Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
87
security advisorysoftware updatedebianDebian: DSA 1019-1 Important: Kpdf Local Security Risks and Fixes
Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1019-1
Mar 24, 2006
•Important
Debian
99
security advisorybuffer overflowcriticalSlackware: 2006-045-04 Critical: KPDF Buffer Overflow Security Fix
New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues with kpdf. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kdegraphics (SSA:2006-045-04) New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues with kpdf. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2005-3191 https://www.cve.org/CVERecord?id=CVE-2005-3192 https://www.cve.org/CVERecord?id=CVE-2005-3193 https://www.cve.org/CVERecord?id=CVE-2005-3624 https://www.cve.org/CVERecord?id=CVE-2005-3625 https://www.cve.org/CVERecord?id=CVE-2005-3626 https://www.cve.org/CVERecord?id=CVE-2005-3627 https://www.cve.org/CVERecord?id=CVE-2005-3628 https://www.cve.org/CVERecord?id=CVE-2006-0301 Additional information is also available from the KDE website: https://kde.org/info/security/advisory-20051207-2.txt https://kde.org/info/security/advisory-20060202-1.txt Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/kdegraphics-3.4.2-i486-2.tgz: Patched integer and heap overflows in kpdf to fix possible security bugs with malformed PDF files. For more information, see: https://kde.org/info/security/advisory-20051207-2.txt https://kde.org/info/security/advisory-20060202-1.txt https://www.cve.org/CVERecord?id=CVE-2005-3191 https://www.cve.org/CVERecord?id=CVE-2005-3192 https://www.cve.org/CVERecord?id=CVE-2005-3193 https://www.cve.org/CVERecord?id=CVE-2005-3624 https://www.cve.org/CVERecord?id=CVE-2005-3625 https://www.cve.org/CVERecord?id=CVE-2005-3626 https://www.cve.org/CVERecord?id=CVE-2005-3627 https://www.cve.org/CVERecord?id=CVE-2005-3628 https://www.cve.org/CVERecord?id=CVE-2006-0301 (* Security fix*) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdegraphics-3.2.3-i486-2.tgz Updated package for Slackware 10.1: Updated package for Slackware 10.2: Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 10.0 package: da13535a269210c3e8aff65ef17e2442 kdegraphics-3.2.3-i486-2.tgz Slackware 10.1 package: 1499ba1755da9e69a6b69031b2919eb2 kdegraphics-3.3.2-i486-4.tgz Slackware 10.2 package: 5bb6d9647f5d48d00cbd698e9aa5821e kdegraphics-3.4.2-i486-2.tgz Slackware -current package: a3dc06eee3e19500f39ee1ecbac977e1 kdegraphics-3.5.1-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg kdegraphics-3.4.2-i486-2.tgz +-----+ . Kdegraphics security patch released for Slackware addressing severe vulnerabilities found in kpdf application.. Kdegraphics Update, Slackware Security, Package Vulnerability, KPDF Issues. . Severity: Critical. LinuxSecurity.com Team
Feb 15, 2006
•Critical
Slackware
91
security advisorygentoocode executionGentoo GLSA-200602-05 Normal: KPdf Heap Overflow Risk from PDF Files
KPdf includes vulnerable Xpdf code to handle PDF files, making it vulnerable to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200602-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: KPdf: Heap based overflow Date: February 12, 2006 Bugs: #121375 ID: 200602-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= KPdf includes vulnerable Xpdf code to handle PDF files, making it vulnerable to the execution of arbitrary code. Background ========= KPdf is a KDE-based PDF viewer included in the kdegraphics package. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/kdegraphics < 3.4.3-r4 > = 3.4.3-r4 2 kde-base/kpdf < 3.4.3-r4 > = 3.4.3-r4 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== KPdf includes Xpdf code to handle PDF files. Dirk Mueller discovered that the Xpdf code is vulnerable a heap based overflow in the splash rasterizer engine. Impact ===== An attacker could entice a user to open a specially crafted PDF file with Kpdf, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround ========= There is no known workaround at this time. Resolution ========= All kdegraphics users should upgrade to the latestversion: # emerge --sync # emerge --ask --oneshot --verbose "> =kde-base/kdegraphics-3.4.3-r4" All Kpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =kde-base/kpdf-3.4.3-r4" References ========= [ 1 ] CVE-2006-0301 https://www.cve.org/CVERecord?id=CVE-2006-0301 [ 2 ] KDE Security Advisory: kpdf/xpdf heap based buffer overflow https://kde.org/info/security/advisory-20060202-1.txt Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200602-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Feb 13, 2006
Gentoo
89
security advisoryfedorabuffer overflowFedora Core 4: 2006-105 Critical Vulnerability in kpdf Buffer Overflow
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code. Users impacted by these issues, should update to this new package release. . ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-105 2006-02-10 ---------------------------------------------------------------------Product : Fedora Core 4 Name : kdegraphics Version : 3.5.1 Release : 0.2.fc4 Summary : K Desktop Environment - Graphics Applications Description : Graphics applications for the K Desktop Environment. Includes: kdvi (displays TeX .dvi files) kfax (displays faxfiles) kghostview (displays postscript files) kcoloredit (palette editor and color chooser) kamera (digital camera support) kiconedit (icon editor) kpaint (a simple drawing program) ksnapshot (screen capture utility) kview (image viewer for GIF, JPEG, TIFF, etc.) kuickshow (quick picture viewer) kooka (scanner application) kruler (screen ruler and color measurement tool) ---------------------------------------------------------------------Update Information: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code. Users impacted by these issues, should update to this new package release. ---------------------------------------------------------------------* Tue Feb 7 2006 Than Ngo 7:3.5.1-0.2.fc4 - apply patch to fix buffer overflow in kpdf, CVE-2006-0301 (#179056) ---------------------------------------------------------------------This update can be downloaded from: 4ed4ed8ca7762a7140b4aea37862078bc3758988 SRPMS/kdegraphics-3.5.1-0.2.fc4.src.rpm 3a9a3b3777eff2ac02ff21ba78151d25c3395a9d ppc/kdegraphics-3.5.1-0.2.fc4.ppc.rpm 9c25998f60be8531e2e1a4366611501d2adee26e ppc/kdegraphics-devel-3.5.1-0.2.fc4.ppc.rpm 296f883442cba8315c5b23799d3488ffaa843c89 ppc/debug/kdegraphics-debuginfo-3.5.1-0.2.fc4.ppc.rpm 03990a0a90d0bc769494759727b2e76f20cde814 x86_64/kdegraphics-3.5.1-0.2.fc4.x86_64.rpm 2ab08e61a5137f1833f8ca815a5dc025aba38ae6 x86_64/kdegraphics-devel-3.5.1-0.2.fc4.x86_64.rpm 9c539d49ecc4be772816d8c3989951736d7454a3 x86_64/debug/kdegraphics-debuginfo-3.5.1-0.2.fc4.x86_64.rpm a99acaa35091e76a25a51acad2e7fe0a3719720d i386/kdegraphics-3.5.1-0.2.fc4.i386.rpm ce4cc146300daa51cb37089de8aefbd407a7a102 i386/kdegraphics-devel-3.5.1-0.2.fc4.i386.rpm 5b918d77c186fa41958dc5ac503e2367afe23c58 i386/debug/kdegraphics-debuginfo-3.5.1-0.2.fc4.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list
Feb 10, 2006
•Critical
Fedora
87
security advisorydenial of servicebuffer overflowDebian 3.1 DSA-932-1 Critical: KPDF Buffer Overflow Impacting Users
"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. The same code is present in kpdf which is part of the kdegraphics package. . - --------------------------------------------------------------------------Debian Security Advisory DSA 932-1
Jan 27, 2006
•Critical
Debian
91
security advisorydenial of servicegentooGentoo: GLSA-200508-08 Normal: Xpdf, Kpdf, GPdf DoS Threat
Xpdf, Kpdf and GPdf may crash as a result of a Denial of Service vulnerability.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf, Kpdf, GPdf: Denial of Service vulnerability Date: August 16, 2005 Bugs: #99769, #100263, #100265 ID: 200508-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Xpdf, Kpdf and GPdf may crash as a result of a Denial of Service vulnerability. Background ========= Xpdf, Kpdf and GPdf are PDF file viewers that run under the X Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part of kdegraphics. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/xpdf < 3.00-r10 > = 3.00-r10 2 kde-base/kdegraphics < 3.3.2-r3 > = 3.3.2-r3 3 kde-base/kpdf < 3.4.1-r1 > = 3.4.1-r1 4 app-text/gpdf < 2.10.0-r1 > = 2.10.0-r1 ------------------------------------------------------------------- 4 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kpdf and GPdf attempt to reconstruct the information in it by decoding the PDF file, which causes the generation of a huge temporary file. Impact ===== A remote attacker may cause a Denial ofService by creating a specially crafted PDF file, sending it to a CUPS printing system (which uses Xpdf), or by enticing a user to open it in Xpdf, Kpdf, or GPdf. Workaround ========= There is no known workaround at this time. Resolution ========= All Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/xpdf-3.00-r10" All GPdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/gpdf-2.10.0-r1" All Kpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =kde-base/kdegraphics-3.3.2-r3" All KDE Split Ebuild Kpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =kde-base/kpdf-3.4.1-r1" References ========= [ 1 ] CAN-2005-2097 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200508-08 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 16, 2005
Gentoo
98
security advisorysecurity updateRed HatRed Hat: RHSA-2005:671-01 Moderate: kpdf Denial of Service
Updated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: kdegraphics security update Advisory ID: RHSA-2005:671-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:671.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2097 - ---------------------------------------------------------------------1. Summary: Updated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A flaw was discovered in kpdf. An attacker could construct a carefully crafted PDF file that would cause kpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2097 to this issue. Note this issue does not affect Red Hat Enterprise Linux 3 or 2.1. Users of kpdf should upgrade to these updated packages, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the followingcommand: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 163925 - CAN-2005-2097 kpdf DoS 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: 034c8c6c6f6b306170dd84943f4caebf kdegraphics-3.3.1-3.4.src.rpm i386: 551912cff4672ac8e5d8c9e1c1aa6bd5 kdegraphics-3.3.1-3.4.i386.rpm 7d26d5de1c406e6e89333eb17c4d9720 kdegraphics-devel-3.3.1-3.4.i386.rpm ia64: c26447459cac09d0b8a680f8aff37cce kdegraphics-3.3.1-3.4.ia64.rpm 1072f640b595f512ba217264d2c77aec kdegraphics-devel-3.3.1-3.4.ia64.rpm ppc: 5f05c498a6515ea03b567691a1795588 kdegraphics-3.3.1-3.4.ppc.rpm 12f3c69ef13a8617ef6e3c3ef7108b6f kdegraphics-devel-3.3.1-3.4.ppc.rpm s390: 6492a12dd82ab6ad78977b36f6acc277 kdegraphics-3.3.1-3.4.s390.rpm 644af9b7f094d9fad6eb43423b04854a kdegraphics-devel-3.3.1-3.4.s390.rpm s390x: 8a8e96eacc5ebff6f6cb9d4d0f87b229 kdegraphics-3.3.1-3.4.s390x.rpm 6a83d580fe2d065f1f2cff4978c00ec5 kdegraphics-devel-3.3.1-3.4.s390x.rpm x86_64: ff88d2ce2b9129ba3cc8f0b90d8350cc kdegraphics-3.3.1-3.4.x86_64.rpm 4e67a2cb74e2dbd7d264c2967ade9f97 kdegraphics-devel-3.3.1-3.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 034c8c6c6f6b306170dd84943f4caebf kdegraphics-3.3.1-3.4.src.rpm i386: 551912cff4672ac8e5d8c9e1c1aa6bd5 kdegraphics-3.3.1-3.4.i386.rpm 7d26d5de1c406e6e89333eb17c4d9720 kdegraphics-devel-3.3.1-3.4.i386.rpm x86_64: ff88d2ce2b9129ba3cc8f0b90d8350cc kdegraphics-3.3.1-3.4.x86_64.rpm 4e67a2cb74e2dbd7d264c2967ade9f97 kdegraphics-devel-3.3.1-3.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 034c8c6c6f6b306170dd84943f4caebf kdegraphics-3.3.1-3.4.src.rpm i386: 551912cff4672ac8e5d8c9e1c1aa6bd5 kdegraphics-3.3.1-3.4.i386.rpm 7d26d5de1c406e6e89333eb17c4d9720 kdegraphics-devel-3.3.1-3.4.i386.rpm ia64: c26447459cac09d0b8a680f8aff37cce kdegraphics-3.3.1-3.4.ia64.rpm 1072f640b595f512ba217264d2c77aec kdegraphics-devel-3.3.1-3.4.ia64.rpm x86_64: ff88d2ce2b9129ba3cc8f0b90d8350cc kdegraphics-3.3.1-3.4.x86_64.rpm 4e67a2cb74e2dbd7d264c2967ade9f97 kdegraphics-devel-3.3.1-3.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 034c8c6c6f6b306170dd84943f4caebf kdegraphics-3.3.1-3.4.src.rpm i386: 551912cff4672ac8e5d8c9e1c1aa6bd5 kdegraphics-3.3.1-3.4.i386.rpm 7d26d5de1c406e6e89333eb17c4d9720 kdegraphics-devel-3.3.1-3.4.i386.rpm ia64: c26447459cac09d0b8a680f8aff37cce kdegraphics-3.3.1-3.4.ia64.rpm 1072f640b595f512ba217264d2c77aec kdegraphics-devel-3.3.1-3.4.ia64.rpm x86_64: ff88d2ce2b9129ba3cc8f0b90d8350cc kdegraphics-3.3.1-3.4.x86_64.rpm 4e67a2cb74e2dbd7d264c2967ade9f97 kdegraphics-devel-3.3.1-3.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-2097 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . The recent update for kdegraphics addresses a moderate security vulnerability affecting Red Hat systems, enhancing the safety of PDF processing within kpdf.. Kdegraphics Security Update, Red Hat Advisory, Moderate Risk Fix, kpdf Patch. . LinuxSecurity.com Team
Aug 09, 2005
Red Hat
91
security advisorygentoocode executionGentoo: GLSA-200501-17 Normal: KPdf KOffice Code Execution Risk
KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code if a user is enticed to view a malicious PDF file. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200501-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: KPdf, KOffice: More vulnerabilities in included Xpdf Date: January 11, 2005 Bugs: #75203, #75204 ID: 200501-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code if a user is enticed to view a malicious PDF file. Background ========= KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-office/koffice < 1.3.5-r1 > = 1.3.5-r1 2 kde-base/kdegraphics < 3.3.2-r1 > = 3.3.2-r1 *> = 3.2.3-r3 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact ===== An attacker could entice a user to open aspecially-crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running the affected utility. Workaround ========= There is no known workaround at this time. Resolution ========= All KPdf users should upgrade to the latest version of kdegraphics: # emerge --sync # emerge --ask --oneshot --verbose kde-base/kdegraphics Note: There is currently no fixed stable 3.3.x version for sparc. All KOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose app-office/koffice References ========= [ 1 ] GLSA 200412-24 https://security.gentoo.org/glsa/200412-24 [ 2 ] CAN-2004-1125 https://www.cve.org/CVERecord?id=CVE-CAN-2004-1125 [ 3 ] KDE Security Advisory: kpdf Buffer Overflow Vulnerability https://kde.org/info/security/advisory-20041223-1.txt [ 4 ] KOffice XPDF Integer Overflow 2 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200501-17 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 11, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!