architecture:
    
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_sparc.deb
          Size/MD5 checksum:   443534 0f6dd3d3113d0c2c72980b879b6f4a4b
         https://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_sparc.deb
          Size/MD5 checksum:   809584 140b40d1fc50dbb16af26d8fa1515b3c
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  https://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  https://packages.debian.org/
    
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"19","type":"x","order":"1","pct":95,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.