[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061207003018.GZ6550@outflux.net>
Date: Wed, 6 Dec 2006 16:30:18 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-390-3] evince-gtk vulnerability
===========================================================
Ubuntu Security Notice USN-390-3 December 06, 2006
evince-gtk vulnerability
CVE-2006-5864
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
evince-gtk 0.5.2-0ubuntu2.1
Ubuntu 6.10:
evince-gtk 0.5.2-0ubuntu4.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-390-2 fixed vulnerabilities in evince. This update provides the
corresponding update for evince-gtk.
Original advisory details:
A buffer overflow was discovered in the PostScript processor included
in evince. By tricking a user into opening a specially crafted PS
file, an attacker could crash evince or execute arbitrary code with
the user's privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1.diff.gz
Size/MD5: 22511 0cf118d6918268ba4f53c9b21c2e4abc
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1.dsc
Size/MD5: 893 6bd5d56c1d26042f0882ad1c8f35d8c4
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2.orig.tar.gz
Size/MD5: 1362513 5020afb1768d89c251ad8c2a233d9fcf
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1_amd64.deb
Size/MD5: 311524 9afc1a61adb192c0c115bcc8231008c1
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1_i386.deb
Size/MD5: 282212 15a8292c95bed93d2af5d4917172ca8c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1_powerpc.deb
Size/MD5: 299064 510f7b8c93b8a8a65f71cae17176cd59
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1_sparc.deb
Size/MD5: 287254 f75088c1015e44cf7ed2633340d0d24f
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1.diff.gz
Size/MD5: 22622 194a824da15c50fe472762f960f2b9fb
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1.dsc
Size/MD5: 893 24d9a86b4a012fd133ee37b538e9156c
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2.orig.tar.gz
Size/MD5: 1362513 5020afb1768d89c251ad8c2a233d9fcf
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1_amd64.deb
Size/MD5: 305732 af144ed0736a7ef77aba67ef9cbbeaae
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1_i386.deb
Size/MD5: 286362 21f58e429f79a605fa2bff0c36a7cbb6
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1_powerpc.deb
Size/MD5: 293918 c9e00c6154cddae33bd8c99afbace8fd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1_sparc.deb
Size/MD5: 282784 596cfcc780feac5016866a46375cbc42
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists