Debian: New tetex-bin packages fix arbitrary code execution

- --------------------------------------------------------------------------Debian Security Advisory DSA 937-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 12th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : tetex-bin
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625
                 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
CERT advisory  : 
BugTraq ID     : 
Debian Bug     : 342292

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in tetex-bin, the binary files of teTeX, and which can
lead to a denial of service by crashing the application or possibly to
the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 1.0.7+20011202-7.7.

For the stable distribution (sarge) these problems have been fixed in
version 2.0.2-30sarge4.

For the unstable distribution (sid) these problems have been fixed in
version 0.4.3-2 of poppler against which tetex-bin links.

We recommend that you upgrade your tetex-bin package.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------  Source archives:

          Size/MD5 checksum:      874 4fe4cb1a4bb2d39afc7f92948bafe6af
          Size/MD5 checksum: 10328904 be3ba73c70f6c50637069868c56a7d9e

  Alpha architecture:

          Size/MD5 checksum:    84666 14987fa20077b5ce0a10f64d0df7e25f
          Size/MD5 checksum:    53260 7736b2f52cbdd476e8d4b8339b5d8b72
          Size/MD5 checksum:  4569310 e5063538a36c4fd7aa514f2e8711aea0

  ARM architecture:

          Size/MD5 checksum:    65270 472d8a8a0f9823eab4b57a9a95515c01
          Size/MD5 checksum:    43782 d2dde880cf11acfdaa89d51dbc3735d5
          Size/MD5 checksum:  3704454 62ecd37b4548deed4aa633083eda9e3a

  Intel IA-32 architecture:

          Size/MD5 checksum:    62610 b019a923fe66e306fe5864373f35e24a
          Size/MD5 checksum:    40920 f42ec41bd53e2a99315aae7f3dd5657a
          Size/MD5 checksum:  3137616 24d0d5e485fd32f004aba99607d5b267

  Intel IA-64 architecture:

          Size/MD5 checksum:    89722 3ff4685d8757f3f34f69d1d3038b99ee
          Size/MD5 checksum:    63476 2d5255d1a7e38287f68692f0fe5dd171
          Size/MD5 checksum:  5599966 6cd21572aad64c291f728cfd8ddf5753

  HP Precision architecture:

          Size/MD5 checksum:    79344 6cd09b3241459a76bc333ec2cca26eb3
          Size/MD5 checksum:    49540 042b7d2e4889fbed4165d86e3841c396
          Size/MD5 checksum:  4107634 2253868a707890f55508be0a8d2b5084

  Motorola 680x0 architecture:

          Size/MD5 checksum:    61938 328fa7a34388dbdd0bf3d77199f46e83
          Size/MD5 checksum:    41538 6e3a03abbf8382b2aaed4abc95115e34
          Size/MD5 checksum:  2923636 fcd6d90ba74b613de76fd32834c2f250

  Big endian MIPS architecture:

          Size/MD5 checksum:    75074 410d60865596a9e67e0dc721b703610e
          Size/MD5 checksum:    42556 9a09bb7af1668ce16cee128f67d2da50
          Size/MD5 checksum:  3941504 a6f1b0d37fc2f6dcbfd9d6c245551cf1

  Little endian MIPS architecture:

          Size/MD5 checksum:    74864 db91b18d0295fd07a1771f0fdc910730
          Size/MD5 checksum:    42760 293b2e9ea53c8664208b4eaa5d7d038b
          Size/MD5 checksum:  3899710 d160c22beba8a431496557b59218ebee

  PowerPC architecture:

          Size/MD5 checksum:    73944 edc0023d5a5f6c7810e5e39518e9075c
          Size/MD5 checksum:    45460 1fa491c88047f14874e162129943a0f2
          Size/MD5 checksum:  3588892 ec0621101b8f88a8e6886611f476a23b

  IBM S/390 architecture:

          Size/MD5 checksum:    64262 f8383550467d7d3f0dddb35694b4b453
          Size/MD5 checksum:    43938 dc3005de68ffb1f120af9b98a4138ad7
          Size/MD5 checksum:  3441798 30d05314a39832a47b3b91f900e78d10

  Sun Sparc architecture:

          Size/MD5 checksum:    70704 dc6dd4572fe8dc8d79d645190dd5b9e8
          Size/MD5 checksum:    48910 cfe4a6905dbd392494d200a64240604d
          Size/MD5 checksum:  3599016 000aa70472574b64334c612e8dc6f79b


Debian GNU/Linux 3.1 alias sarge
- --------------------------------  Source archives:

          Size/MD5 checksum:     1004 983ccc6f8176a0beedda5df8a06e3537
          Size/MD5 checksum:   154375 3d72a9201f38d2dde021df25b6e1649c
          Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63

  Alpha architecture:

          Size/MD5 checksum:    89842 6de1e46a20510337254c069cec4d8590
          Size/MD5 checksum:    65424 ceb0f7a0bba00d19b0e787d465ccfe2d
          Size/MD5 checksum:  5135466 f1ee07be1b52761c5c421252e69b5fec

  AMD64 architecture:

          Size/MD5 checksum:    72772 c7912ef834249631873ca38061306b32
          Size/MD5 checksum:    61922 7601e110af324ee3cb90aec31c1a2c4b
          Size/MD5 checksum:  4356908 4fd1dd53475b92b7d3ded8bc23a84d23

  ARM architecture:

          Size/MD5 checksum:    67808 ee9b99d5159d1651f6a29768b4cf0854
          Size/MD5 checksum:    58142 48e671e8b106b363d8761b3d20acc5ec
          Size/MD5 checksum:  4300642 c8049249d1904b75c38081129bc5467e

  Intel IA-32 architecture:

          Size/MD5 checksum:    66218 d349881df541b5f7383e5a5390ac238a
          Size/MD5 checksum:    59176 81412a2ee64924929205b718813970bb
          Size/MD5 checksum:  3939522 fe9e13180506bb76b073be1e289d214e

  Intel IA-64 architecture:

          Size/MD5 checksum:    89822 abc527d1eccb607d0731be6200352e75
          Size/MD5 checksum:    73492 b7ba1d9e84583256f33a1c5abe76162e
          Size/MD5 checksum:  5909228 984e273287f9d5dbee2e8310ab43ae69

  HP Precision architecture:

          Size/MD5 checksum:    78310 0e86d99930bf65fdc9c3479089a6a20b
          Size/MD5 checksum:    66644 21cab5ff1f28857f08b1771de7c3f461
          Size/MD5 checksum:  4612710 fdab445f3c33ae90180d3c834044fc40

  Motorola 680x0 architecture:

          Size/MD5 checksum:    63502 78c53919dcfe97aedbc80b1fc887e204
          Size/MD5 checksum:    58736 69a55de426d9e122adc441b26c9bb062
          Size/MD5 checksum:  3600916 b05f9a5118f7028e5c437c5749bfe79f

  Big endian MIPS architecture:

          Size/MD5 checksum:    75558 6449710e39b1ebad2c982bcad599e7f0
          Size/MD5 checksum:    59190 d1fa5b3b77fd4a24d1bc65fb5bce6a90
          Size/MD5 checksum:  4602728 8454c9ddb3922c981e8d5cc5bf59ad1e

  Little endian MIPS architecture:

          Size/MD5 checksum:    75546 7bbac980fa4a95d71ebd4de2fe2b2b5b
          Size/MD5 checksum:    59430 ea2fd76fbc73cad63efef3b939c89aa1
          Size/MD5 checksum:  4559108 fc52f040b130e7954230cffdd91d1145

  PowerPC architecture:

          Size/MD5 checksum:    74904 8a3d0d1292f0978eab3b39d6f96a97e9
          Size/MD5 checksum:    63372 09c6961bbf8e5280ab1f618dd443106c
          Size/MD5 checksum:  4382198 62e8dec6600f7fdcee4e11bc29258766

  IBM S/390 architecture:

          Size/MD5 checksum:    71844 48a4bded5ebdb5719f5b72fc0bb4ea60
          Size/MD5 checksum:    63614 9fdebe54556dba9bb6fd3cdd5bab2034
          Size/MD5 checksum:  4269024 36f0cf0d6f8f73f569af231b7b47c53e

  Sun Sparc architecture:

          Size/MD5 checksum:    70022 7cfdf14b376e0249ae24bb77fb1ae73a
          Size/MD5 checksum:    60990 f25104fe0c734c162f75876bdaf797aa
          Size/MD5 checksum:  4156948 a5ae0e1018b2ddc41de89accf9aa10d6


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Debian: New tetex-bin packages fix arbitrary code execution

Summary

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
