LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New libextractor packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1349-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 5th, 2007                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libextractor
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2007-3387

It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

libextractor includes a copy of the xpdf code and required an update
as well.

For the oldstable distribution (sarge) this problem has been fixed in
version 0.4.2-2sarge6.

The stable distribution (etch) isn't affected by this problem.

The unstable distribution (sid) isn't affected by this problem.

We recommend that you upgrade your libextractor packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.dsc
      Size/MD5 checksum:      778 fbcbd62c772674dc96a26373e5aa6e01
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.diff.gz
      Size/MD5 checksum:     9063 bb026f68189fd93686e5fd94b6cda88e
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
      Size/MD5 checksum:  5887095 d99e1b13a017d39700e376a0edbf7ba2

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_alpha.deb
      Size/MD5 checksum:    19690 01b435b2688d03f3459c79526954925c
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_alpha.deb
      Size/MD5 checksum:  5810714 dd23f39e0b388296b1fc271739712ebe
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_alpha.deb
      Size/MD5 checksum:    19484 7f05a34e53fd43830028912e14d2328f

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_amd64.deb
      Size/MD5 checksum:    18346 b0630efe8af750547c51f18e2b37e56c
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_amd64.deb
      Size/MD5 checksum:  5641608 6cc4c3570ed2c3319944d2dadeb32df2
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_amd64.deb
      Size/MD5 checksum:    17618 b03292795065cdd0c9444343f216a058

  ARM architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_arm.deb
      Size/MD5 checksum:    17726 b7d8e767fdec15d9f1dd42a4d287d093
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_arm.deb
      Size/MD5 checksum:  5710926 010de9d5ca245ecde20850f2077ec525
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_arm.deb
      Size/MD5 checksum:    17034 70da5564ca690372c8ff2f920e3145e7

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_i386.deb
      Size/MD5 checksum:    17870 34c81aebd99358f6a6668e6a6e766dcf
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_i386.deb
      Size/MD5 checksum:  5713546 59647b99f778803ae7dd04b8a3ef4f69
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_i386.deb
      Size/MD5 checksum:    16796 f6a61702be519be0de6ba5254a8d2bc1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_ia64.deb
      Size/MD5 checksum:    20664 abbab8aca9823e749ce8f56ba180605a
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_ia64.deb
      Size/MD5 checksum:  5905678 6c4fae9ee6f98f8a2b04dfc8bb1e6c77
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_ia64.deb
      Size/MD5 checksum:    19402 7217989cd00aa203703636a12b73ef1c

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_m68k.deb
      Size/MD5 checksum:    17432 ad4ed814052b2b16a980916e8c26b4d5
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_m68k.deb
      Size/MD5 checksum:  5708490 4456e64e983995cdaada1b8003b87de9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_m68k.deb
      Size/MD5 checksum:    16664 8d0a17ffea00ef3a8dd84ad1ef751382

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mips.deb
      Size/MD5 checksum:    18672 ca896e1b783faaa7fd4f0b16bd5b679f
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mips.deb
      Size/MD5 checksum:  5729468 b4369a7e90e9378aaf16c22e6ee8ba23
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mips.deb
      Size/MD5 checksum:    17960 adf6c5dadd298f2cbfb129b329cbd396

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mipsel.deb
      Size/MD5 checksum:    18720 24b4c8c7394ca7600b5d56ff6756ced0
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mipsel.deb
      Size/MD5 checksum:  5727182 0d3c4b40711cd5ff424d9c3509abc959
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mipsel.deb
      Size/MD5 checksum:    17990 2bfd506c4227ba2b51128ed229d05737

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_powerpc.deb
      Size/MD5 checksum:    19840 965842771a493480a596d23219240384
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_powerpc.deb
      Size/MD5 checksum:  5678172 d9b4e7d752db6ca53ce6adddd1c8963b
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_powerpc.deb
      Size/MD5 checksum:    17802 9d4275a87460db16bf31e112f8a7be72

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_s390.deb
      Size/MD5 checksum:    18220 218a8b4f648ee49543981dd7a418a86b
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_s390.deb
      Size/MD5 checksum:  5768298 367428e42de8d1af622d02d64f4fb027
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_s390.deb
      Size/MD5 checksum:    18166 98cb43003a7a95dbfd121cf615f73bc8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_sparc.deb
      Size/MD5 checksum:    17728 f9220d2e7654b273448c0880374f59d4
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_sparc.deb
      Size/MD5 checksum:  5752498 5c5bcdf9c749506310e95137ae80550c
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_sparc.deb
      Size/MD5 checksum:    16938 b90780181aeb323dbcc4dfa11db7bcd0


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
'Snowden effect' has changed cloud data security assumption, survey claims
Galaxy S5 fingerprint scanner hacked with glue mould
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.