lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041223081457.GA28054@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-48-1] xpdf, tetex-bin vulnerabilities

===========================================================
Ubuntu Security Notice USN-48-1		  December 23, 2004
xpdf, tetex-bin vulnerabilities
CAN-2004-1125
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

tetex-bin
xpdf-reader
xpdf-utils

The problem can be corrected by upgrading the affected package to
version 2.0.2-21ubuntu0.3 (tetex-bin) and 3.00-8ubuntu1.3 (xpdf-reader
and xpdf-utils). In general, a standard system upgrade is sufficient
to effect the necessary changes.

Details follow:

A potential buffer overflow has been found in the xpdf viewer. An
insufficient input validation could be exploited by an attacker
providing a specially crafted PDF file which, when processed by xpdf,
could result in abnormal program termination or the execution of
attacker supplied program code with the user's privileges.

The tetex-bin package contains the affected xpdf code to generate PDF
output and process included PDF files, thus is vulnerable as well.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3.diff.gz
      Size/MD5:   111516 91d5121871fbc40325c64f71c52d2368
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3.dsc
      Size/MD5:     1062 96188950b927b1f8a1abaa020d8b2b46
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.3.diff.gz
      Size/MD5:    47708 301d787a7c85511fdc23fca240a8e424
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.3.dsc
      Size/MD5:      788 f7410eb3d47f5d0fba5e1e480018fe91
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5:   534697 95294cef3031dd68e65f331e8750b2c2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.3_all.deb
      Size/MD5:    56312 1aa9d38c4a2dbd3b552762c013e91b89
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.3_all.deb
      Size/MD5:     1272 2ea4f0c32b5c1e521753d69c1c886d43

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.3_amd64.deb
      Size/MD5:    72758 29c480c72ca84511db3ed6e880874ce9
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.3_amd64.deb
      Size/MD5:    60046 3dcd0a9401e21f776a42987acc0dab43
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3_amd64.deb
      Size/MD5:  4327878 afed2656b07dfea49662560a58c8f454
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.3_amd64.deb
      Size/MD5:   666706 df21bfd2fedc4b4cf3a05bace8304bca
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.3_amd64.deb
      Size/MD5:  1270646 976e998a96fc010123d1650a3bd8dd28

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.3_i386.deb
      Size/MD5:    64826 41c1d3ab86254e405449381262d43e4e
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.3_i386.deb
      Size/MD5:    56442 8ae2437dbfa2a308ffbc59d946866714
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3_i386.deb
      Size/MD5:  3812642 eff8ee40905d78b281f18f64d173ea4f
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.3_i386.deb
      Size/MD5:   631658 d33df980b98ad9a97e78204ae4d9bbba
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.3_i386.deb
      Size/MD5:  1193090 24d5f6d5e263b4b5dfcc0ae1b4e91b89

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.3_powerpc.deb
      Size/MD5:    74900 87ff745622df30898482b18c0fd5c263
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.3_powerpc.deb
      Size/MD5:    61378 8930202da97da548026bfb4c7014fa56
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3_powerpc.deb
      Size/MD5:  4350626 4917e0611f4265352ce197cb59932fe0
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.3_powerpc.deb
      Size/MD5:   692858 f6a3f6c7a201455b526529f57b95ed1b
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.3_powerpc.deb
      Size/MD5:  1310934 b63924810ff3f14934bc6ca48f8a1a0f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041223/bc05dc9b/attachment.bin

Powered by blists - more mailing lists