Debian: New xpdf packages fix arbitrary code execution
Summary
- --------------------------------------------------------------------------Debian Security Advisory DSA 931-1 security@debian.org http://www.debian.org/security/ Martin Schulze January 9th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : xpdf Vulnerability : buffer overflows Problem type : remote Debian-specific: no CVE IDs : CAN-2005-3191 CAN-2005-3192 CAN-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 Debian Bug : 342281 "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. For the old stable distribution (woody) these problems have been fixed in version 1.00-3.8. For the stable distribution (sarge) these problems have been fixed in version 3.00-13.4. For the unstable distribution (sid) these problems have been fixed in version 3.01-4. We recommend that you upgrade your xpdf package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 706 f8091cb4e0b0c7baa8ccc4ee75a50699 Size/MD5 checksum: 11832 ab0665a0fa767785037ceff313cbc1b3 Size/MD5 checksum: 397750 81f3c381cef729e4b6f4ce21cf5bbf3c Architecture independent components: Size/MD5 checksum: 38826 43072ed4680dab2c7d68eec7b3f7c45a Size/MD5 checksum: 1286 7bd55048fc7aab6c9c35f65d472932da Alpha architecture: Size/MD5 checksum: 571434 7be66f32548c87a66c2353d976a99c36 Size/MD5 checksum: 1046964 c83387b2ce2c92faa2cbbc86f2d9a9a8 ARM architecture: Size/MD5 checksum: 487502 655007df84b968ec59de01638b77f0b8 Size/MD5 checksum: 887368 a2d7e4052bf2a5c4a495c4e45dedf89b Intel IA-32 architecture: Size/MD5 checksum: 449748 0ae0c17cc4624b254b2aeac09c995d6f Size/MD5 checksum: 828498 530637087a864c6def87e31283bdeceb Intel IA-64 architecture: Size/MD5 checksum: 683068 19ecb0905f8636e67bf7238c10f59ad5 Size/MD5 checksum: 1230046 ed52eb1ba803c65bed5b9b82ec551eef HP Precision architecture: Size/MD5 checksum: 564570 e375463f1a090ee04616a2a28d074792 Size/MD5 checksum: 1034076 c7baa8decb624ae001b8325c426c3e83 Motorola 680x0 architecture: Size/MD5 checksum: 427756 e516e992cf634de082e9261fec596417 Size/MD5 checksum: 795168 5315ec1734af63b31df537992fd575d7 Big endian MIPS architecture: Size/MD5 checksum: 555626 38b3797dc8685b374bfa4d5b8310e002 Size/MD5 checksum: 1017302 f1420c53961b3574c404e3dcee80e633 Little endian MIPS architecture: Size/MD5 checksum: 546712 be27f108ed722e04bee9473fb463a749 Size/MD5 checksum: 999554 d8983b16cb67d5b5da734e8a166079b1 PowerPC architecture: Size/MD5 checksum: 470466 c90999ac3ffef0f1ca9907ec0c52e8ca Size/MD5 checksum: 860678 1b79e9b04f6b86cee3365c27c99b8c8a IBM S/390 architecture: Size/MD5 checksum: 430408 09493b1bae3177137a922adbaee7af25 Size/MD5 checksum: 786644 98062cef2cfd5f78eba94f92f7ffc7ec Sun Sparc architecture: Size/MD5 checksum: 444146 9bb3e73108672a45c87eb172b30b645e Size/MD5 checksum: 810204 53735cf450d1ff09449dd4e744e31f4a Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 781 df2be00a261c47ed25cbf00bdcefcc32 Size/MD5 checksum: 50734 3018a9155bbcf704f47132bbefddd5b5 Size/MD5 checksum: 534697 95294cef3031dd68e65f331e8750b2c2 Architecture independent components: Size/MD5 checksum: 56504 333976022e4bd6b1a241844231f2db30 Size/MD5 checksum: 1284 1b077a992654b8df5727d844deb84e0c Alpha architecture: Size/MD5 checksum: 802112 93e96a4213f4966d8c0bb2c1e34b572d Size/MD5 checksum: 1528190 5db2e3cd7ab5f2865d5303163c3d08a7 AMD64 architecture: Size/MD5 checksum: 667754 df5e85b58bcb2f7b86837e7a79b745f9 Size/MD5 checksum: 1273734 5554c8f473a892cc8478f50bc1dd96dd ARM architecture: Size/MD5 checksum: 674458 b419a39cb5b1bbaefe52c51f163913d5 Size/MD5 checksum: 1279040 fe5af7d7209bb14e865404ea695a6df3 Intel IA-32 architecture: Size/MD5 checksum: 656804 e319b835c10f76ad7946b74da24ba1bf Size/MD5 checksum: 1242164 731e556748f3f84465bd6537462fde03 Intel IA-64 architecture: Size/MD5 checksum: 950974 fe4f3be5aa05772806309faaa3847db3 Size/MD5 checksum: 1801950 27c19b5813e7d2aa34aca9847c277b40 HP Precision architecture: Size/MD5 checksum: 832646 a2504b353573d384d443e923782775f1 Size/MD5 checksum: 1580478 72266677b36f9ec9ab2c2bcac1dfe7ac Motorola 680x0 architecture: Size/MD5 checksum: 585736 e1331547251b0d5eba96c68e6665abf2 Size/MD5 checksum: 1116746 46d969a98302c1b49b5e9a355047adfc Big endian MIPS architecture: Size/MD5 checksum: 807800 d1acd349bc0a932ea3467db9796919f5 Size/MD5 checksum: 1524848 685d65d2a07676b55fa3abd8505018a9 Little endian MIPS architecture: Size/MD5 checksum: 798090 18503fbab79be783005bed35d4cdb02d Size/MD5 checksum: 1503796 aaa4b1de4370d52cc2b3e595542f82c3 PowerPC architecture: Size/MD5 checksum: 694126 08e64354f30b1bd573092925b894c77f Size/MD5 checksum: 1313048 5f39d0ffe44186db884a7c1115704666 IBM S/390 architecture: Size/MD5 checksum: 630774 8b48412164ae96066c61399a5c7b3cd7 Size/MD5 checksum: 1198670 6b837427a05f0b19630197183c9c50f1 Sun Sparc architecture: Size/MD5 checksum: 626394 0bbb59b11b9d11f9129fbd475e3ab186 Size/MD5 checksum: 1181726 a523c04a7ae1c3b8fc24c29f46d3c589 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.