From martin.pitt@canonical.com Thu Dec 23 16:53:45 2004 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com Date: Thu, 23 Dec 2004 09:14:57 +0100 Subject: [USN-48-1] xpdf, tetex-bin vulnerabilities =========================================================== Ubuntu Security Notice USN-48-1 December 23, 2004 xpdf, tetex-bin vulnerabilities CAN-2004-1125 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: tetex-bin xpdf-reader xpdf-utils The problem can be corrected by upgrading the affected package to version 2.0.2-21ubuntu0.3 (tetex-bin) and 3.00-8ubuntu1.3 (xpdf-reader and xpdf-utils). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A potential buffer overflow has been found in the xpdf viewer. An insufficient input validation could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user's privileges. The tetex-bin package contains the affected xpdf code to generate PDF output and process included PDF files, thus is vulnerable as well. Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3.diff.gz Size/MD5: 111516 91d5121871fbc40325c64f71c52d2368 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3.dsc Size/MD5: 1062 96188950b927b1f8a1abaa020d8b2b46 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.3.diff.gz Size/MD5: 47708 301d787a7c85511fdc23fca240a8e424 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.3.dsc Size/MD5: 788 f7410eb3d47f5d0fba5e1e480018fe91 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.3_all.deb Size/MD5: 56312 1aa9d38c4a2dbd3b552762c013e91b89 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.3_all.deb Size/MD5: 1272 2ea4f0c32b5c1e521753d69c1c886d43 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.3_amd64.deb Size/MD5: 72758 29c480c72ca84511db3ed6e880874ce9 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.3_amd64.deb Size/MD5: 60046 3dcd0a9401e21f776a42987acc0dab43 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3_amd64.deb Size/MD5: 4327878 afed2656b07dfea49662560a58c8f454 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.3_amd64.deb Size/MD5: 666706 df21bfd2fedc4b4cf3a05bace8304bca http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.3_amd64.deb Size/MD5: 1270646 976e998a96fc010123d1650a3bd8dd28 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.3_i386.deb Size/MD5: 64826 41c1d3ab86254e405449381262d43e4e http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.3_i386.deb Size/MD5: 56442 8ae2437dbfa2a308ffbc59d946866714 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3_i386.deb Size/MD5: 3812642 eff8ee40905d78b281f18f64d173ea4f http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.3_i386.deb Size/MD5: 631658 d33df980b98ad9a97e78204ae4d9bbba http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.3_i386.deb Size/MD5: 1193090 24d5f6d5e263b4b5dfcc0ae1b4e91b89 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.3_powerpc.deb Size/MD5: 74900 87ff745622df30898482b18c0fd5c263 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.3_powerpc.deb Size/MD5: 61378 8930202da97da548026bfb4c7014fa56 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.3_powerpc.deb Size/MD5: 4350626 4917e0611f4265352ce197cb59932fe0 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.3_powerpc.deb Size/MD5: 692858 f6a3f6c7a201455b526529f57b95ed1b http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.3_powerpc.deb Size/MD5: 1310934 b63924810ff3f14934bc6ca48f8a1a0f [ Part 2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ]