Gentoo Linux: 200306-11 Critical: xpdf Remote Code Execution Threat

gentoo

June 27, 2003

Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers.

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200306-11


from advisory: 
"Valid PDF files can contain malicious external-type hyperlinks that can 
execute arbitrary shell commands underneath Unix with various PDF 
viewers/readers.

The hyperlinks must be activated or followed for the malicious script 
to run.  The obvious case is for a user to click on one. "

Read the full advisory at 
http://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-text/xpdf upgrade to xpdf-2.02.1 as follows

emerge sync
emerge xpdf
emerge clean

aliz@gentoo.org - GnuPG key is available at

Topics Covered

security advisory arbitrary code execution remote threat gentoo linux pdf exploitation

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity

critical

Lowest

Low

Medium

High

Critical

PACKAGE : xpdf

SUMMARY : arbitrary code execution

DATE : 2003-06-25 21:48 UTC

EXPLOIT : remote

VERSIONS AFFECTED : =xpdf-2.02.1

CVE : CAN-2003-0434

Topics Covered

security advisory arbitrary code execution remote threat gentoo linux pdf exploitation

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks