[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070804125549.GA5074@galadriel.inutil.org>
Date: Sat, 4 Aug 2007 14:55:49 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1347-1] New xpdf packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1347-1 security@...ian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 4th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : xpdf
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2007-3387
It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.
For the oldstable distribution (sarge) this problem has been fixed in
version 3.00-13.7.
For the stable distribution (etch) this problem has been fixed in
version 3.01-9etch1.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your xpdf packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.dsc
Size/MD5 checksum: 781 0e263d3ecbd956af7d756e6b10b450b9
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.diff.gz
Size/MD5 checksum: 51994 73102654c2dc695ba52153332cf6355e
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
Size/MD5 checksum: 534697 95294cef3031dd68e65f331e8750b2c2
Architecture independent components:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.7_all.deb
Size/MD5 checksum: 56612 3844dc954e1b076cedb1df334f1d9fee
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7_all.deb
Size/MD5 checksum: 1276 894fe92a845e0e211e0217c590bd59b8
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_alpha.deb
Size/MD5 checksum: 803682 da21c5c482000a03a782310682a17c61
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_alpha.deb
Size/MD5 checksum: 1528526 634bc43be530058b8df65cb8477add20
AMD64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_amd64.deb
Size/MD5 checksum: 668656 7c5d4d69e1415bedc58ee5fea3c0ba4e
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_amd64.deb
Size/MD5 checksum: 1275056 5b449abdea091655726bf3263d06c24b
ARM architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_arm.deb
Size/MD5 checksum: 675168 4c806b183382516f9b228fcb534a5fc2
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_arm.deb
Size/MD5 checksum: 1280198 eccbbcb5fb6688685e6274d393d06c58
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb
Size/MD5 checksum: 833234 53a85c49c0d0ed760da1ac5bd256cc1c
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_hppa.deb
Size/MD5 checksum: 1581132 b830198ef741369f777e4a231c2b2352
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_i386.deb
Size/MD5 checksum: 657156 69e930d035bf8e338da085162061f8f2
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_i386.deb
Size/MD5 checksum: 1242988 208188fd587d1bf6d76ce0b83b2d14d1
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_ia64.deb
Size/MD5 checksum: 951362 8a68c556f5cb892f22305d8be9906d63
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_ia64.deb
Size/MD5 checksum: 1803002 4f339242fb23f7d564f6909db48d3b6e
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_m68k.deb
Size/MD5 checksum: 586488 de9ba73580d4c5ae1d9587dee185c5f2
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_m68k.deb
Size/MD5 checksum: 1117854 4c573f4e9433eeb2b07659c78dd34e8e
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mips.deb
Size/MD5 checksum: 808354 53efd66f685a4dbfc81548373c4c7b14
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mips.deb
Size/MD5 checksum: 1525936 f102ccb14e87431e7920f0856b46f896
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mipsel.deb
Size/MD5 checksum: 798650 d5f16d74b898d95480b3a7411328340f
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mipsel.deb
Size/MD5 checksum: 1504484 63e65bbdd21f3290f5ff7fe8f2605489
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_powerpc.deb
Size/MD5 checksum: 694722 08e6ef661dd969b992ed8e524860c6d0
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_powerpc.deb
Size/MD5 checksum: 1313852 cc4faa2d9a6f34e0f2617150d0ed4983
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_s390.deb
Size/MD5 checksum: 631070 af2bcecc6f6020ba4716446dc72b627b
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_s390.deb
Size/MD5 checksum: 1199558 ce19e172165131f98d8b436849ba1c08
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_sparc.deb
Size/MD5 checksum: 626964 eda25a6a10d0e69f51d686ea23a99480
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_sparc.deb
Size/MD5 checksum: 1182548 6560c5dd893ce3fca7f0c86b022a818e
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.dsc
Size/MD5 checksum: 968 d8dc0eef65699dd4ba038a096d2a81e4
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.diff.gz
Size/MD5 checksum: 34901 b432feb9ba16a593df406baba307df1b
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz
Size/MD5 checksum: 599778 e004c69c7dddef165d768b1362b44268
Architecture independent components:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9etch1_all.deb
Size/MD5 checksum: 61024 7c0fd8bfc7fc90bc5c17464700edb42f
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1_all.deb
Size/MD5 checksum: 1278 7e5c71c975f30e46a6cb50d3bbff5adc
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_alpha.deb
Size/MD5 checksum: 905816 03bf81436242b6a3b9aaf3f0b2bb3164
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_alpha.deb
Size/MD5 checksum: 1651508 3432db911ace408ae0f7dad55eac0f2b
AMD64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_amd64.deb
Size/MD5 checksum: 794428 e24ed84c50324d45177ae0235db5a313
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_amd64.deb
Size/MD5 checksum: 1455166 590fc7c28c6c70cacc043fd64473c4ef
ARM architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_arm.deb
Size/MD5 checksum: 787430 7eb238efc796199d130b295c62092cd0
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_arm.deb
Size/MD5 checksum: 1429968 e238b03168bfede6bf830a304ff50620
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_i386.deb
Size/MD5 checksum: 781640 c9d20758cf278db78638def045a863c5
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_i386.deb
Size/MD5 checksum: 1423878 68bd5716e0f169d5086b2fd00e7d8f4a
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_ia64.deb
Size/MD5 checksum: 1195858 cbbdd5d6d0414169145dbdf3fea12707
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_ia64.deb
Size/MD5 checksum: 2165458 21e2ed7de71da57d66751757ef53342d
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mips.deb
Size/MD5 checksum: 944050 8c6990ce24678d320e2e867f4878a730
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mips.deb
Size/MD5 checksum: 1707498 be641af6c68aa385ac279915239749fc
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mipsel.deb
Size/MD5 checksum: 931700 41a0d5de1726aab65964ed65de106fa8
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mipsel.deb
Size/MD5 checksum: 1686070 9ed4f7c4d3f0a1a0a2606a76022c9bea
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_powerpc.deb
Size/MD5 checksum: 833600 8f1e3926bb539d37386a9e614c5a8dda
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_powerpc.deb
Size/MD5 checksum: 1520882 6000cb9a1adadcd8b150bb642fe1040f
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_s390.deb
Size/MD5 checksum: 752384 9e58b3a148b490a0869a1b2ea6450157
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_s390.deb
Size/MD5 checksum: 1363574 315e1ce79f6f2b8a7765cc453925bfc0
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_sparc.deb
Size/MD5 checksum: 750250 e6d86666b4b9b2050ed1a144411f613f
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_sparc.deb
Size/MD5 checksum: 1363236 a7ccb1bdcb2880c6e72387250e0f4c59
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGtHcIXm3vHE4uyloRAv3iAKCkzmPesmHDYuafUZUYbC3LbImLrQCeP9z5
NV/iPAHAmQE7vlyD6mvn/Qg=
=QwZF
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists