lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070806173216.GA5040@galadriel.inutil.org>
Date: Mon, 6 Aug 2007 19:32:16 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1350-1] New tetex-bin packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1350-1                    security@...ian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 6th, 2007                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : tetex-bin
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2007-3387

It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

tetex-bin includes a copy of the xpdf code and required an update as
well.

For the oldstable distribution (sarge) this problem has been fixed in
version 2.0.2-30sarge5.

The package from the stable distribution (etch) links dynamically
against libpoppler and doesn't require a separate update.

The package from the unstable distribution (sid) links dynamically
against libpoppler and doesn't require a separate update.

We recommend that you upgrade your tetex-bin packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5.dsc
      Size/MD5 checksum:     1004 408dc2085cdba46890456dd0994466ed
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5.diff.gz
      Size/MD5 checksum:   162289 af8ba42d1ba901a866f8a9a3be169a8d
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_alpha.deb
      Size/MD5 checksum:    90938 d8159c21d95fe23977f3f04293e05d2b
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_alpha.deb
      Size/MD5 checksum:    65658 8499ce76230803e3e8ca57f74d3ddc1a
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_alpha.deb
      Size/MD5 checksum:  5191902 e59ace42020339489e5dce272346937d

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_amd64.deb
      Size/MD5 checksum:    72760 c74b0d671d1e598133ccbabba4b055d0
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_amd64.deb
      Size/MD5 checksum:    61976 18539f87cc4ca768e94812dd82a4ba92
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_amd64.deb
      Size/MD5 checksum:  4357092 c343a5100fa62f02fea94cb8298d1dfe

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_arm.deb
      Size/MD5 checksum:    67792 56ead90cbac34f20bbd3a9c561d8e766
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_arm.deb
      Size/MD5 checksum:    58222 9615aad9835cf82cda04c2270b23bcc6
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_arm.deb
      Size/MD5 checksum:  4300932 797d1b12e5c33b994b54ea3ed0e56605

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_hppa.deb
      Size/MD5 checksum:    78298 b02ebc84baf40bdf85bdd095259a6fc0
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_hppa.deb
      Size/MD5 checksum:    66718 fc8516836487be2143681dde8a547afa
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_hppa.deb
      Size/MD5 checksum:  4613010 8a86c1ff20b5e7d796f4729688b38846

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_i386.deb
      Size/MD5 checksum:    66214 9cdb34e878a67780bb6495585ef14db7
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_i386.deb
      Size/MD5 checksum:    59248 591ed69f05d3a395c0e438bbe046db12
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_i386.deb
      Size/MD5 checksum:  3939528 d352ae38e2349e355e5da81651fcbb81

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_ia64.deb
      Size/MD5 checksum:    89818 194a8c9d3fdbdb2de3a1132cfc5fefd8
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_ia64.deb
      Size/MD5 checksum:    73578 98b1887daec4d21c5f6541a4857f2765
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_ia64.deb
      Size/MD5 checksum:  5909754 72b1fc89df3534e940f0c276ac30e834

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_m68k.deb
      Size/MD5 checksum:    63570 c28eb2d915d1993744a07c6110634370
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_m68k.deb
      Size/MD5 checksum:    58802 e5c73af748d2c66f038b5f52929d938a
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_m68k.deb
      Size/MD5 checksum:  3601196 49dd7766842ec386c1a62685079c80ed

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_mips.deb
      Size/MD5 checksum:    75566 e8c8a8f53f4aab6029f7e92b5994247d
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_mips.deb
      Size/MD5 checksum:    59274 2ec0a1573e3e1aa68a7f71177616b61b
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_mips.deb
      Size/MD5 checksum:  4603054 b05d0400b14e006284b383364dcdb609

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_mipsel.deb
      Size/MD5 checksum:    75536 342424bab48f7baa4a28dd033ade7a89
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_mipsel.deb
      Size/MD5 checksum:    59504 aa940915c0a195a5fa6bc7dcdcddd796
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_mipsel.deb
      Size/MD5 checksum:  4559858 1c2999179723139ef15ce8fac0094ab3

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_powerpc.deb
      Size/MD5 checksum:    74908 827173cc664bccc030eb1e8607f2e5de
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_powerpc.deb
      Size/MD5 checksum:    63436 b53beaa55824df5c86230ee76a58f46a
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_powerpc.deb
      Size/MD5 checksum:  4382190 19f6451563e03f4847cf7b548b822273

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_s390.deb
      Size/MD5 checksum:    71830 7f4ab010974b161ebb3e43e4fa946571
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_s390.deb
      Size/MD5 checksum:    63692 21ba0cfb5d848ee8db9a84c0d1d90cbc
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_s390.deb
      Size/MD5 checksum:  4269382 8d527032ff17054e05f2030e76e0d20f

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_sparc.deb
      Size/MD5 checksum:    70016 db4e0ff13dc82882a8af0ab231439d80
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_sparc.deb
      Size/MD5 checksum:    61066 715b8af76681d9d491f538011b75fa26
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_sparc.deb
      Size/MD5 checksum:  4157218 e2f76ec4340abd8f99aa44c941a87dea


  These files will probably be moved into the oldstable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGt1rYXm3vHE4uyloRAgDsAKDoUXmnJ3RQySW/8M42AIqZkBL/nACfXCTB
65bBxkPu0KG9yJTONnNgFQ4=
=JSxH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ