[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1CXKv2-000okHC__18854.1171759882$1101437897$gmane$org@finlandia.Infodrom.North.DE>
Date: Thu, 25 Nov 2004 15:48:24 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 599-1 security@...ian.org
http://www.debian.org/security/ Martin Schulze
November 25th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : tetex-bin
Vulnerability : integer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0888
Debian Bug : 278298
Chris Evans discovered several integer overflows in xpdf, that are
also present in tetex-bin, binary files for the teTeX distribution,
which can be exploited remotely by a specially crafted PDF document
and lead to the execution of arbitrary code.
For the stable distribution (woody) these problems have been fixed in
version 20011202-7.3.
For the unstable distribution (sid) these problems have been fixed in
version 2.0.2-23.
We recommend that you upgrade your tetex-bin packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.dsc
Size/MD5 checksum: 874 0774ffbc5e428a21939d7d10070ef12b
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.tar.gz
Size/MD5 checksum: 10329770 9ffa7015b10981c3524e8d6147f2c077
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_alpha.deb
Size/MD5 checksum: 84664 7b82ef947ccbd60c57e31fa1cdbceeae
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_alpha.deb
Size/MD5 checksum: 53042 e14d212ec7d9a21859b443ea11210d12
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_alpha.deb
Size/MD5 checksum: 4568870 d8a00aedde830f02a46f70ae97bcdfbc
ARM architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_arm.deb
Size/MD5 checksum: 65256 c7fb486f0e58d6f90a080313ade6d980
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_arm.deb
Size/MD5 checksum: 43610 acf504677a35232f075cb6368cb73c4f
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_arm.deb
Size/MD5 checksum: 3703874 25b4e1d62d2b010382bb74e610f7de32
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_i386.deb
Size/MD5 checksum: 62598 6c11adfac9cbe8007aa89fa91bef57da
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_i386.deb
Size/MD5 checksum: 40742 afda3a9de40083b9fb4a9d92a57749f3
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_i386.deb
Size/MD5 checksum: 3137234 898331b25326db5114be3fde93b191d1
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_ia64.deb
Size/MD5 checksum: 89716 c18229e93ad1bcd55a4baf9236798545
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_ia64.deb
Size/MD5 checksum: 63354 67c881d278113cd980dcfba6b52b2b1a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_ia64.deb
Size/MD5 checksum: 5598790 7e42e2710c659668fd6cb49ee73d333d
HP Precision architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_hppa.deb
Size/MD5 checksum: 79336 56b55b712e71ff618a1f861fe79ec21c
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_hppa.deb
Size/MD5 checksum: 49324 8577bdb403711604e3ff31cef86a9f1a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_hppa.deb
Size/MD5 checksum: 4106740 0f07a18dd4762a7d4bd5ea0881b8a80e
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_m68k.deb
Size/MD5 checksum: 61894 645b35f6e1d139a50f2fbd33be3c985b
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_m68k.deb
Size/MD5 checksum: 41370 7b6ce68854bf90f1914f90d386a83dcf
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_m68k.deb
Size/MD5 checksum: 2923076 de62311a6c75ca949adf65b09c5d0722
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mips.deb
Size/MD5 checksum: 75110 725f811a3b30630c84fa63137eca473d
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mips.deb
Size/MD5 checksum: 42380 a89bb43e57cfb784e5b9193177c7894e
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mips.deb
Size/MD5 checksum: 3941306 2e93d929facb57b8a3500780c00c2335
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mipsel.deb
Size/MD5 checksum: 74908 973bf6cec0fd0f972d1e159e1565953c
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mipsel.deb
Size/MD5 checksum: 42592 360874783cafee5a52b11a9f34cca859
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mipsel.deb
Size/MD5 checksum: 3899668 a8f1b96d1cd98bbb47ab0a685d719695
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_powerpc.deb
Size/MD5 checksum: 73942 631231dd210da928ae371d327d1d9c19
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_powerpc.deb
Size/MD5 checksum: 45282 0452f97d7b0fa7d385c2bbe1f7f9010f
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_powerpc.deb
Size/MD5 checksum: 3587232 c4895e69f2428a9641418ebc751fe7d3
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_s390.deb
Size/MD5 checksum: 64264 a1d4534009c6c82335c5231869b921d9
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_s390.deb
Size/MD5 checksum: 43760 ead82804aaee31f3ba40d98d6d11ed7b
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_s390.deb
Size/MD5 checksum: 3441172 8ca00fddab7f9c3c612e6ac3db9889a4
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_sparc.deb
Size/MD5 checksum: 70710 d0e1d6a50ca4dfbe852445d6b49b1a40
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_sparc.deb
Size/MD5 checksum: 48748 907d98a1136cfd90f0678497728885d0
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_sparc.deb
Size/MD5 checksum: 3598666 0deea34aef2ec55cb04eb8f93204d2f2
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBpfC4W5ql+IAeqTIRAkfJAJ0WxP0zV5CTgCOBQFLHRwiLsRUCvwCgkTQt
AYT6xca57KtGVtMIKxy6HXk=
=M2UP
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists