LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New xpdf packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1347-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 4th, 2007                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xpdf
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2007-3387

It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

For the oldstable distribution (sarge) this problem has been fixed in
version 3.00-13.7.

For the stable distribution (etch) this problem has been fixed in
version 3.01-9etch1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your xpdf packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.dsc
      Size/MD5 checksum:      781 0e263d3ecbd956af7d756e6b10b450b9
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.diff.gz
      Size/MD5 checksum:    51994 73102654c2dc695ba52153332cf6355e
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5 checksum:   534697 95294cef3031dd68e65f331e8750b2c2

  Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.7_all.deb
      Size/MD5 checksum:    56612 3844dc954e1b076cedb1df334f1d9fee
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7_all.deb
      Size/MD5 checksum:     1276 894fe92a845e0e211e0217c590bd59b8

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_alpha.deb
      Size/MD5 checksum:   803682 da21c5c482000a03a782310682a17c61
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_alpha.deb
      Size/MD5 checksum:  1528526 634bc43be530058b8df65cb8477add20

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_amd64.deb
      Size/MD5 checksum:   668656 7c5d4d69e1415bedc58ee5fea3c0ba4e
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_amd64.deb
      Size/MD5 checksum:  1275056 5b449abdea091655726bf3263d06c24b

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_arm.deb
      Size/MD5 checksum:   675168 4c806b183382516f9b228fcb534a5fc2
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_arm.deb
      Size/MD5 checksum:  1280198 eccbbcb5fb6688685e6274d393d06c58

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb
      Size/MD5 checksum:   833234 53a85c49c0d0ed760da1ac5bd256cc1c
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_hppa.deb
      Size/MD5 checksum:  1581132 b830198ef741369f777e4a231c2b2352

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_i386.deb
      Size/MD5 checksum:   657156 69e930d035bf8e338da085162061f8f2
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_i386.deb
      Size/MD5 checksum:  1242988 208188fd587d1bf6d76ce0b83b2d14d1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_ia64.deb
      Size/MD5 checksum:   951362 8a68c556f5cb892f22305d8be9906d63
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_ia64.deb
      Size/MD5 checksum:  1803002 4f339242fb23f7d564f6909db48d3b6e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_m68k.deb
      Size/MD5 checksum:   586488 de9ba73580d4c5ae1d9587dee185c5f2
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_m68k.deb
      Size/MD5 checksum:  1117854 4c573f4e9433eeb2b07659c78dd34e8e

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mips.deb
      Size/MD5 checksum:   808354 53efd66f685a4dbfc81548373c4c7b14
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mips.deb
      Size/MD5 checksum:  1525936 f102ccb14e87431e7920f0856b46f896

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mipsel.deb
      Size/MD5 checksum:   798650 d5f16d74b898d95480b3a7411328340f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mipsel.deb
      Size/MD5 checksum:  1504484 63e65bbdd21f3290f5ff7fe8f2605489

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_powerpc.deb
      Size/MD5 checksum:   694722 08e6ef661dd969b992ed8e524860c6d0
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_powerpc.deb
      Size/MD5 checksum:  1313852 cc4faa2d9a6f34e0f2617150d0ed4983

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_s390.deb
      Size/MD5 checksum:   631070 af2bcecc6f6020ba4716446dc72b627b
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_s390.deb
      Size/MD5 checksum:  1199558 ce19e172165131f98d8b436849ba1c08

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_sparc.deb
      Size/MD5 checksum:   626964 eda25a6a10d0e69f51d686ea23a99480
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_sparc.deb
      Size/MD5 checksum:  1182548 6560c5dd893ce3fca7f0c86b022a818e


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.dsc
      Size/MD5 checksum:      968 d8dc0eef65699dd4ba038a096d2a81e4
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.diff.gz
      Size/MD5 checksum:    34901 b432feb9ba16a593df406baba307df1b
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz
      Size/MD5 checksum:   599778 e004c69c7dddef165d768b1362b44268

  Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9etch1_all.deb
      Size/MD5 checksum:    61024 7c0fd8bfc7fc90bc5c17464700edb42f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1_all.deb
      Size/MD5 checksum:     1278 7e5c71c975f30e46a6cb50d3bbff5adc

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_alpha.deb
      Size/MD5 checksum:   905816 03bf81436242b6a3b9aaf3f0b2bb3164
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_alpha.deb
      Size/MD5 checksum:  1651508 3432db911ace408ae0f7dad55eac0f2b

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_amd64.deb
      Size/MD5 checksum:   794428 e24ed84c50324d45177ae0235db5a313
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_amd64.deb
      Size/MD5 checksum:  1455166 590fc7c28c6c70cacc043fd64473c4ef

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_arm.deb
      Size/MD5 checksum:   787430 7eb238efc796199d130b295c62092cd0
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_arm.deb
      Size/MD5 checksum:  1429968 e238b03168bfede6bf830a304ff50620

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_i386.deb
      Size/MD5 checksum:   781640 c9d20758cf278db78638def045a863c5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_i386.deb
      Size/MD5 checksum:  1423878 68bd5716e0f169d5086b2fd00e7d8f4a

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_ia64.deb
      Size/MD5 checksum:  1195858 cbbdd5d6d0414169145dbdf3fea12707
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_ia64.deb
      Size/MD5 checksum:  2165458 21e2ed7de71da57d66751757ef53342d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mips.deb
      Size/MD5 checksum:   944050 8c6990ce24678d320e2e867f4878a730
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mips.deb
      Size/MD5 checksum:  1707498 be641af6c68aa385ac279915239749fc

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mipsel.deb
      Size/MD5 checksum:   931700 41a0d5de1726aab65964ed65de106fa8
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mipsel.deb
      Size/MD5 checksum:  1686070 9ed4f7c4d3f0a1a0a2606a76022c9bea

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_powerpc.deb
      Size/MD5 checksum:   833600 8f1e3926bb539d37386a9e614c5a8dda
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_powerpc.deb
      Size/MD5 checksum:  1520882 6000cb9a1adadcd8b150bb642fe1040f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_s390.deb
      Size/MD5 checksum:   752384 9e58b3a148b490a0869a1b2ea6450157
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_s390.deb
      Size/MD5 checksum:  1363574 315e1ce79f6f2b8a7765cc453925bfc0

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_sparc.deb
      Size/MD5 checksum:   750250 e6d86666b4b9b2050ed1a144411f613f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_sparc.deb
      Size/MD5 checksum:  1363236 a7ccb1bdcb2880c6e72387250e0f4c59


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Anti-surveillance advocates want you to run an open, secure WiFi router
Attackers raid SWISS BANKS with DNS and malware bombs
A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying
Black Hat presentation on TOR suddenly cancelled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.