CVE-2005-3192
CVSS7.5
发布时间 :2005-12-07 20:03:00
修订时间 :2016-11-18 21:59:28
NMCPS    

[原文]Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.


[CNNVD]xpdf StreamPredictor堆溢出漏洞(CNNVD-200512-154)

        Xpdf是便携文档格式(PDF)文件的开放源码浏览器。
        多家厂商软件版本所捆绑的xpdf中存在堆溢出漏洞。Predictor流解析代码没有充分的验证输入。xpdf/Stream.cc的StreamPredictor::StreamPredictor函数从PDF文件中用户可控值读取numComps的值,然后在StreamPredictor函数中使用该值用于一系列的计算。攻击者可以使用特制的值强迫gmalloc调用分配最少的字节数,然后PDF文件的用户数据就可以覆盖所分配的内存位置,破坏堆内存。成功利用这个漏洞的攻击者可以导致拒绝服务或执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10914Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, a...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3192
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-154
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch
(PATCH)  CONFIRM  ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
(UNKNOWN)  SCO  SCOSA-2006.15
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
(UNKNOWN)  SCO  SCOSA-2006.20
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
(UNKNOWN)  SCO  SCOSA-2006.21
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
(UNKNOWN)  SGI  20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
(UNKNOWN)  SGI  20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
(UNKNOWN)  SGI  20060201-01-U
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
(UNKNOWN)  MISC  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
(UNKNOWN)  SUSE  SUSE-SA:2006:001
http://rhn.redhat.com/errata/RHSA-2005-868.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:868
http://scary.beasts.org/security/CESA-2005-003.txt
(UNKNOWN)  MISC  http://scary.beasts.org/security/CESA-2005-003.txt
http://securityreason.com/securityalert/235
(UNKNOWN)  SREASON  235
http://securityreason.com/securityalert/240
(UNKNOWN)  SREASON  240
http://securitytracker.com/id?1015309
(UNKNOWN)  SECTRACK  1015309
http://securitytracker.com/id?1015324
(UNKNOWN)  SECTRACK  1015324
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
(UNKNOWN)  SLACKWARE  SSA:2006-045-09
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
(UNKNOWN)  SLACKWARE  SSA:2006-045-04
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
(UNKNOWN)  SUNALERT  102972
http://www.debian.org/security/2005/dsa-931
(UNKNOWN)  DEBIAN  DSA-931
http://www.debian.org/security/2005/dsa-932
(UNKNOWN)  DEBIAN  DSA-932
http://www.debian.org/security/2006/dsa-936
(UNKNOWN)  DEBIAN  DSA-936
http://www.debian.org/security/2006/dsa-937
(UNKNOWN)  DEBIAN  DSA-937
http://www.debian.org/security/2006/dsa-950
(UNKNOWN)  DEBIAN  DSA-950
http://www.debian.org/security/2006/dsa-961
(UNKNOWN)  DEBIAN  DSA-961
http://www.debian.org/security/2006/dsa-962
(UNKNOWN)  DEBIAN  DSA-962
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
(UNKNOWN)  GENTOO  GLSA-200512-08
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
(UNKNOWN)  GENTOO  GLSA-200601-02
http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
(VENDOR_ADVISORY)  IDEFENSE  20051205 Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability
http://www.kde.org/info/security/advisory-20051207-1.txt
(UNKNOWN)  CONFIRM  http://www.kde.org/info/security/advisory-20051207-1.txt
http://www.kde.org/info/security/advisory-20051207-2.txt
(UNKNOWN)  CONFIRM  http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
(UNKNOWN)  MANDRIVA  MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
(UNKNOWN)  MANDRIVA  MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
(UNKNOWN)  MANDRIVA  MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
(UNKNOWN)  MANDRIVA  MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
(UNKNOWN)  MANDRIVA  MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
(UNKNOWN)  MANDRIVA  MDKSA-2006:011
http://www.novell.com/linux/security/advisories/2005_29_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:029
http://www.novell.com/linux/security/advisories/2006_02_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:002
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
(UNKNOWN)  FEDORA  FEDORA-2005-1126
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
(UNKNOWN)  FEDORA  FEDORA-2005-1127
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
(UNKNOWN)  FEDORA  FEDORA-2005-1141
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
(UNKNOWN)  FEDORA  FEDORA-2005-1142
http://www.redhat.com/support/errata/RHSA-2005-840.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:840
http://www.redhat.com/support/errata/RHSA-2005-867.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:867
http://www.redhat.com/support/errata/RHSA-2005-878.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:878
http://www.redhat.com/support/errata/RHSA-2006-0160.html
(UNKNOWN)  REDHAT  RHSA-2006:0160
http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded
(UNKNOWN)  BUGTRAQ  20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice
http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded
(UNKNOWN)  FEDORA  FLSA-2006:176751
http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:175404
http://www.securityfocus.com/bid/15725
(PATCH)  BID  15725
http://www.trustix.org/errata/2005/0072/
(UNKNOWN)  TRUSTIX  TSLSA-2005-0072
http://www.ubuntulinux.org/usn/usn-227-1
(UNKNOWN)  UBUNTU  USN-227-1
http://www.vupen.com/english/advisories/2005/2755
(UNKNOWN)  VUPEN  ADV-2005-2755
http://www.vupen.com/english/advisories/2005/2786
(UNKNOWN)  VUPEN  ADV-2005-2786
http://www.vupen.com/english/advisories/2005/2787
(UNKNOWN)  VUPEN  ADV-2005-2787
http://www.vupen.com/english/advisories/2005/2788
(UNKNOWN)  VUPEN  ADV-2005-2788
http://www.vupen.com/english/advisories/2005/2789
(UNKNOWN)  VUPEN  ADV-2005-2789
http://www.vupen.com/english/advisories/2005/2790
(UNKNOWN)  VUPEN  ADV-2005-2790
http://www.vupen.com/english/advisories/2005/2856
(UNKNOWN)  VUPEN  ADV-2005-2856
http://www.vupen.com/english/advisories/2007/2280
(UNKNOWN)  VUPEN  ADV-2007-2280
http://xforce.iss.net/xforce/xfdb/23442
(PATCH)  XF  xpdf-streampredictor-bo(23442)
https://issues.rpath.com/browse/RPL-1609
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-1609

- 漏洞信息

xpdf StreamPredictor堆溢出漏洞
高危 缓冲区溢出
2005-12-07 00:00:00 2007-02-20 00:00:00
远程  
        Xpdf是便携文档格式(PDF)文件的开放源码浏览器。
        多家厂商软件版本所捆绑的xpdf中存在堆溢出漏洞。Predictor流解析代码没有充分的验证输入。xpdf/Stream.cc的StreamPredictor::StreamPredictor函数从PDF文件中用户可控值读取numComps的值,然后在StreamPredictor函数中使用该值用于一系列的计算。攻击者可以使用特制的值强迫gmalloc调用分配最少的字节数,然后PDF文件的用户数据就可以覆盖所分配的内存位置,破坏堆内存。成功利用这个漏洞的攻击者可以导致拒绝服务或执行任意代码。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xpd...
        

- 漏洞信息 (F43532)

Debian Linux Security Advisory 962-1 (PacketStormID:F43532)
2006-02-02 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 962-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 962-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 1st, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : pdftohtml
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624
                 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf which are also present in pdftohtml, a utility that
translates PDF documents into HTML format, and which can lead to a
denial of service by crashing the application or possibly to the
execution of arbitrary code.

The old stable distribution (woody) does not contain pdftohtml packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.36-11sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your pdftohtml package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.dsc
      Size/MD5 checksum:      602 c7095f7045d69bcebca90ade3f62a9a4
    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.diff.gz
      Size/MD5 checksum:    11388 17672ff97722b502d4d5b3ab804401e3
    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36.orig.tar.gz
      Size/MD5 checksum:   300922 75ad095bb51e1f66c9f7691e6af12f44

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_alpha.deb
      Size/MD5 checksum:   313926 ec897e4a81702159e516e823317e8652

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_amd64.deb
      Size/MD5 checksum:   259576 de188540a99fb893584e2c9a2f1c0e41

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_arm.deb
      Size/MD5 checksum:   266372 93821a971df9623124f68216c541f307

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_i386.deb
      Size/MD5 checksum:   253790 45b7b46b375e72507ebdf83b609b9bd3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_ia64.deb
      Size/MD5 checksum:   374010 a64d9a344341b8ff8f88ceba02a2481e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_hppa.deb
      Size/MD5 checksum:   330128 4ccc9307617411979efbca1d594f463b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_m68k.deb
      Size/MD5 checksum:   234598 e14153061b6f573e619f9dbd76bfbda8

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mips.deb
      Size/MD5 checksum:   311310 067a76c99fd6f144f7c75613b37493c7

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mipsel.deb
      Size/MD5 checksum:   307086 9890b5cec47e5e8e8ae4a9442c326253

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_powerpc.deb
      Size/MD5 checksum:   269364 9f345aa5ef3480b3d4591eeb4071bfa7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_s390.deb
      Size/MD5 checksum:   242284 4eb6779646c115bfe6ca7e7baaaaaec8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_sparc.deb
      Size/MD5 checksum:   245330 7dbf6432f1cc0a2e6d9b42ffa80b588f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD4IYGW5ql+IAeqTIRAlbHAJ4hP7FrxciQRk5rYigkVctVpQzSJgCfSkh5
/K5U8eJ0jhDuf366S6/sitw=
=QZcd
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F43529)

Debian Linux Security Advisory 961-1 (PacketStormID:F43529)
2006-02-02 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 961-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 961-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 1st, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : pdfkit.framework
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624
                 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf which are also present in pdfkit.framework, the
GNUstep framework for rendering PDF content, and which can lead to a
denial of service by crashing the application or possibly to the
execution of arbitrary code.

The old stable distribution (woody) does not contain pdfkit.framework
packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.8-2sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your pdfkit.framework package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.dsc
      Size/MD5 checksum:      725 67fb49e4f05a6eef25396d23ca0baacd
    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.diff.gz
      Size/MD5 checksum:     5699 61578e6e26adf73639b464210830896b
    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz
      Size/MD5 checksum:  1780533 7676643ff78a0602c10bfb97fe0bd448

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_alpha.deb
      Size/MD5 checksum:  1821874 8fe74b91409115b4547ba273501e8f79

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_amd64.deb
      Size/MD5 checksum:  1796698 c6f96adecd322a60d77379d1513b26dc

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_arm.deb
      Size/MD5 checksum:  1756056 8632f1ef914df5fcc3b6c3f6dc9ce459

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_i386.deb
      Size/MD5 checksum:  1750384 f000dee97e83dbe85941c1305e689ef2

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_ia64.deb
      Size/MD5 checksum:  1980936 dce8ad12b1ce0e5e097c51243c68f749

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_hppa.deb
      Size/MD5 checksum:  1862404 b4b0d1a421d02987330502e4a653e6a9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_m68k.deb
      Size/MD5 checksum:  1785734 1c14679aba2cd8cd8bf7aabd42db1cf6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mips.deb
      Size/MD5 checksum:  1769138 6600cf166ba6ced0b6c067338f9565c1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mipsel.deb
      Size/MD5 checksum:  1754778 0539c52303cf950f3ea66f78eb875449

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_powerpc.deb
      Size/MD5 checksum:  1770876 a8098242afc68c1dfd0c2141f95d88f5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_s390.deb
      Size/MD5 checksum:  1804716 88af5f5ab641839eac628f9dd36e4509

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_sparc.deb
      Size/MD5 checksum:  1779964 c07986d5367f97f1598d7e2d592fdc40


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD4GGxW5ql+IAeqTIRAvQiAJ4xOAQr4GcVkPcKAGIlXuLVh+cDOgCdHp19
WLOiQcmij8udAgyvS0Y7Jw4=
=Fs3s
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F43065)

Debian Linux Security Advisory 937-1 (PacketStormID:F43065)
2006-01-15 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 937-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 937-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 12th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : tetex-bin
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625
                 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
CERT advisory  : 
BugTraq ID     : 
Debian Bug     : 342292

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in tetex-bin, the binary files of teTeX, and which can
lead to a denial of service by crashing the application or possibly to
the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 1.0.7+20011202-7.7.

For the stable distribution (sarge) these problems have been fixed in
version 2.0.2-30sarge4.

For the unstable distribution (sid) these problems have been fixed in
version 0.4.3-2 of poppler against which tetex-bin links.

We recommend that you upgrade your tetex-bin package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.dsc
      Size/MD5 checksum:      874 4fe4cb1a4bb2d39afc7f92948bafe6af
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.tar.gz
      Size/MD5 checksum: 10328904 be3ba73c70f6c50637069868c56a7d9e

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_alpha.deb
      Size/MD5 checksum:    84666 14987fa20077b5ce0a10f64d0df7e25f
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_alpha.deb
      Size/MD5 checksum:    53260 7736b2f52cbdd476e8d4b8339b5d8b72
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_alpha.deb
      Size/MD5 checksum:  4569310 e5063538a36c4fd7aa514f2e8711aea0

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_arm.deb
      Size/MD5 checksum:    65270 472d8a8a0f9823eab4b57a9a95515c01
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_arm.deb
      Size/MD5 checksum:    43782 d2dde880cf11acfdaa89d51dbc3735d5
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_arm.deb
      Size/MD5 checksum:  3704454 62ecd37b4548deed4aa633083eda9e3a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_i386.deb
      Size/MD5 checksum:    62610 b019a923fe66e306fe5864373f35e24a
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_i386.deb
      Size/MD5 checksum:    40920 f42ec41bd53e2a99315aae7f3dd5657a
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_i386.deb
      Size/MD5 checksum:  3137616 24d0d5e485fd32f004aba99607d5b267

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_ia64.deb
      Size/MD5 checksum:    89722 3ff4685d8757f3f34f69d1d3038b99ee
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_ia64.deb
      Size/MD5 checksum:    63476 2d5255d1a7e38287f68692f0fe5dd171
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_ia64.deb
      Size/MD5 checksum:  5599966 6cd21572aad64c291f728cfd8ddf5753

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_hppa.deb
      Size/MD5 checksum:    79344 6cd09b3241459a76bc333ec2cca26eb3
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_hppa.deb
      Size/MD5 checksum:    49540 042b7d2e4889fbed4165d86e3841c396
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_hppa.deb
      Size/MD5 checksum:  4107634 2253868a707890f55508be0a8d2b5084

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_m68k.deb
      Size/MD5 checksum:    61938 328fa7a34388dbdd0bf3d77199f46e83
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_m68k.deb
      Size/MD5 checksum:    41538 6e3a03abbf8382b2aaed4abc95115e34
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_m68k.deb
      Size/MD5 checksum:  2923636 fcd6d90ba74b613de76fd32834c2f250

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mips.deb
      Size/MD5 checksum:    75074 410d60865596a9e67e0dc721b703610e
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mips.deb
      Size/MD5 checksum:    42556 9a09bb7af1668ce16cee128f67d2da50
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mips.deb
      Size/MD5 checksum:  3941504 a6f1b0d37fc2f6dcbfd9d6c245551cf1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mipsel.deb
      Size/MD5 checksum:    74864 db91b18d0295fd07a1771f0fdc910730
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mipsel.deb
      Size/MD5 checksum:    42760 293b2e9ea53c8664208b4eaa5d7d038b
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mipsel.deb
      Size/MD5 checksum:  3899710 d160c22beba8a431496557b59218ebee

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_powerpc.deb
      Size/MD5 checksum:    73944 edc0023d5a5f6c7810e5e39518e9075c
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_powerpc.deb
      Size/MD5 checksum:    45460 1fa491c88047f14874e162129943a0f2
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_powerpc.deb
      Size/MD5 checksum:  3588892 ec0621101b8f88a8e6886611f476a23b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_s390.deb
      Size/MD5 checksum:    64262 f8383550467d7d3f0dddb35694b4b453
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_s390.deb
      Size/MD5 checksum:    43938 dc3005de68ffb1f120af9b98a4138ad7
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_s390.deb
      Size/MD5 checksum:  3441798 30d05314a39832a47b3b91f900e78d10

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_sparc.deb
      Size/MD5 checksum:    70704 dc6dd4572fe8dc8d79d645190dd5b9e8
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_sparc.deb
      Size/MD5 checksum:    48910 cfe4a6905dbd392494d200a64240604d
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_sparc.deb
      Size/MD5 checksum:  3599016 000aa70472574b64334c612e8dc6f79b


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.dsc
      Size/MD5 checksum:     1004 983ccc6f8176a0beedda5df8a06e3537
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.diff.gz
      Size/MD5 checksum:   154375 3d72a9201f38d2dde021df25b6e1649c
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_alpha.deb
      Size/MD5 checksum:    89842 6de1e46a20510337254c069cec4d8590
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_alpha.deb
      Size/MD5 checksum:    65424 ceb0f7a0bba00d19b0e787d465ccfe2d
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_alpha.deb
      Size/MD5 checksum:  5135466 f1ee07be1b52761c5c421252e69b5fec

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_amd64.deb
      Size/MD5 checksum:    72772 c7912ef834249631873ca38061306b32
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_amd64.deb
      Size/MD5 checksum:    61922 7601e110af324ee3cb90aec31c1a2c4b
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_amd64.deb
      Size/MD5 checksum:  4356908 4fd1dd53475b92b7d3ded8bc23a84d23

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_arm.deb
      Size/MD5 checksum:    67808 ee9b99d5159d1651f6a29768b4cf0854
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_arm.deb
      Size/MD5 checksum:    58142 48e671e8b106b363d8761b3d20acc5ec
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_arm.deb
      Size/MD5 checksum:  4300642 c8049249d1904b75c38081129bc5467e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_i386.deb
      Size/MD5 checksum:    66218 d349881df541b5f7383e5a5390ac238a
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_i386.deb
      Size/MD5 checksum:    59176 81412a2ee64924929205b718813970bb
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_i386.deb
      Size/MD5 checksum:  3939522 fe9e13180506bb76b073be1e289d214e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_ia64.deb
      Size/MD5 checksum:    89822 abc527d1eccb607d0731be6200352e75
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_ia64.deb
      Size/MD5 checksum:    73492 b7ba1d9e84583256f33a1c5abe76162e
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_ia64.deb
      Size/MD5 checksum:  5909228 984e273287f9d5dbee2e8310ab43ae69

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_hppa.deb
      Size/MD5 checksum:    78310 0e86d99930bf65fdc9c3479089a6a20b
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_hppa.deb
      Size/MD5 checksum:    66644 21cab5ff1f28857f08b1771de7c3f461
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_hppa.deb
      Size/MD5 checksum:  4612710 fdab445f3c33ae90180d3c834044fc40

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_m68k.deb
      Size/MD5 checksum:    63502 78c53919dcfe97aedbc80b1fc887e204
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_m68k.deb
      Size/MD5 checksum:    58736 69a55de426d9e122adc441b26c9bb062
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_m68k.deb
      Size/MD5 checksum:  3600916 b05f9a5118f7028e5c437c5749bfe79f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mips.deb
      Size/MD5 checksum:    75558 6449710e39b1ebad2c982bcad599e7f0
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mips.deb
      Size/MD5 checksum:    59190 d1fa5b3b77fd4a24d1bc65fb5bce6a90
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mips.deb
      Size/MD5 checksum:  4602728 8454c9ddb3922c981e8d5cc5bf59ad1e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mipsel.deb
      Size/MD5 checksum:    75546 7bbac980fa4a95d71ebd4de2fe2b2b5b
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mipsel.deb
      Size/MD5 checksum:    59430 ea2fd76fbc73cad63efef3b939c89aa1
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mipsel.deb
      Size/MD5 checksum:  4559108 fc52f040b130e7954230cffdd91d1145

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_powerpc.deb
      Size/MD5 checksum:    74904 8a3d0d1292f0978eab3b39d6f96a97e9
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_powerpc.deb
      Size/MD5 checksum:    63372 09c6961bbf8e5280ab1f618dd443106c
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_powerpc.deb
      Size/MD5 checksum:  4382198 62e8dec6600f7fdcee4e11bc29258766

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_s390.deb
      Size/MD5 checksum:    71844 48a4bded5ebdb5719f5b72fc0bb4ea60
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_s390.deb
      Size/MD5 checksum:    63614 9fdebe54556dba9bb6fd3cdd5bab2034
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_s390.deb
      Size/MD5 checksum:  4269024 36f0cf0d6f8f73f569af231b7b47c53e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_sparc.deb
      Size/MD5 checksum:    70022 7cfdf14b376e0249ae24bb77fb1ae73a
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_sparc.deb
      Size/MD5 checksum:    60990 f25104fe0c734c162f75876bdaf797aa
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_sparc.deb
      Size/MD5 checksum:  4156948 a5ae0e1018b2ddc41de89accf9aa10d6


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDxj5FW5ql+IAeqTIRAiSvAJ4nLrbz5mX/YGj988kKJvTyxWjPUACdHocZ
DXgbf2rREWYvVX/u3V1/tEg=
=SKyV
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F43007)

Debian Linux Security Advisory 936-1 (PacketStormID:F43007)
2006-01-12 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-2097,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 936-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 936-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 11th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libextractor
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-2097
                 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
                 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in libextractor, a library to extract arbitrary meta-data
from files, and which can lead to a denial of service by crashing the
application or possibly to the execution of arbitrary code.

The old stable distribution (woody) does not contain libextractor
packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.4.2-2sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 0.5.8-1.

We recommend that you upgrade your libextractor packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.dsc
      Size/MD5 checksum:      778 6906857074772199e2a8a892feb3aae2
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.diff.gz
      Size/MD5 checksum:     6345 c214699bde0bfad501cede35488b4f09
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
      Size/MD5 checksum:  5887095 d99e1b13a017d39700e376a0edbf7ba2

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum:    19424 59bb8cddd5c80fb1cba57796b9445dab
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum:  5804676 9942575a95cb97dfcae26b156dca7a58
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum:    19204 fed48ebb930e6a7d3484bd75c8263a81

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum:    18098 7d4a40679062c4d2d70f9c08dc785559
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum:  5641300 ff1bac0e15d1a6ff630a6ced168e284f
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum:    17364 54dd55236286550d6cadc8dbb3df9ccd

  ARM architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum:    17480 aa541fc867f51588b676aa23d34e25a8
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum:  5710616 ed153d5e88e899f4e27ae5a67c5e45d0
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum:    16784 7a7f73139e8c0c62187179e993734932

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum:    17624 5419b495e3df96a658e1323c83f7faf9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum:  5713300 1bc2a3ab8b321b543a1ae92590e76f8b
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum:    16546 71e4044ff8d923cd56d4bb046be1b37f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum:    20404 cdea8cf2f6cd2b8a761ccca2a2d85421
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum:  5905266 98f5de1716817b660791a92d5ee7c6a6
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum:    19140 d780e22f3cd6c6204de3db711f068dcd

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum:    18560 70ae8b43a0cd581a36a8097fc94c2172
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum:  5687318 a241f7e800ac5cbd7f45fdafeae267ac
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum:    17710 c1848801758081872515d88f86938537

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum:    17184 d64fcc89500919e03805e47dbb9eca52
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum:  5708190 0d20df48cd437a99544bf748a1c89ea9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum:    16404 0e47447d4b7007d4016c32a81f2b66f4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum:    18416 38f460cbf16a6c2a3c735c5a6545013a
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum:  5729074 76787645b83e4438fc79325410114c99
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum:    17700 8cbf4e1556b59d982589d27e5af1211e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum:    18460 dfaad60fd479b74c72c46680d92c5920
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum:  5726846 0d9ad0d53eddd3503cdc2fce6b118595
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum:    17734 a74a4df56930cd6e1ec289a714fe2225

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum:    19600 0fbb4093db271d5924d8e1fb81d0c5c3
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum:  5677812 543192c6a5b6b89fdc0cc0c5b3f2befe
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum:    17556 bd868a198744609509201e7af0e33ab9

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum:    17974 f16109dd971b139abc8a2194731e33c8
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum:  5768028 dfda84e8d1a0e53794418a77a09d801f
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum:    17918 da3bb3df7f86443b1f36ed4b5bcc0113

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum:    17480 1ef23c92384723ab64b315b7d8d51089
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum:  5752164 91a3ad11d2f029e99955b2c54088e034
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum:    16696 87e4150b6738d9921728a1e594bc4904


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDxMoyW5ql+IAeqTIRAoa3AJ4wdQARyff9H2Mjm+0DBiZr4i2HXACfT3tc
/HQ6b6/FOirsuLBIBvIWdew=
=McFo
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F42929)

Debian Linux Security Advisory 931-1 (PacketStormID:F42929)
2006-01-10 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 931-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 931-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 9th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xpdf
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CAN-2005-3191 CAN-2005-3192 CAN-2005-3193 CVE-2005-3624
                 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
Debian Bug     : 342281

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, that can
lead to a denial of service by crashing the application or possibly to
the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 1.00-3.8.

For the stable distribution (sarge) these problems have been fixed in
version 3.00-13.4.

For the unstable distribution (sid) these problems have been fixed in
version 3.01-4.

We recommend that you upgrade your xpdf package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.dsc
      Size/MD5 checksum:      706 f8091cb4e0b0c7baa8ccc4ee75a50699
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.diff.gz
      Size/MD5 checksum:    11832 ab0665a0fa767785037ceff313cbc1b3
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
      Size/MD5 checksum:   397750 81f3c381cef729e4b6f4ce21cf5bbf3c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.8_all.deb
      Size/MD5 checksum:    38826 43072ed4680dab2c7d68eec7b3f7c45a
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8_all.deb
      Size/MD5 checksum:     1286 7bd55048fc7aab6c9c35f65d472932da

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_alpha.deb
      Size/MD5 checksum:   571434 7be66f32548c87a66c2353d976a99c36
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_alpha.deb
      Size/MD5 checksum:  1046964 c83387b2ce2c92faa2cbbc86f2d9a9a8

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_arm.deb
      Size/MD5 checksum:   487502 655007df84b968ec59de01638b77f0b8
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_arm.deb
      Size/MD5 checksum:   887368 a2d7e4052bf2a5c4a495c4e45dedf89b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_i386.deb
      Size/MD5 checksum:   449748 0ae0c17cc4624b254b2aeac09c995d6f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_i386.deb
      Size/MD5 checksum:   828498 530637087a864c6def87e31283bdeceb

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_ia64.deb
      Size/MD5 checksum:   683068 19ecb0905f8636e67bf7238c10f59ad5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_ia64.deb
      Size/MD5 checksum:  1230046 ed52eb1ba803c65bed5b9b82ec551eef

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_hppa.deb
      Size/MD5 checksum:   564570 e375463f1a090ee04616a2a28d074792
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_hppa.deb
      Size/MD5 checksum:  1034076 c7baa8decb624ae001b8325c426c3e83

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_m68k.deb
      Size/MD5 checksum:   427756 e516e992cf634de082e9261fec596417
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_m68k.deb
      Size/MD5 checksum:   795168 5315ec1734af63b31df537992fd575d7

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mips.deb
      Size/MD5 checksum:   555626 38b3797dc8685b374bfa4d5b8310e002
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mips.deb
      Size/MD5 checksum:  1017302 f1420c53961b3574c404e3dcee80e633

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mipsel.deb
      Size/MD5 checksum:   546712 be27f108ed722e04bee9473fb463a749
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mipsel.deb
      Size/MD5 checksum:   999554 d8983b16cb67d5b5da734e8a166079b1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_powerpc.deb
      Size/MD5 checksum:   470466 c90999ac3ffef0f1ca9907ec0c52e8ca
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_powerpc.deb
      Size/MD5 checksum:   860678 1b79e9b04f6b86cee3365c27c99b8c8a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_s390.deb
      Size/MD5 checksum:   430408 09493b1bae3177137a922adbaee7af25
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_s390.deb
      Size/MD5 checksum:   786644 98062cef2cfd5f78eba94f92f7ffc7ec

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_sparc.deb
      Size/MD5 checksum:   444146 9bb3e73108672a45c87eb172b30b645e
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_sparc.deb
      Size/MD5 checksum:   810204 53735cf450d1ff09449dd4e744e31f4a


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.dsc
      Size/MD5 checksum:      781 df2be00a261c47ed25cbf00bdcefcc32
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.diff.gz
      Size/MD5 checksum:    50734 3018a9155bbcf704f47132bbefddd5b5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5 checksum:   534697 95294cef3031dd68e65f331e8750b2c2

  Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.4_all.deb
      Size/MD5 checksum:    56504 333976022e4bd6b1a241844231f2db30
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4_all.deb
      Size/MD5 checksum:     1284 1b077a992654b8df5727d844deb84e0c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_alpha.deb
      Size/MD5 checksum:   802112 93e96a4213f4966d8c0bb2c1e34b572d
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_alpha.deb
      Size/MD5 checksum:  1528190 5db2e3cd7ab5f2865d5303163c3d08a7

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_amd64.deb
      Size/MD5 checksum:   667754 df5e85b58bcb2f7b86837e7a79b745f9
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_amd64.deb
      Size/MD5 checksum:  1273734 5554c8f473a892cc8478f50bc1dd96dd

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_arm.deb
      Size/MD5 checksum:   674458 b419a39cb5b1bbaefe52c51f163913d5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_arm.deb
      Size/MD5 checksum:  1279040 fe5af7d7209bb14e865404ea695a6df3

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_i386.deb
      Size/MD5 checksum:   656804 e319b835c10f76ad7946b74da24ba1bf
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_i386.deb
      Size/MD5 checksum:  1242164 731e556748f3f84465bd6537462fde03

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_ia64.deb
      Size/MD5 checksum:   950974 fe4f3be5aa05772806309faaa3847db3
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_ia64.deb
      Size/MD5 checksum:  1801950 27c19b5813e7d2aa34aca9847c277b40

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_hppa.deb
      Size/MD5 checksum:   832646 a2504b353573d384d443e923782775f1
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_hppa.deb
      Size/MD5 checksum:  1580478 72266677b36f9ec9ab2c2bcac1dfe7ac

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_m68k.deb
      Size/MD5 checksum:   585736 e1331547251b0d5eba96c68e6665abf2
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_m68k.deb
      Size/MD5 checksum:  1116746 46d969a98302c1b49b5e9a355047adfc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mips.deb
      Size/MD5 checksum:   807800 d1acd349bc0a932ea3467db9796919f5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mips.deb
      Size/MD5 checksum:  1524848 685d65d2a07676b55fa3abd8505018a9

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mipsel.deb
      Size/MD5 checksum:   798090 18503fbab79be783005bed35d4cdb02d
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mipsel.deb
      Size/MD5 checksum:  1503796 aaa4b1de4370d52cc2b3e595542f82c3

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_powerpc.deb
      Size/MD5 checksum:   694126 08e64354f30b1bd573092925b894c77f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_powerpc.deb
      Size/MD5 checksum:  1313048 5f39d0ffe44186db884a7c1115704666

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_s390.deb
      Size/MD5 checksum:   630774 8b48412164ae96066c61399a5c7b3cd7
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_s390.deb
      Size/MD5 checksum:  1198670 6b837427a05f0b19630197183c9c50f1

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_sparc.deb
      Size/MD5 checksum:   626394 0bbb59b11b9d11f9129fbd475e3ab186
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_sparc.deb
      Size/MD5 checksum:  1181726 a523c04a7ae1c3b8fc24c29f46d3c589


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDwpWrW5ql+IAeqTIRAhdkAKCgwmk5BFUWu5yB3YbFlL2fLf90ZwCfbgnG
UEndv6nnPJdfmUKQUHx2Jus=
=+8on
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F42810)

Gentoo Linux Security Advisory 200601-2 (PacketStormID:F42810)
2006-01-05 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193
[点击下载]

Gentoo Linux Security Advisory GLSA 200601-02 - KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans. Versions less than 3.4.3-r3 are affected.

--nextPart2555777.h1rhfufMb1
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200601-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: KPdf, KWord: Multiple overflows in included Xpdf code
      Date: January 04, 2006
      Bugs: #114429, #115851
        ID: 200601-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

KPdf and KWord both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.

Background
==========

KPdf is a KDE-based PDF viewer included in the kdegraphics package.
KWord is a KDE-based word processor also included in the koffice
package.

Affected packages
=================

    -------------------------------------------------------------------
     Package               /  Vulnerable  /                 Unaffected
    -------------------------------------------------------------------
  1  kde-base/kdegraphics     < 3.4.3-r3                   >= 3.4.3-r3
  2  kde-base/kpdf            < 3.4.3-r3                   >= 3.4.3-r3
  3  app-office/koffice       < 1.4.2-r6                   >= 1.4.2-r6
  4  app-office/kword         < 1.4.2-r6                   >= 1.4.2-r6
    -------------------------------------------------------------------
     4 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf
code is vulnerable to several heap overflows (GLSA 200512-08) as well
as several buffer and integer overflows discovered by Chris Evans.

Impact
======

An attacker could entice a user to open a specially crafted PDF file
with Kpdf or KWord, potentially resulting in the execution of arbitrary
code with the rights of the user running the affected application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All kdegraphics users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r3"

All Kpdf users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r3"

All KOffice users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.2-r6"

All KWord users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/kword-1.4.2-r6"

References
==========

  [ 1 ] CAN-2005-3191
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191
  [ 2 ] CAN-2005-3192
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192
  [ 3 ] CAN-2005-3193
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193
  [ 4 ] CVE-2005-3624
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
  [ 5 ] CVE-2005-3625
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
  [ 6 ] CVE-2005-3626
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
  [ 7 ] CVE-2005-3627
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
  [ 8 ] GLSA 200512-08
        http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
  [ 9 ] KDE Security Advisory: kpdf/xpdf multiple integer overflows
        http://www.kde.org/info/security/advisory-20051207-2.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

--nextPart2555777.h1rhfufMb1
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBDvEX8zKC5hMHO6rkRAlBZAJwLqhXVdTO0CDzYburM3YRfzRn3kwCeJvSs
sQw7gp6in+gHcPl/+h6S238=
=Hrli
-----END PGP SIGNATURE-----

--nextPart2555777.h1rhfufMb1--
    

- 漏洞信息 (F42245)

KDE Security Advisory 2005-12-07.1 (PacketStormID:F42245)
2005-12-14 00:00:00
KDE Desktop  kde.org
advisory,overflow,arbitrary,vulnerability
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193
[点击下载]

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Systems affected are KDE 3.2.0 up to and including KDE 3.5.0 and KOffice 1.3.0 up to and including KOffice 1.4.2.

KDE Security Advisory: kpdf/xpdf multiple integer overflows
Original Release Date: 2005-12-07
URL: http://www.kde.org/info/security/advisory-20051207-1.txt

0. References
        CAN-2005-3191
        CAN-2005-3192
        CAN-2005-3193


1. Systems affected:

        KDE 3.2.0 up to including KDE 3.5.0
	KOffice 1.3.0 up to including KOffice 1.4.2


2. Overview:

        kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
        multiple integer overflow vulnerabilities that allow specially
	crafted pdf files, when opened, to overflow a heap allocated
	buffer and execute arbitrary code. 


3. Impact:

        Remotely supplied pdf files can be used to execute arbitrary
	code on the client machine.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KDE 3.5.0 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        04d1a115cca0deacbfca5c172bb9f4db  
post-3.5.0-kdegraphics-CAN-2005-3193.diff

        Patch for KDE 3.4.3 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        b9787ff17e3e7eccee9ff23edcdca2c1 
post-3.4.3-kdegraphics-CAN-2005-3193.diff

        Patch for KDE 3.3.2 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

	8e0b2db76bc419b444f8308b3d8127b9  post-3.3.2-kdegraphics-CAN-2005-3193.diff

        Patch for KDE 3.2.3 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        75c90ff2998ff7b4c1b66fbf85d351f1  
post-3.2.3-kdegraphics-CAN-2005-3193.diff

        Patch for KOffice 1.3.0 and newer is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

	e663d0b1b6c32c3fb99c85834ae7b17b  post-1.3-koffice-CAN-2005-3193.diff

    

- 漏洞信息 (F42185)

iDEFENSE Security Advisory 2005-12-05.4 (PacketStormID:F42185)
2005-12-09 00:00:00
iDefense Labs,infamous41md  idefense.com
advisory,denial of service,overflow,arbitrary,local,code execution
CVE-2005-3192
[点击下载]

iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included by various vendor's software distributions, could allow attackers to cause a denial of service (DoS) condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the Predictor stream parsing code. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.

Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability

iDefense Security Advisory 12.05.05
www.idefense.com/application/poi/display?id=344&type=vulnerabilities
December 5, 2005

I. BACKGROUND

Xpdf is an open-source viewer for Portable Document Format (PDF) files.

II. DESCRIPTION

Local exploitation of a heap-based buffer overflow vulnerability in 
xpdf, as included by various vendor's software distributions, could 
allow attackers to cause a denial of service (DoS) condition, 
potentially resulting in arbitrary code execution. 

The vulnerability specifically exists due to insufficient input 
validation in the Predictor stream parsing code. The 
StreamPredictor::StreamPredictor function from xpdf/Stream.cc takes the 
value of numComps from user-controllable data from within the PDF file. 
The numComps value is used in a series of calcualations within the 
StreamPredictor function. Using specially crafted values, a call to 
gmalloc can be forced to allocate the minimum number of bytes, which 
may later be overrun with user-supplied data from the PDF file leading 
to corruption of heap memory that might result in a DoS condition or 
arbitrary code execution.

III. ANALYSIS

Exploitation could result in arbitrary code execution with privileges 
of the xpdf process. Currently, exploitation resulting in code 
execution is theoretical and dependant on the process memory layout. A 
typical exploitation attempt would require an attacker to supply a 
malicious pdf to the victim. The victim would need to open the corrupt 
pdf file in xpdf. Only then would the vulnerability be triggered. 

IV. DETECTION

iDefense has confirmed the existence of this vulnerability in xpdf 
3.01. All earlier versions of xpdf are suspected vulnerable.

The following vendors include susceptible xpdf packages within their 
operating system distributions:

    . The Debian Project: Linux 3.0 and 3.1 

V. WORKAROUND

iDefense is currently unaware of any effective workarounds for this 
vulnerability.

VI. VENDOR RESPONSE

A patch for this vulnerability is available at:
  
  ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch

Updated binaries (version 3.01pl1) are available at:

  http://www.foolabs.com/xpdf/download.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-3192 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

10/13/2005  Initial vendor notification
10/19/2005  Initial vendor response
12/05/2005  Coordinated public disclosure

IX. CREDIT

iDefense credits infamous41md@hotpop.com with the discovery of this 
vulnerability.

Get paid for vulnerability research
http://www.iDefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events
http://labs.iDefense.com

X. LEGAL NOTICES

Copyright C 2005 iDefense, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@iDefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.

    

- 漏洞信息

XPDF StreamPredictor Remote Heap Buffer Overflow Vulnerability
Boundary Condition Error 15725
Yes No
2005-12-06 12:00:00 2007-08-10 07:44:00
This vulnerability was discovered by infamous41md@hotpop.com.

- 受影响的程序版本

Xpdf Xpdf 3.0 pl3
Xpdf Xpdf 3.0 pl2
Xpdf Xpdf 3.0 1
Xpdf Xpdf 3.0 0
Xpdf Xpdf 2.0.3
Xpdf Xpdf 2.0.2 pl1
Xpdf Xpdf 2.0.1
Xpdf Xpdf 2.0 3
Xpdf Xpdf 2.0 2
Xpdf Xpdf 2.0 1
Xpdf Xpdf 2.0
Xpdf Xpdf 1.0 1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
Xpdf Xpdf 1.0 0a
Xpdf Xpdf 1.0 0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Xpdf Xpdf 0.93
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
Xpdf Xpdf 0.92
Xpdf Xpdf 0.91
- Debian Linux 2.2
Xpdf Xpdf 0.90
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
teTeX teTeX 3.0
teTeX teTeX 2.0.2
teTeX teTeX 2.0.1
teTeX teTeX 2.0
teTeX teTeX 1.0.7
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 7
Sun Solaris 10_x86
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun Solaris 10
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux -current
SGI ProPack 3.0 SP6
SCO Unixware 7.1.4
SCO Open Server 6.0
SCO Open Server 5.0.7
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
rPath rPath Linux 1
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Poppler poppler 0.4.2
PDFTOHTML PDFTOHTML 0.36
PDFTOHTML PDFTOHTML 0.35
PDFTOHTML PDFTOHTML 0.34
PDFTOHTML PDFTOHTML 0.33 a
PDFTOHTML PDFTOHTML 0.33
PDFTOHTML PDFTOHTML 0.32 b
PDFTOHTML PDFTOHTML 0.32 a
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
KDE kpdf 0.5
KDE KOffice 1.4.2
KDE KOffice 1.4.1
KDE KOffice 1.4
KDE KOffice 1.3.5
KDE KOffice 1.3.4
KDE KOffice 1.3.3
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
KDE KOffice 1.3.2
KDE KOffice 1.3.1
KDE KOffice 1.3 beta3
KDE KOffice 1.3 beta2
KDE KOffice 1.3 beta1
KDE KOffice 1.3
KDE KOffice 1.2.92
KDE KDE 3.5
KDE KDE 3.4.3
KDE KDE 3.4.2
KDE KDE 3.4.1
KDE KDE 3.4
KDE KDE 3.3.2
KDE KDE 3.3.2
KDE KDE 3.3.1
+ Red Hat Fedora Core3
KDE KDE 3.3
KDE KDE 3.2.3
KDE KDE 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE KDE 3.2.1
KDE KDE 3.2
GNOME GPdf 2.8.3
GNOME GPdf 2.8.2
GNOME GPdf 2.1
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Avaya Interactive Response 2.0
Xpdf Xpdf 3.0 1pl1

- 不受影响的程序版本

Xpdf Xpdf 3.0 1pl1

- 漏洞讨论

The 'xpdf' viewer is reported prone to a remote buffer-overflow vulnerability. This issue exists because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

This issue is reported to present itself in the 'StreamPredictor::StreamPredictor' function residing in the 'xpdf/Stream.cc' file.

This issue is reported to affect xpdf 3.01, but earlier versions are likely prone to this vulnerability as well. Applications using embedded xpdf code may also be vulnerable.

The 'pdftohtml' utility also includes vulnerable versions of xpdf. This issue affects pdftohtml 0.36; earlier versions may also be affected.

The 'kpdf' viewer reportedly incorporates vulnerable xpdf code. This issue affects kpdf 0.5; other versions may also be affected.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released a patch to address this issue. Please see the various referenced advisories for more information.


Sun Solaris 10.0

Xpdf Xpdf 0.91

Xpdf Xpdf 0.93

Xpdf Xpdf 1.0 1

Xpdf Xpdf 1.0 0

KDE KOffice 1.3 beta1

KDE KOffice 1.3 beta2

KDE KOffice 1.3.3

KDE KOffice 1.3.5

KDE KOffice 1.4

Xpdf Xpdf 2.0.3

Xpdf Xpdf 3.0 1

Xpdf Xpdf 3.0 pl2

Xpdf Xpdf 3.0 pl3

KDE KDE 3.2.3

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站