lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 6 Aug 2007 19:32:16 +0200
From: Moritz Muehlenhoff <>
Subject: [SECURITY] [DSA 1350-1] New tetex-bin packages fix arbitrary code execution

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1350-1                                   Moritz Muehlenhoff
August 6th, 2007              
- --------------------------------------------------------------------------

Package        : tetex-bin
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2007-3387

It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

tetex-bin includes a copy of the xpdf code and required an update as

For the oldstable distribution (sarge) this problem has been fixed in
version 2.0.2-30sarge5.

The package from the stable distribution (etch) links dynamically
against libpoppler and doesn't require a separate update.

The package from the unstable distribution (sid) links dynamically
against libpoppler and doesn't require a separate update.

We recommend that you upgrade your tetex-bin packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1004 408dc2085cdba46890456dd0994466ed
      Size/MD5 checksum:   162289 af8ba42d1ba901a866f8a9a3be169a8d
      Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63

  Alpha architecture:
      Size/MD5 checksum:    90938 d8159c21d95fe23977f3f04293e05d2b
      Size/MD5 checksum:    65658 8499ce76230803e3e8ca57f74d3ddc1a
      Size/MD5 checksum:  5191902 e59ace42020339489e5dce272346937d

  AMD64 architecture:
      Size/MD5 checksum:    72760 c74b0d671d1e598133ccbabba4b055d0
      Size/MD5 checksum:    61976 18539f87cc4ca768e94812dd82a4ba92
      Size/MD5 checksum:  4357092 c343a5100fa62f02fea94cb8298d1dfe

  ARM architecture:
      Size/MD5 checksum:    67792 56ead90cbac34f20bbd3a9c561d8e766
      Size/MD5 checksum:    58222 9615aad9835cf82cda04c2270b23bcc6
      Size/MD5 checksum:  4300932 797d1b12e5c33b994b54ea3ed0e56605

  HP Precision architecture:
      Size/MD5 checksum:    78298 b02ebc84baf40bdf85bdd095259a6fc0
      Size/MD5 checksum:    66718 fc8516836487be2143681dde8a547afa
      Size/MD5 checksum:  4613010 8a86c1ff20b5e7d796f4729688b38846

  Intel IA-32 architecture:
      Size/MD5 checksum:    66214 9cdb34e878a67780bb6495585ef14db7
      Size/MD5 checksum:    59248 591ed69f05d3a395c0e438bbe046db12
      Size/MD5 checksum:  3939528 d352ae38e2349e355e5da81651fcbb81

  Intel IA-64 architecture:
      Size/MD5 checksum:    89818 194a8c9d3fdbdb2de3a1132cfc5fefd8
      Size/MD5 checksum:    73578 98b1887daec4d21c5f6541a4857f2765
      Size/MD5 checksum:  5909754 72b1fc89df3534e940f0c276ac30e834

  Motorola 680x0 architecture:
      Size/MD5 checksum:    63570 c28eb2d915d1993744a07c6110634370
      Size/MD5 checksum:    58802 e5c73af748d2c66f038b5f52929d938a
      Size/MD5 checksum:  3601196 49dd7766842ec386c1a62685079c80ed

  Big endian MIPS architecture:
      Size/MD5 checksum:    75566 e8c8a8f53f4aab6029f7e92b5994247d
      Size/MD5 checksum:    59274 2ec0a1573e3e1aa68a7f71177616b61b
      Size/MD5 checksum:  4603054 b05d0400b14e006284b383364dcdb609

  Little endian MIPS architecture:
      Size/MD5 checksum:    75536 342424bab48f7baa4a28dd033ade7a89
      Size/MD5 checksum:    59504 aa940915c0a195a5fa6bc7dcdcddd796
      Size/MD5 checksum:  4559858 1c2999179723139ef15ce8fac0094ab3

  PowerPC architecture:
      Size/MD5 checksum:    74908 827173cc664bccc030eb1e8607f2e5de
      Size/MD5 checksum:    63436 b53beaa55824df5c86230ee76a58f46a
      Size/MD5 checksum:  4382190 19f6451563e03f4847cf7b548b822273

  IBM S/390 architecture:
      Size/MD5 checksum:    71830 7f4ab010974b161ebb3e43e4fa946571
      Size/MD5 checksum:    63692 21ba0cfb5d848ee8db9a84c0d1d90cbc
      Size/MD5 checksum:  4269382 8d527032ff17054e05f2030e76e0d20f

  Sun Sparc architecture:
      Size/MD5 checksum:    70016 db4e0ff13dc82882a8af0ab231439d80
      Size/MD5 checksum:    61066 715b8af76681d9d491f538011b75fa26
      Size/MD5 checksum:  4157218 e2f76ec4340abd8f99aa44c941a87dea

  These files will probably be moved into the oldstable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.6 (GNU/Linux)


Powered by blists - more mailing lists