lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LywMG-0003U9-QL@titan.mandriva.com>
Date: Wed, 29 Apr 2009 01:05:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:101 ] xpdf


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:101
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : xpdf
 Date    : April 28, 2009
 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple buffer overflows in the JBIG2 decoder allows remote
 attackers to cause a denial of service (crash) via a crafted PDF file
 (CVE-2009-0146).
 
 Multiple integer overflows in the JBIG2 decoder allows remote
 attackers to cause a denial of service (crash) via a crafted PDF file
 (CVE-2009-0147).
 
 An integer overflow in the JBIG2 decoder has unspecified
 impact. (CVE-2009-0165).
 
 A free of uninitialized memory flaw in the the JBIG2 decoder allows
 remote to cause a denial of service (crash) via a crafted PDF file
 (CVE-2009-0166).
 
 Multiple input validation flaws in the JBIG2 decoder allows
 remote attackers to execute arbitrary code via a crafted PDF file
 (CVE-2009-0800).
 
 An out-of-bounds read flaw in the JBIG2 decoder allows remote
 attackers to cause a denial of service (crash) via a crafted PDF file
 (CVE-2009-0799).
 
 An integer overflow in the JBIG2 decoder allows remote attackers to
 execute arbitrary code via a crafted PDF file (CVE-2009-1179).
 
 A free of invalid data flaw in the JBIG2 decoder allows remote
 attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).
 
 A NULL pointer dereference flaw in the JBIG2 decoder allows remote
 attackers to cause denial of service (crash) via a crafted PDF file
 (CVE-2009-1181).
 
 Multiple buffer overflows in the JBIG2 MMR decoder allows remote
 attackers to cause denial of service or to execute arbitrary code
 via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).
 
 This update provides fixes for that vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 ca5d4aa0fd4d773a0c07152230125a17  2008.0/i586/xpdf-3.02-8.2mdv2008.0.i586.rpm
 c559996e39714143bf05932da647f366  2008.0/i586/xpdf-common-3.02-8.2mdv2008.0.i586.rpm
 faf1b71ba57c4dc04e13967efe905022  2008.0/i586/xpdf-tools-3.02-8.2mdv2008.0.i586.rpm 
 e7a41f655996dc3fe042792834c98f53  2008.0/SRPMS/xpdf-3.02-8.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 c5679f6c06322aa5771721eff8b04f52  2008.0/x86_64/xpdf-3.02-8.2mdv2008.0.x86_64.rpm
 268fe7bc2cab7dc799958b8cbb1d0cf1  2008.0/x86_64/xpdf-common-3.02-8.2mdv2008.0.x86_64.rpm
 4fc6ea9b648664b86034e7a705a5d4ad  2008.0/x86_64/xpdf-tools-3.02-8.2mdv2008.0.x86_64.rpm 
 e7a41f655996dc3fe042792834c98f53  2008.0/SRPMS/xpdf-3.02-8.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 44669f3080692ccd8a36f2c6ceccef94  2008.1/i586/xpdf-3.02-10.1mdv2008.1.i586.rpm
 3df82267b407e35f8cce33902fd25282  2008.1/i586/xpdf-common-3.02-10.1mdv2008.1.i586.rpm 
 3ef4252f9c88a7ec76b5d2289cd47586  2008.1/SRPMS/xpdf-3.02-10.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 513359e39e158cb9a0897dfdc636d7ff  2008.1/x86_64/xpdf-3.02-10.1mdv2008.1.x86_64.rpm
 07116c6ca3f91cff7db289a3b2454b53  2008.1/x86_64/xpdf-common-3.02-10.1mdv2008.1.x86_64.rpm 
 3ef4252f9c88a7ec76b5d2289cd47586  2008.1/SRPMS/xpdf-3.02-10.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 b4f7a0c5a77a5e4c976d3c5d4962260d  2009.0/i586/xpdf-3.02-12.1mdv2009.0.i586.rpm
 c2539bdb62cfd965b4833498c01e1476  2009.0/i586/xpdf-common-3.02-12.1mdv2009.0.i586.rpm 
 e98cd0e2ddaf8e38545517ca3c5a52c9  2009.0/SRPMS/xpdf-3.02-12.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 a8f3f47b0f7abab2e14278ef3a9ab949  2009.0/x86_64/xpdf-3.02-12.1mdv2009.0.x86_64.rpm
 e8149bd894a353b26a6d649a1b2c4f80  2009.0/x86_64/xpdf-common-3.02-12.1mdv2009.0.x86_64.rpm 
 e98cd0e2ddaf8e38545517ca3c5a52c9  2009.0/SRPMS/xpdf-3.02-12.1mdv2009.0.src.rpm

 Corporate 3.0:
 e5c3d7b817a68494e9196f03912c1cbf  corporate/3.0/i586/xpdf-3.02-0.2.C30mdk.i586.rpm
 3b59d02393cdf7faf7ad6defa6fd1c1d  corporate/3.0/i586/xpdf-tools-3.02-0.2.C30mdk.i586.rpm 
 cee0a0b2af176cb5d57118f24ff709ef  corporate/3.0/SRPMS/xpdf-3.02-0.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 16d8f445db66382e04f9069f0d1ea0b7  corporate/3.0/x86_64/xpdf-3.02-0.2.C30mdk.x86_64.rpm
 e1b540672b1294126341ea59d4a7cc61  corporate/3.0/x86_64/xpdf-tools-3.02-0.2.C30mdk.x86_64.rpm 
 cee0a0b2af176cb5d57118f24ff709ef  corporate/3.0/SRPMS/xpdf-3.02-0.2.C30mdk.src.rpm

 Corporate 4.0:
 6427d710feee38e81cfc6f8ea83d33f4  corporate/4.0/i586/xpdf-3.02-0.2.20060mlcs4.i586.rpm
 b72effda26fc1ce0efc67a89bdec2b8d  corporate/4.0/i586/xpdf-tools-3.02-0.2.20060mlcs4.i586.rpm 
 0dc34a5646041ead38fa548b6d077e30  corporate/4.0/SRPMS/xpdf-3.02-0.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 15790cc89933284c5bf608073b30e9c0  corporate/4.0/x86_64/xpdf-3.02-0.2.20060mlcs4.x86_64.rpm
 e80e0468222a1d7c9514ffa17e827f7f  corporate/4.0/x86_64/xpdf-tools-3.02-0.2.20060mlcs4.x86_64.rpm 
 0dc34a5646041ead38fa548b6d077e30  corporate/4.0/SRPMS/xpdf-3.02-0.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ9121mqjQ0CJFipgRAqovAKCMSsii64fdThApUudcr4IbnxnGJACgt9Vh
qgdM9ItadgxrhLua6l9zDP4=
=HcEM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ