Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisorymoderateFedoraFedora: 2009-2651 Moderate: Pdfjam Script Path Modification Fix
PDFjam scripts previously create temporary files with predictable names, and are also susceptible to the search path being modified. This update fixes the two issues.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-2651 2009-03-13 18:03:28 --------------------------------------------------------------------------------Name : pdfjam Product : Fedora 10 Version : 1.21 Release : 1.fc10 URL : Summary : Utilities for join, rotate and align PDFs Description : PDFjam is a small collection of shell scripts which provide a simple interface to some of the functionality of the excellent pdfpages package (by Andreas Matthias) for pdfLaTeX. At present the utilities available are: * pdfnup, which allows PDF files to be "n-upped" in roughly the way that psnup does for PostScript files; * pdfjoin, which concatenates the pages of multiple PDF files together into a single file; * pdf90, which rotates the pages of one or more PDF files through 90 degrees (anti-clockwise). In every case, source files are left unchanged. A potential drawback of these utilities is that any hyperlinks in the source PDF are lost. On the positive side, there is no appreciable degradation of image quality in processing PDF files with these programs, unlike some other indirect methods such as "pdf2ps | psnup | ps2pdf" (in the author's experience). --------------------------------------------------------------------------------Update Information: PDFjam scripts previously create temporary files with predictable names, and are also susceptible to the search path being modified. This update fixes the two issues. --------------------------------------------------------------------------------ChangeLog: * Thu Mar 12 2009 Michel Salim - 1.21-1 - Update to 1.21, fixing security issues CVE-2008-5743, CVE-2008-5843 (bz#480174) --------------------------------------------------------------------------------References: [ 1 ] Bug #480174 - pdfjam: multiple security issues (CVE-2008-5743, CVE-2008-5843) https://bugzilla.redhat.com/show_bug.cgi?id=480174 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update pdfjam' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Mar 13, 2009
•Important
Fedora
91
security advisorygentoolocal privilege escalationGentoo: GLSA-200903-05 Normal: PDFjam Local Escalation Threats
Multiple vulnerabilities in the PDFjam scripts allow for local privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PDFjam: Multiple vulnerabilities Date: March 07, 2009 Bugs: #252734 ID: 200903-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in the PDFjam scripts allow for local privilege escalation. Background ========= PDFjam is a small collection of shell scripts to edit PDF documents, including pdfnup, pdfjoin and pdf90. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/pdfjam < 1.20-r1 > = 1.20-r1 Description ========== * Martin Vaeth reported multiple untrusted search path vulnerabilities (CVE-2008-5843). * Marcus Meissner of the SUSE Security Team reported that temporary files are created with a predictable name (CVE-2008-5743). Impact ===== A local attacker could place a specially crafted Python module in the current working directory or the /var/tmp directory, and entice a user to run the PDFjam scripts, leading to the execution of arbitrary code with the privileges of the user running the application. A local attacker could also leverage symlink attacks to overwrite arbitrary files. Workaround ========= There is no known workaround at this time. Resolution ========= All PDFjam users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/pdfjam-1.20-r1" References ========= [ 1 ] CVE-2008-5843 https://www.cve.org/CVERecord?id=CVE-2008-5843 [ 2 ] CVE-2008-5743 https://www.cve.org/CVERecord?id=CVE-2008-5743 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200903-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Mar 07, 2009
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!