LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New gpdf packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that an integer overflow in xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1354-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 13th, 2007                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gpdf
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2007-3387

It was discovered that an integer overflow in xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

gpdf includes a copy of the xpdf code and requires an update as well.

For the oldstable distribution (sarge) this problem has been fixed in
version 2.8.2-1.2sarge6.

The stable distribution (etch) no longer contains gpdf.

The unstable distribution (sid) no longer contains gpdf.

We recommend that you upgrade your gpdf packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6.dsc
      Size/MD5 checksum:     1663 508dfe3e8af751e8ce4f9b0e5ab59889
    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6.diff.gz
      Size/MD5 checksum:    38814 708461f883679a3faacb5c3ea576b70c
    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
      Size/MD5 checksum:  1245535 5ceb66aa95e51c4e1d6e10cb29560ff9

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_alpha.deb
      Size/MD5 checksum:   871844 17eff64fe6e84fd163d5572410840e47

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_amd64.deb
      Size/MD5 checksum:   795866 cee6613e8cc8fe7feffbea3090b3b2b4

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_arm.deb
      Size/MD5 checksum:   781972 efb47c5c872b054b5155fbbe8fe14657

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_hppa.deb
      Size/MD5 checksum:   859960 52fc5ab1c1c7b0a337093196d08076af

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_i386.deb
      Size/MD5 checksum:   782330 2bf9259f3e7dad3ff6cb4b7d01a11a80

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_ia64.deb
      Size/MD5 checksum:   958676 1c86665357e64afe5a7d61a75ff34cfc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_m68k.deb
      Size/MD5 checksum:   746228 e192344892e794ceb6ba095edf51c04b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_mips.deb
      Size/MD5 checksum:   818722 5f67cb402dbf493ccf3ad1ad3dd135d3

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_mipsel.deb
      Size/MD5 checksum:   811276 ae28c520096cd3ef94988f5ce0177693

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_powerpc.deb
      Size/MD5 checksum:   799928 feac7c0451a8e391a05ec67e45263376

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_s390.deb
      Size/MD5 checksum:   776318 e8109413c0351d45e76099cb6061e33f

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_sparc.deb
      Size/MD5 checksum:   764034 b473d9e4d5e4693eda7cbe3e93a6f7f0


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.