lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070804130416.GA5467@galadriel.inutil.org> Date: Sat, 4 Aug 2007 15:04:16 +0200 From: Moritz Muehlenhoff <jmm@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 1348-1] New poppler packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1348-1 security@...ian.org http://www.debian.org/security/ Moritz Muehlenhoff August 4th, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : poppler Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2007-3387 It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. poppler includes a copy of the xpdf code and required an update as well. The oldstable distribution (sarge) doesn't include poppler. For the stable distribution (etch) this problem has been fixed in version 0.4.5-5.1etch1. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your poppler packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.dsc Size/MD5 checksum: 749 b1346c2cb4aee0ae1ca33ba060094007 http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.diff.gz Size/MD5 checksum: 482690 2f989d0448c2692300bd751bf522f5bd http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz Size/MD5 checksum: 783752 2bb1c75aa3f9c42f0ba48b5492e6d32c Alpha architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 773812 d76d764076316ae07e8087303cc30992 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 55132 cb35ceb01b25cdfc3f79442b3448d02b http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 33820 a4a9c2b76f3701a78a9b14e970bb5ba1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 504252 a9026c228974e16e5d89a25042ad7318 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 42904 c9bdb4e29ddad178743b31e90713c000 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 30346 6955b6218af2165b20e231d25e804514 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 86226 ec4c7750b60b527c1ffadcdccc2fc511 AMD64 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 611808 4cf7b4f5c7913c534e137cde3a02f48d http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 45814 24824bf98843df51422173dd1420ffcd http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 30766 9d5a8cac9a7c6988ed72134992cdad1b http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 456460 1efb9a77c4f2ac098e24d93adb45c9bf http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 41300 4b809ddb231c59b108002aac26b2478f http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 29528 5d0c79cd1b94df97d21ecce34e8fdfc3 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 83972 e0e8cd89085e72d350fd43e56021ced9 ARM architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 592632 63898117c4adef3f675f1b918d9aea82 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 44500 d5a82185b30a5e855a236a08395bcb21 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 30532 451a4ffa778a82ccd9dbe54f2f239c92 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 437908 0a6689b9a291458d022f9369650b7e17 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 39610 f2a40182a431d998a73a7c0dc40998a8 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 29242 58097f3bd8ce4c571f162b50ddfcec06 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 82498 7d3d731f89241c00b3107a1f2ad74ce8 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 573554 725e3b628ecfb382bfd9d75049d24f84 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 44092 93d59749719868c9e8e855ba5be957c1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 30104 d867bd597db2deb7a818780addad7c46 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 443208 3c98ad946f941c338ce310c4dd58974f http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 40564 1d30a6edbb90f4ce1c477ed5be4e66f0 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 29336 ba2d26951c5f57b25319c00370f5d4d1 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 80734 4c162ed3aa37045dd23a9aaf97d62f7d Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 808452 36eddb1c87e228a10e040e4aa810dd9f http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 54684 ee6598a0976411bc0642a18fbac9ec9f http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 33624 232ee172a92e67387fd0d2f0a85a44cc http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 613016 24b0da95fed8f02496f3bde2f16ff34d http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 47654 eb848894eda39ab7489a88cb31437ea1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 32046 62595c13e89cff5556267b8d154f6549 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 105128 ba70646ab595919bb3624431170e9384 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 672040 1461dead73436314eb88935df1ae9b13 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 49638 7ee217f6d2f57a2e788092f1dfc7f0a3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 32002 90d28e7f4057ded75ca7cb7737cdce8e http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 456562 fb22da4c7ea123176dcdb4021ed2dce4 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 41234 c296d08bdf88d83c995f5051127b19ba http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 29720 c31f5aa7cc55fc91efc83213e06791c9 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 86744 663cd6aa6d9ee644aa3274338f6e34e6 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 664562 a76a9ae04b3d9079316460dfd37541cf http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 49610 9c4bf1245c7b16b6b216bbcf621204b4 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 32034 fc77f927262ce430bcd065748b73ad66 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 444222 1d2caa1d87e4d0b43418949153943187 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 41046 070d0467544cb0581f0b3c133bad9d06 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 29680 e37a2a5a6c24e9417cd67db9897fd486 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 86486 aef8e31c38421662f3a875eb10d686e5 PowerPC architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 651526 05cf43f123f3e547456cd8ab4469c609 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 47968 bfa6208065b64793934a43132c1421e3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 31240 4d570e4ed7ee00fcc509b211cc06cfa1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 472044 5468d5759aab624d75a5ae5ec8f80ea3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 42980 588a81cdeaf6331b5bdd03b72039aea8 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 31274 1e1dbc0e4eda9c8f69ff370110d1c294 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 89146 475c8547c2286342097e71ca8be5e8f9 IBM S/390 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 621210 ed5404bd2125854397cbd66d833122ca http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 46662 f136bcbde244026bd7a5cb382909cf00 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 30396 48b3fdfa120eb49bb55fbb4dd61386cb http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 453426 267940fd3f7e641db873334b5bacc1fe http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 41518 c32030d7252d0e5b0a40988723e36239 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 29298 dd5bd8caf52912a5b5e4ebc3f1b1833f http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 80530 897b5056de7468e496e225668055d58a Sun Sparc architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 582952 c2d24c1f0036704fe390e629d679c56a http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 44374 27e3b0f740919f3519f8cd1146b18f96 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 30458 faccd537766990407a2720fe72ad437e http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 443556 38ec6210f11c0c2e55c5b8d47dd5c17e http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 40288 3af24912658ddecae77870cba99d7ca6 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 29122 00d80797d532b53164c3a6b62f78fc43 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 78120 5106a5323bfcf84b61ed6d0cc8203a27 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGtHkBXm3vHE4uyloRAuynAKCgWW4OTcuG40TFb8C60YtthFWl1ACfccAZ Y0s6KFcUQrACYB7XloHUbwA= =IkSZ -----END PGP SIGNATURE-----