Debian: xpdf 0.90-7 Moderate: Unsafe Temp Files And Command Execution
debian
September 10, 2000
Several vulnerabilities exist with xpdf that could allow the creation of unsafe termporary files and the running of arbitrary shell commands.
Summary
Package : xpdf
Problem type : local exploit
Debian-specific: no
xpdf as distributed in Debian GNU/Linux 2.2 suffered from two problems:
1. creation of temporary files was not done safely which made xpdf
vulnerable to a symlink attack.
2. when handling URLs in documents no checking was done for shell
metacharacters before starting the browser. This makes it possible
to construct a document which cause xpdf to run arbitrary commands
when the user views an URL.
Both problems have been fixed in version 0.90-7, and we recommend you
upgrade your xpdf package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
architectures. At this moment no fixed package is available for arm
machines.
Source archives:
MD5 checksum: e9b2584ea9dda178ed1a63771aa7019f
MD5 checksum: 332ca1d9970dda5808538793bd3e346d
...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!