[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050809151424.GB6289@piware.de>
Date: Tue, 9 Aug 2005 17:14:24 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-163-1] xpdf vulnerability
===========================================================
Ubuntu Security Notice USN-163-1 August 09, 2005
xpdf vulnerability
CAN-2005-2097
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
xpdf-reader
xpdf-utils
kpdf
The problem can be corrected by upgrading the affected package to
version 3.00-8ubuntu1.5 (for Ubuntu 4.10), or 3.00-11ubuntu3.1
(xpdf-reader and xpdf-utils for Ubuntu 5.04) and 4:3.4.0-0ubuntu3.1
(kpdf for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
xpdf and kpdf did not sufficiently verify the validity of the "loca"
table in PDF files, a table that contains glyph description
information for embedded TrueType fonts. After detecting the broken
table, xpdf attempted to reconstruct the information in it, which
caused the generation of a huge temporary file that quickly filled up
available disk space and rendered the application unresponsive.
The CUPS printing system in Ubuntu 5.04 uses the xpdf-utils package to
convert PDF files to PostScript. By attempting to print such a crafted
PDF file, a remote attacker could cause a Denial of Service in a print
server. The CUPS system in Ubuntu 4.10 is not vulnerable against this
attack.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-11ubuntu3.1.diff.gz
Size/MD5: 49233 4cd029c1e95456692b26dcfdb6d53ce8
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-11ubuntu3.1.dsc
Size/MD5: 798 bcb68e7e2d6af0bc9e67f87124ac8bda
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-11ubuntu3.1_all.deb
Size/MD5: 56848 14aa94843443c88cb173285fad7f22e0
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-11ubuntu3.1_all.deb
Size/MD5: 1278 7cb9919819da78b2fd00dcae61bb8c46
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-11ubuntu3.1_amd64.deb
Size/MD5: 667122 d63c5a97a615fc4f6996eb1c0e0db8d4
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-11ubuntu3.1_amd64.deb
Size/MD5: 1271460 ba0726cc5834f5c2484241ba3a708a18
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-11ubuntu3.1_i386.deb
Size/MD5: 631952 4b765c67380a65b3495411cfae390a76
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-11ubuntu3.1_i386.deb
Size/MD5: 1193432 1c81c58d022a9fc295121d7e3015bda3
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-11ubuntu3.1_powerpc.deb
Size/MD5: 693470 7b484b13228992748cc7005fd6aba632
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-11ubuntu3.1_powerpc.deb
Size/MD5: 1311586 8f8dcd99c4de8d58985caa4e3c0e7f8f
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.5.diff.gz
Size/MD5: 48457 66dae2ebe77d6c534341081053de0ad4
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.5.dsc
Size/MD5: 788 416e2f1981d1ee9ee840fea169647dd5
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.4.0-0ubuntu3.1.diff.gz
Size/MD5: 154890 bc6483123ff12803fffe3aa2bda692d3
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.4.0-0ubuntu3.1.dsc
Size/MD5: 1373 7a956fb702674a455d412820e0451495
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.4.0.orig.tar.gz
Size/MD5: 8099991 c60ab0a0d727701144b5342dcbee201a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.5_all.deb
Size/MD5: 56544 3d224afc953de8a9b435442e660605ee
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.5_all.deb
Size/MD5: 1276 9005b58cff86bb092a9517f5f23922a4
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.4.0-0ubuntu3.1_all.deb
Size/MD5: 10300 ec94e5f36fb820b7d4bac5cd2ac33534
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.5_amd64.deb
Size/MD5: 666982 fac1e20d36a73d5ce7fd9ab14687e334
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.5_amd64.deb
Size/MD5: 1271400 7a81fc269ab824bbd33a229c77dceaad
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kamera_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 81916 ba96be6d955eea5a25f243099b96fc98
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kcoloredit_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 93520 af0a0643f8e6239dca5ebfabb7542279
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdegraphics-dev_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 58796 56d634ffdf6a30b2b1f6befe87284c7b
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 264398 a76e455377a8186876e92b637ba4d812
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdvi_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 504812 39329ab1c8c37c7e20fc3586ca34dc1e
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kfax_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 142990 f5f4425b604a830058e0e1dc858a8f1d
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kgamma_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 76088 7cacd1083ecc2af8bbd8c74bfd4e6e0f
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kghostview_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 231168 d5e0053c78445904724f39dd577f5053
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kiconedit_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 137534 bb441cb229f3fbdd86da8784d7c6c75f
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kmrml_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 227596 0b0bc954f8723130a145bf1ee70168f5
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kolourpaint_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 798720 831c2bfa32699f271a0fed894f271c0f
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kooka_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 753156 278e9b51ac65ee737692d49ca65fb5e0
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpdf_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 657458 50e033dc500e0186702419239dd9536c
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kpovmodeler_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 2239588 1db84a1b3b77b69b50b2902746411fb1
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kruler_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 56308 209b274d36be561c22705578e1bc7656
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksnapshot_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 132142 3762b1853a272edce602dddf68d57a7c
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksvg_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 1216632 899ceb59f17a0163b78bd8d5cf48eca3
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kuickshow_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 471318 39e2e4c6a32ecdf4021e7e0a9ad9530a
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kview_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 685498 a16981238b4a1d0041fa43a3b743424f
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kviewshell_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 255776 e3a8bde867881d5de2403aee14722597
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/libkscan-dev_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 9700 fb007ba8f7cb7a94e77eb2daa20348f0
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan1_3.4.0-0ubuntu3.1_amd64.deb
Size/MD5: 133834 ffc81571e412551c39b1cad094d0b9a3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.5_i386.deb
Size/MD5: 631920 01510acbcd8381c6606e6e1c00b0ea0e
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.5_i386.deb
Size/MD5: 1193890 b757f37d5108f0aa597490dc399c33ff
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kamera_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 78352 311f0453459518f68031a60b4633643a
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kcoloredit_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 86298 5ef24892b3707c4e3992275da924a4a0
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdegraphics-dev_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 58798 2d4eeecf709b0d0c08924710158ccfe2
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 221794 9a6304ce578d798d86abbb324bcda58c
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdvi_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 495944 2304daead52107020e668044373d794e
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kfax_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 135958 9892ecb3e9f604b2327113ad2b9dfa5a
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kgamma_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 73232 50089e6ec7b1acfac746d492cda20beb
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kghostview_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 220250 f47201168e9c6e2cd3ff618b3577c2fe
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kiconedit_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 126060 ef39bd9a675e8e7201f42c06ad224f59
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kmrml_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 210146 d95c29cd7b0b33d3bc1ff3538f0989d4
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kolourpaint_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 766914 cade32ee0e0832ecbf2d358baa04dade
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kooka_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 738262 107240bf57ce6d381305094289616124
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpdf_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 611796 9c2cce47121d9ac7f456e92024fc1d5a
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kpovmodeler_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 2168772 8fee82a345bea676764cd9373c60d802
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kruler_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 54816 4de21ab1116d2fe44b3063284742a542
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksnapshot_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 128778 f40d74f86c84c3c02dc032133f022b69
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksvg_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 1195566 018488d1d644a30a4eab558b36ab58db
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kuickshow_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 463408 b1f830fcfae3200986b32dd6088abad7
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kview_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 648282 dc4d632c41f0f49f183c9e1388b8354a
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kviewshell_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 237694 7747872b0920530b186ca884208566c7
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/libkscan-dev_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 9696 00a5c7cd8fe7c6c42ad4bf961c25d9b8
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan1_3.4.0-0ubuntu3.1_i386.deb
Size/MD5: 125086 c55fe18ca690db7e8583b25ed87570c2
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.5_powerpc.deb
Size/MD5: 693162 60c5ad23ed7ca7915f4e11aae250db82
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.5_powerpc.deb
Size/MD5: 1311540 2b8690e3044f7b88760c5acef63bbcee
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kamera_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 79062 6ebe3fd2395a6da4347aab787f9bb33e
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kcoloredit_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 88208 3d4c5c33a7fbde54525fec264ac0599f
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdegraphics-dev_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 58808 85c91edda625847e6eeccdb0d2a01e11
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 260346 2ac7795f52efc1c821041284b1e9cf00
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdvi_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 493320 a6cfdea42e87d5c57c231134288e96de
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kfax_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 138464 0e1b165ae8abe63c431ed5e050720b52
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kgamma_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 73874 6b20857f99469b77a539049fcc0c33a4
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kghostview_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 222482 081566f7c026eb2447faec407dfb86d6
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kiconedit_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 127262 5d17635f5447882bd3a69338135f2746
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kmrml_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 215724 a8f03074461cd1cb7029104be0f6f536
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kolourpaint_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 756880 b7e2c36791baad6b8d95b0a421ea720f
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kooka_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 738244 d7d81cbf500bcdbc5ea7513da4aba3c7
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpdf_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 628970 b4bd7761e217af8b727257a42ec7bc58
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kpovmodeler_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 2151892 9c15e838f10940a000d82cfcb690ea60
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kruler_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 54402 530562c13d720afadca85773f9c8936e
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksnapshot_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 128500 29bf768d0f438d74e2d4ce8e3cc3e026
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksvg_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 1178820 5c42d32c9e9bd1d32d314473e1e2be8e
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kuickshow_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 465182 2fcd8f23d26ae6c1955fe61c4ce2763b
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kview_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 682210 3c3c96dbdd52a9fc202b8efb16c4efee
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kviewshell_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 238610 c2ead499fb239970ec1f04b92e743af2
http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/libkscan-dev_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 9696 2d68e1ebd7b569a7b99398699ec85f5f
http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan1_3.4.0-0ubuntu3.1_powerpc.deb
Size/MD5: 126898 15908f0ef707a5d6dd7421f9108871b5
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists