CVE-2005-3626
CVSS5.0
发布时间 :2005-12-31 00:00:00
修订时间 :2016-11-18 21:59:41
NMCOP    

[原文]Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.


[CNNVD]KPdf和KWord多个缓冲区溢出漏洞(CNNVD-200512-830)

        KPdf是kdegraphics软件包中捆绑的基于KDE的PDF浏览器,KWord是koffice软件包中捆绑的基于KDE的文字处理器。
        KPdf和KWord都包含有用于处理PDF文件的Xpdf代码,该Xpdf代码中存在几个堆溢出和整数溢出。如果攻击者能够诱骗用户使用Kpdf或KWord打开特制的PDF文件的话,就可以以受影响应用程序的权限执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/o:redhat:fedora_core:core_2.0
cpe:/o:suse:suse_linux:9.2::personal
cpe:/o:suse:suse_linux:9.1::personal
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:debian:debian_linux:3.1::mipsel
cpe:/a:xpdf:xpdf:3.0
cpe:/a:kde:koffice:1.4.2KDE KOffice 1.4.2
cpe:/o:suse:suse_linux:9.3::personal
cpe:/o:turbolinux:turbolinux_server:10.0
cpe:/a:kde:koffice:1.4.1KDE KOffice 1.4.1
cpe:/o:suse:suse_linux:9.0::personal
cpe:/a:sgi:propack:3.0:sp6
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/o:slackware:slackware_linux:10.0Slackware Linux 10.0
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.1::amd64
cpe:/o:suse:suse_linux:10.0::oss
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:suse:suse_linux:9.1::x86_64
cpe:/o:suse:suse_linux:9.2::x86_64
cpe:/o:suse:suse_linux:9.3::x86_64
cpe:/a:kde:koffice:1.4KDE KOffice 1.4
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/a:kde:kpdf:3.2
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/a:kde:kdegraphics:3.2
cpe:/o:turbolinux:turbolinux_workstation:8.0
cpe:/a:easy_software_products:cups:1.1.22_rc1
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0MandrakeSoft Mandrake Corporate Server 3.0
cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:debian:debian_linux:3.1::alpha
cpe:/o:turbolinux:turbolinux_desktop:10.0
cpe:/o:redhat:linux:7.3::i386
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/a:easy_software_products:cups:1.1.23_rc1
cpe:/o:suse:suse_linux:1.0SuSE SuSE Linux 1.0
cpe:/o:redhat:enterprise_linux:4.0::workstation
cpe:/o:redhat:fedora_core:core_1.0
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/a:tetex:tetex:2.0.1
cpe:/o:sco:openserver:5.0.7
cpe:/o:debian:debian_linux:3.1::m68k
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:slackware:slackware_linux:10.1Slackware Linux 10.1
cpe:/o:slackware:slackware_linux:10.2Slackware Linux 10.2
cpe:/o:redhat:enterprise_linux:4.0::advanced_server
cpe:/o:turbolinux:turbolinux:10
cpe:/a:kde:kpdf:3.4.3
cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64
cpe:/a:kde:kword:1.4.2
cpe:/o:suse:suse_linux:10.0::professional
cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:debian:debian_linux:3.1::ia-32
cpe:/a:poppler:poppler:0.4.2
cpe:/o:mandrakesoft:mandrake_linux:2006MandrakeSoft Mandrake Linux 2006.0
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium
cpe:/o:redhat:fedora_core:core_4.0
cpe:/o:turbolinux:turbolinux:fuji
cpe:/a:easy_software_products:cups:1.1.23
cpe:/a:easy_software_products:cups:1.1.22
cpe:/o:mandrakesoft:mandrake_linux:10.1MandrakeSoft Mandrake Linux 10.1
cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64
cpe:/o:mandrakesoft:mandrake_linux:10.2::x86-64
cpe:/o:mandrakesoft:mandrake_linux:10.2MandrakeSoft Mandrake Linux 10.2
cpe:/o:ubuntu:ubuntu_linux:5.10::i386
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:turbolinux:turbolinux_personal
cpe:/o:debian:debian_linux:3.1::ppc
cpe:/o:turbolinux:turbolinux_server:10.0_x86
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:slackware:slackware_linux:9.1Slackware Linux 9.1
cpe:/o:trustix:secure_linux:3.0Trustix Secure Linux 3.0
cpe:/a:tetex:tetex:3.0
cpe:/o:slackware:slackware_linux:9.0Slackware Linux 9.0
cpe:/o:debian:debian_linux:3.0::arm
cpe:/a:tetex:tetex:2.0.2
cpe:/o:debian:debian_linux:3.1::arm
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition
cpe:/o:ubuntu:ubuntu_linux:5.10::amd64
cpe:/o:debian:debian_linux:3.1::sparc
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64
cpe:/o:sco:openserver:6.0
cpe:/o:debian:debian_linux:3.1Debian Debian Linux 3.1
cpe:/o:ubuntu:ubuntu_linux:5.04::i386
cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc
cpe:/o:debian:debian_linux:3.0Debian Debian Linux 3.0
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/o:suse:suse_linux:9.0::enterprise_server
cpe:/o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition
cpe:/o:redhat:fedora_core:core_3.0
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:suse:suse_linux:9.0::s_390
cpe:/o:ubuntu:ubuntu_linux:5.04::amd64
cpe:/o:turbolinux:turbolinux_multimedia
cpe:/o:redhat:linux:9.0::i386
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:redhat:enterprise_linux_desktop:4.0Red Hat Desktop 4.0
cpe:/a:tetex:tetex:1.0.7
cpe:/o:debian:debian_linux:3.1::ia-64
cpe:/o:gentoo:linuxGentoo Linux
cpe:/o:debian:debian_linux:3.1::mips
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:turbolinux:turbolinux_home
cpe:/o:redhat:enterprise_linux:4.0::enterprise_server
cpe:/o:suse:suse_linux:9.1::professional
cpe:/a:tetex:tetex:2.0
cpe:/o:suse:suse_linux:9.2::professional
cpe:/o:suse:suse_linux:9.3::professional
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/o:turbolinux:turbolinux_server:8.0
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64
cpe:/a:kde:kdegraphics:3.4.3
cpe:/o:suse:suse_linux:9.0::professional
cpe:/a:libextractor:libextractor
cpe:/o:trustix:secure_linux:2.2Trustix Secure Linux 2.2
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/o:debian:debian_linux:3.1::hppa
cpe:/o:debian:debian_linux:3.1::s-390
cpe:/o:debian:debian_linux:3.0::hppa

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9992Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3626
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-830
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
(UNKNOWN)  SCO  SCOSA-2006.15
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
(UNKNOWN)  SGI  20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
(UNKNOWN)  SGI  20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
(UNKNOWN)  SGI  20060201-01-U
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2006:001
http://rhn.redhat.com/errata/RHSA-2006-0177.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0177
http://scary.beasts.org/security/CESA-2005-003.txt
(UNKNOWN)  MISC  http://scary.beasts.org/security/CESA-2005-003.txt
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
(UNKNOWN)  SLACKWARE  SSA:2006-045-09
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
(UNKNOWN)  SLACKWARE  SSA:2006-045-04
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
(UNKNOWN)  SUNALERT  102972
http://www.debian.org/security/2005/dsa-931
(UNKNOWN)  DEBIAN  DSA-931
http://www.debian.org/security/2005/dsa-932
(UNKNOWN)  DEBIAN  DSA-932
http://www.debian.org/security/2005/dsa-937
(UNKNOWN)  DEBIAN  DSA-937
http://www.debian.org/security/2005/dsa-938
(UNKNOWN)  DEBIAN  DSA-938
http://www.debian.org/security/2005/dsa-940
(UNKNOWN)  DEBIAN  DSA-940
http://www.debian.org/security/2006/dsa-936
(VENDOR_ADVISORY)  DEBIAN  DSA-936
http://www.debian.org/security/2006/dsa-950
(VENDOR_ADVISORY)  DEBIAN  DSA-950
http://www.debian.org/security/2006/dsa-961
(VENDOR_ADVISORY)  DEBIAN  DSA-961
http://www.debian.org/security/2006/dsa-962
(UNKNOWN)  DEBIAN  DSA-962
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200601-02
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
(UNKNOWN)  GENTOO  GLSA-200601-17
http://www.kde.org/info/security/advisory-20051207-2.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
(UNKNOWN)  MANDRIVA  MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
(UNKNOWN)  MANDRIVA  MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
(UNKNOWN)  MANDRIVA  MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
(UNKNOWN)  MANDRIVA  MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
(UNKNOWN)  MANDRIVA  MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
(UNKNOWN)  MANDRIVA  MDKSA-2006:011
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
(UNKNOWN)  MANDRIVA  MDKSA-2006:012
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
(PATCH)  CONFIRM  http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
(PATCH)  CONFIRM  http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
(UNKNOWN)  FEDORA  FEDORA-2005-025
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
(UNKNOWN)  FEDORA  FEDORA-2005-026
http://www.redhat.com/support/errata/RHSA-2006-0160.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0160
http://www.redhat.com/support/errata/RHSA-2006-0163.html
(UNKNOWN)  REDHAT  RHSA-2006:0163
http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded
(UNKNOWN)  FEDORA  FLSA-2006:176751
http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:175404
http://www.securityfocus.com/bid/16143
(PATCH)  BID  16143
http://www.trustix.org/errata/2006/0002/
(UNKNOWN)  TRUSTIX  2006-0002
http://www.ubuntulinux.org/support/documentation/usn/usn-236-1
(PATCH)  UBUNTU  USN-236-1
http://www.vupen.com/english/advisories/2006/0047
(UNKNOWN)  VUPEN  ADV-2006-0047
http://www.vupen.com/english/advisories/2007/2280
(UNKNOWN)  VUPEN  ADV-2007-2280
http://xforce.iss.net/xforce/xfdb/24026
(UNKNOWN)  XF  xpdf-flatedecode-dos(24026)

- 漏洞信息

KPdf和KWord多个缓冲区溢出漏洞
中危 边界条件错误
2005-12-31 00:00:00 2007-02-07 00:00:00
远程  
        KPdf是kdegraphics软件包中捆绑的基于KDE的PDF浏览器,KWord是koffice软件包中捆绑的基于KDE的文字处理器。
        KPdf和KWord都包含有用于处理PDF文件的Xpdf代码,该Xpdf代码中存在几个堆溢出和整数溢出。如果攻击者能够诱骗用户使用Kpdf或KWord打开特制的PDF文件的话,就可以以受影响应用程序的权限执行任意代码。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://security.gentoo.org/glsa/glsa-200601-02.xml

- 漏洞信息 (F43532)

Debian Linux Security Advisory 962-1 (PacketStormID:F43532)
2006-02-02 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 962-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 962-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 1st, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : pdftohtml
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624
                 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf which are also present in pdftohtml, a utility that
translates PDF documents into HTML format, and which can lead to a
denial of service by crashing the application or possibly to the
execution of arbitrary code.

The old stable distribution (woody) does not contain pdftohtml packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.36-11sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your pdftohtml package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.dsc
      Size/MD5 checksum:      602 c7095f7045d69bcebca90ade3f62a9a4
    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.diff.gz
      Size/MD5 checksum:    11388 17672ff97722b502d4d5b3ab804401e3
    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36.orig.tar.gz
      Size/MD5 checksum:   300922 75ad095bb51e1f66c9f7691e6af12f44

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_alpha.deb
      Size/MD5 checksum:   313926 ec897e4a81702159e516e823317e8652

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_amd64.deb
      Size/MD5 checksum:   259576 de188540a99fb893584e2c9a2f1c0e41

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_arm.deb
      Size/MD5 checksum:   266372 93821a971df9623124f68216c541f307

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_i386.deb
      Size/MD5 checksum:   253790 45b7b46b375e72507ebdf83b609b9bd3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_ia64.deb
      Size/MD5 checksum:   374010 a64d9a344341b8ff8f88ceba02a2481e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_hppa.deb
      Size/MD5 checksum:   330128 4ccc9307617411979efbca1d594f463b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_m68k.deb
      Size/MD5 checksum:   234598 e14153061b6f573e619f9dbd76bfbda8

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mips.deb
      Size/MD5 checksum:   311310 067a76c99fd6f144f7c75613b37493c7

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mipsel.deb
      Size/MD5 checksum:   307086 9890b5cec47e5e8e8ae4a9442c326253

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_powerpc.deb
      Size/MD5 checksum:   269364 9f345aa5ef3480b3d4591eeb4071bfa7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_s390.deb
      Size/MD5 checksum:   242284 4eb6779646c115bfe6ca7e7baaaaaec8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_sparc.deb
      Size/MD5 checksum:   245330 7dbf6432f1cc0a2e6d9b42ffa80b588f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD4IYGW5ql+IAeqTIRAlbHAJ4hP7FrxciQRk5rYigkVctVpQzSJgCfSkh5
/K5U8eJ0jhDuf366S6/sitw=
=QZcd
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F43529)

Debian Linux Security Advisory 961-1 (PacketStormID:F43529)
2006-02-02 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 961-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 961-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 1st, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : pdfkit.framework
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624
                 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf which are also present in pdfkit.framework, the
GNUstep framework for rendering PDF content, and which can lead to a
denial of service by crashing the application or possibly to the
execution of arbitrary code.

The old stable distribution (woody) does not contain pdfkit.framework
packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.8-2sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your pdfkit.framework package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.dsc
      Size/MD5 checksum:      725 67fb49e4f05a6eef25396d23ca0baacd
    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.diff.gz
      Size/MD5 checksum:     5699 61578e6e26adf73639b464210830896b
    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz
      Size/MD5 checksum:  1780533 7676643ff78a0602c10bfb97fe0bd448

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_alpha.deb
      Size/MD5 checksum:  1821874 8fe74b91409115b4547ba273501e8f79

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_amd64.deb
      Size/MD5 checksum:  1796698 c6f96adecd322a60d77379d1513b26dc

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_arm.deb
      Size/MD5 checksum:  1756056 8632f1ef914df5fcc3b6c3f6dc9ce459

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_i386.deb
      Size/MD5 checksum:  1750384 f000dee97e83dbe85941c1305e689ef2

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_ia64.deb
      Size/MD5 checksum:  1980936 dce8ad12b1ce0e5e097c51243c68f749

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_hppa.deb
      Size/MD5 checksum:  1862404 b4b0d1a421d02987330502e4a653e6a9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_m68k.deb
      Size/MD5 checksum:  1785734 1c14679aba2cd8cd8bf7aabd42db1cf6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mips.deb
      Size/MD5 checksum:  1769138 6600cf166ba6ced0b6c067338f9565c1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mipsel.deb
      Size/MD5 checksum:  1754778 0539c52303cf950f3ea66f78eb875449

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_powerpc.deb
      Size/MD5 checksum:  1770876 a8098242afc68c1dfd0c2141f95d88f5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_s390.deb
      Size/MD5 checksum:  1804716 88af5f5ab641839eac628f9dd36e4509

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_sparc.deb
      Size/MD5 checksum:  1779964 c07986d5367f97f1598d7e2d592fdc40


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD4GGxW5ql+IAeqTIRAvQiAJ4xOAQr4GcVkPcKAGIlXuLVh+cDOgCdHp19
WLOiQcmij8udAgyvS0Y7Jw4=
=Fs3s
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F43065)

Debian Linux Security Advisory 937-1 (PacketStormID:F43065)
2006-01-15 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 937-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 937-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 12th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : tetex-bin
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625
                 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
CERT advisory  : 
BugTraq ID     : 
Debian Bug     : 342292

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in tetex-bin, the binary files of teTeX, and which can
lead to a denial of service by crashing the application or possibly to
the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 1.0.7+20011202-7.7.

For the stable distribution (sarge) these problems have been fixed in
version 2.0.2-30sarge4.

For the unstable distribution (sid) these problems have been fixed in
version 0.4.3-2 of poppler against which tetex-bin links.

We recommend that you upgrade your tetex-bin package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.dsc
      Size/MD5 checksum:      874 4fe4cb1a4bb2d39afc7f92948bafe6af
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.tar.gz
      Size/MD5 checksum: 10328904 be3ba73c70f6c50637069868c56a7d9e

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_alpha.deb
      Size/MD5 checksum:    84666 14987fa20077b5ce0a10f64d0df7e25f
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_alpha.deb
      Size/MD5 checksum:    53260 7736b2f52cbdd476e8d4b8339b5d8b72
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_alpha.deb
      Size/MD5 checksum:  4569310 e5063538a36c4fd7aa514f2e8711aea0

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_arm.deb
      Size/MD5 checksum:    65270 472d8a8a0f9823eab4b57a9a95515c01
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_arm.deb
      Size/MD5 checksum:    43782 d2dde880cf11acfdaa89d51dbc3735d5
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_arm.deb
      Size/MD5 checksum:  3704454 62ecd37b4548deed4aa633083eda9e3a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_i386.deb
      Size/MD5 checksum:    62610 b019a923fe66e306fe5864373f35e24a
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_i386.deb
      Size/MD5 checksum:    40920 f42ec41bd53e2a99315aae7f3dd5657a
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_i386.deb
      Size/MD5 checksum:  3137616 24d0d5e485fd32f004aba99607d5b267

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_ia64.deb
      Size/MD5 checksum:    89722 3ff4685d8757f3f34f69d1d3038b99ee
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_ia64.deb
      Size/MD5 checksum:    63476 2d5255d1a7e38287f68692f0fe5dd171
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_ia64.deb
      Size/MD5 checksum:  5599966 6cd21572aad64c291f728cfd8ddf5753

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_hppa.deb
      Size/MD5 checksum:    79344 6cd09b3241459a76bc333ec2cca26eb3
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_hppa.deb
      Size/MD5 checksum:    49540 042b7d2e4889fbed4165d86e3841c396
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_hppa.deb
      Size/MD5 checksum:  4107634 2253868a707890f55508be0a8d2b5084

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_m68k.deb
      Size/MD5 checksum:    61938 328fa7a34388dbdd0bf3d77199f46e83
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_m68k.deb
      Size/MD5 checksum:    41538 6e3a03abbf8382b2aaed4abc95115e34
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_m68k.deb
      Size/MD5 checksum:  2923636 fcd6d90ba74b613de76fd32834c2f250

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mips.deb
      Size/MD5 checksum:    75074 410d60865596a9e67e0dc721b703610e
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mips.deb
      Size/MD5 checksum:    42556 9a09bb7af1668ce16cee128f67d2da50
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mips.deb
      Size/MD5 checksum:  3941504 a6f1b0d37fc2f6dcbfd9d6c245551cf1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mipsel.deb
      Size/MD5 checksum:    74864 db91b18d0295fd07a1771f0fdc910730
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mipsel.deb
      Size/MD5 checksum:    42760 293b2e9ea53c8664208b4eaa5d7d038b
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mipsel.deb
      Size/MD5 checksum:  3899710 d160c22beba8a431496557b59218ebee

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_powerpc.deb
      Size/MD5 checksum:    73944 edc0023d5a5f6c7810e5e39518e9075c
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_powerpc.deb
      Size/MD5 checksum:    45460 1fa491c88047f14874e162129943a0f2
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_powerpc.deb
      Size/MD5 checksum:  3588892 ec0621101b8f88a8e6886611f476a23b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_s390.deb
      Size/MD5 checksum:    64262 f8383550467d7d3f0dddb35694b4b453
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_s390.deb
      Size/MD5 checksum:    43938 dc3005de68ffb1f120af9b98a4138ad7
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_s390.deb
      Size/MD5 checksum:  3441798 30d05314a39832a47b3b91f900e78d10

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_sparc.deb
      Size/MD5 checksum:    70704 dc6dd4572fe8dc8d79d645190dd5b9e8
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_sparc.deb
      Size/MD5 checksum:    48910 cfe4a6905dbd392494d200a64240604d
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_sparc.deb
      Size/MD5 checksum:  3599016 000aa70472574b64334c612e8dc6f79b


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.dsc
      Size/MD5 checksum:     1004 983ccc6f8176a0beedda5df8a06e3537
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.diff.gz
      Size/MD5 checksum:   154375 3d72a9201f38d2dde021df25b6e1649c
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_alpha.deb
      Size/MD5 checksum:    89842 6de1e46a20510337254c069cec4d8590
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_alpha.deb
      Size/MD5 checksum:    65424 ceb0f7a0bba00d19b0e787d465ccfe2d
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_alpha.deb
      Size/MD5 checksum:  5135466 f1ee07be1b52761c5c421252e69b5fec

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_amd64.deb
      Size/MD5 checksum:    72772 c7912ef834249631873ca38061306b32
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_amd64.deb
      Size/MD5 checksum:    61922 7601e110af324ee3cb90aec31c1a2c4b
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_amd64.deb
      Size/MD5 checksum:  4356908 4fd1dd53475b92b7d3ded8bc23a84d23

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_arm.deb
      Size/MD5 checksum:    67808 ee9b99d5159d1651f6a29768b4cf0854
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_arm.deb
      Size/MD5 checksum:    58142 48e671e8b106b363d8761b3d20acc5ec
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_arm.deb
      Size/MD5 checksum:  4300642 c8049249d1904b75c38081129bc5467e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_i386.deb
      Size/MD5 checksum:    66218 d349881df541b5f7383e5a5390ac238a
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_i386.deb
      Size/MD5 checksum:    59176 81412a2ee64924929205b718813970bb
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_i386.deb
      Size/MD5 checksum:  3939522 fe9e13180506bb76b073be1e289d214e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_ia64.deb
      Size/MD5 checksum:    89822 abc527d1eccb607d0731be6200352e75
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_ia64.deb
      Size/MD5 checksum:    73492 b7ba1d9e84583256f33a1c5abe76162e
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_ia64.deb
      Size/MD5 checksum:  5909228 984e273287f9d5dbee2e8310ab43ae69

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_hppa.deb
      Size/MD5 checksum:    78310 0e86d99930bf65fdc9c3479089a6a20b
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_hppa.deb
      Size/MD5 checksum:    66644 21cab5ff1f28857f08b1771de7c3f461
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_hppa.deb
      Size/MD5 checksum:  4612710 fdab445f3c33ae90180d3c834044fc40

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_m68k.deb
      Size/MD5 checksum:    63502 78c53919dcfe97aedbc80b1fc887e204
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_m68k.deb
      Size/MD5 checksum:    58736 69a55de426d9e122adc441b26c9bb062
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_m68k.deb
      Size/MD5 checksum:  3600916 b05f9a5118f7028e5c437c5749bfe79f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mips.deb
      Size/MD5 checksum:    75558 6449710e39b1ebad2c982bcad599e7f0
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mips.deb
      Size/MD5 checksum:    59190 d1fa5b3b77fd4a24d1bc65fb5bce6a90
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mips.deb
      Size/MD5 checksum:  4602728 8454c9ddb3922c981e8d5cc5bf59ad1e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mipsel.deb
      Size/MD5 checksum:    75546 7bbac980fa4a95d71ebd4de2fe2b2b5b
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mipsel.deb
      Size/MD5 checksum:    59430 ea2fd76fbc73cad63efef3b939c89aa1
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mipsel.deb
      Size/MD5 checksum:  4559108 fc52f040b130e7954230cffdd91d1145

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_powerpc.deb
      Size/MD5 checksum:    74904 8a3d0d1292f0978eab3b39d6f96a97e9
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_powerpc.deb
      Size/MD5 checksum:    63372 09c6961bbf8e5280ab1f618dd443106c
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_powerpc.deb
      Size/MD5 checksum:  4382198 62e8dec6600f7fdcee4e11bc29258766

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_s390.deb
      Size/MD5 checksum:    71844 48a4bded5ebdb5719f5b72fc0bb4ea60
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_s390.deb
      Size/MD5 checksum:    63614 9fdebe54556dba9bb6fd3cdd5bab2034
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_s390.deb
      Size/MD5 checksum:  4269024 36f0cf0d6f8f73f569af231b7b47c53e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_sparc.deb
      Size/MD5 checksum:    70022 7cfdf14b376e0249ae24bb77fb1ae73a
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_sparc.deb
      Size/MD5 checksum:    60990 f25104fe0c734c162f75876bdaf797aa
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_sparc.deb
      Size/MD5 checksum:  4156948 a5ae0e1018b2ddc41de89accf9aa10d6


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDxj5FW5ql+IAeqTIRAiSvAJ4nLrbz5mX/YGj988kKJvTyxWjPUACdHocZ
DXgbf2rREWYvVX/u3V1/tEg=
=SKyV
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F43007)

Debian Linux Security Advisory 936-1 (PacketStormID:F43007)
2006-01-12 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-2097,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 936-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 936-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 11th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libextractor
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-2097
                 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
                 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in libextractor, a library to extract arbitrary meta-data
from files, and which can lead to a denial of service by crashing the
application or possibly to the execution of arbitrary code.

The old stable distribution (woody) does not contain libextractor
packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.4.2-2sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 0.5.8-1.

We recommend that you upgrade your libextractor packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.dsc
      Size/MD5 checksum:      778 6906857074772199e2a8a892feb3aae2
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.diff.gz
      Size/MD5 checksum:     6345 c214699bde0bfad501cede35488b4f09
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
      Size/MD5 checksum:  5887095 d99e1b13a017d39700e376a0edbf7ba2

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum:    19424 59bb8cddd5c80fb1cba57796b9445dab
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum:  5804676 9942575a95cb97dfcae26b156dca7a58
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum:    19204 fed48ebb930e6a7d3484bd75c8263a81

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum:    18098 7d4a40679062c4d2d70f9c08dc785559
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum:  5641300 ff1bac0e15d1a6ff630a6ced168e284f
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum:    17364 54dd55236286550d6cadc8dbb3df9ccd

  ARM architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum:    17480 aa541fc867f51588b676aa23d34e25a8
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum:  5710616 ed153d5e88e899f4e27ae5a67c5e45d0
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum:    16784 7a7f73139e8c0c62187179e993734932

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum:    17624 5419b495e3df96a658e1323c83f7faf9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum:  5713300 1bc2a3ab8b321b543a1ae92590e76f8b
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum:    16546 71e4044ff8d923cd56d4bb046be1b37f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum:    20404 cdea8cf2f6cd2b8a761ccca2a2d85421
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum:  5905266 98f5de1716817b660791a92d5ee7c6a6
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum:    19140 d780e22f3cd6c6204de3db711f068dcd

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum:    18560 70ae8b43a0cd581a36a8097fc94c2172
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum:  5687318 a241f7e800ac5cbd7f45fdafeae267ac
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum:    17710 c1848801758081872515d88f86938537

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum:    17184 d64fcc89500919e03805e47dbb9eca52
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum:  5708190 0d20df48cd437a99544bf748a1c89ea9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum:    16404 0e47447d4b7007d4016c32a81f2b66f4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum:    18416 38f460cbf16a6c2a3c735c5a6545013a
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum:  5729074 76787645b83e4438fc79325410114c99
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum:    17700 8cbf4e1556b59d982589d27e5af1211e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum:    18460 dfaad60fd479b74c72c46680d92c5920
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum:  5726846 0d9ad0d53eddd3503cdc2fce6b118595
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum:    17734 a74a4df56930cd6e1ec289a714fe2225

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum:    19600 0fbb4093db271d5924d8e1fb81d0c5c3
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum:  5677812 543192c6a5b6b89fdc0cc0c5b3f2befe
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum:    17556 bd868a198744609509201e7af0e33ab9

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum:    17974 f16109dd971b139abc8a2194731e33c8
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum:  5768028 dfda84e8d1a0e53794418a77a09d801f
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum:    17918 da3bb3df7f86443b1f36ed4b5bcc0113

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum:    17480 1ef23c92384723ab64b315b7d8d51089
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum:  5752164 91a3ad11d2f029e99955b2c54088e034
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum:    16696 87e4150b6738d9921728a1e594bc4904


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDxMoyW5ql+IAeqTIRAoa3AJ4wdQARyff9H2Mjm+0DBiZr4i2HXACfT3tc
/HQ6b6/FOirsuLBIBvIWdew=
=McFo
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F42929)

Debian Linux Security Advisory 931-1 (PacketStormID:F42929)
2006-01-10 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 931-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 931-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 9th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xpdf
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CAN-2005-3191 CAN-2005-3192 CAN-2005-3193 CVE-2005-3624
                 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
Debian Bug     : 342281

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, that can
lead to a denial of service by crashing the application or possibly to
the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 1.00-3.8.

For the stable distribution (sarge) these problems have been fixed in
version 3.00-13.4.

For the unstable distribution (sid) these problems have been fixed in
version 3.01-4.

We recommend that you upgrade your xpdf package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.dsc
      Size/MD5 checksum:      706 f8091cb4e0b0c7baa8ccc4ee75a50699
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.diff.gz
      Size/MD5 checksum:    11832 ab0665a0fa767785037ceff313cbc1b3
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
      Size/MD5 checksum:   397750 81f3c381cef729e4b6f4ce21cf5bbf3c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.8_all.deb
      Size/MD5 checksum:    38826 43072ed4680dab2c7d68eec7b3f7c45a
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8_all.deb
      Size/MD5 checksum:     1286 7bd55048fc7aab6c9c35f65d472932da

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_alpha.deb
      Size/MD5 checksum:   571434 7be66f32548c87a66c2353d976a99c36
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_alpha.deb
      Size/MD5 checksum:  1046964 c83387b2ce2c92faa2cbbc86f2d9a9a8

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_arm.deb
      Size/MD5 checksum:   487502 655007df84b968ec59de01638b77f0b8
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_arm.deb
      Size/MD5 checksum:   887368 a2d7e4052bf2a5c4a495c4e45dedf89b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_i386.deb
      Size/MD5 checksum:   449748 0ae0c17cc4624b254b2aeac09c995d6f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_i386.deb
      Size/MD5 checksum:   828498 530637087a864c6def87e31283bdeceb

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_ia64.deb
      Size/MD5 checksum:   683068 19ecb0905f8636e67bf7238c10f59ad5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_ia64.deb
      Size/MD5 checksum:  1230046 ed52eb1ba803c65bed5b9b82ec551eef

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_hppa.deb
      Size/MD5 checksum:   564570 e375463f1a090ee04616a2a28d074792
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_hppa.deb
      Size/MD5 checksum:  1034076 c7baa8decb624ae001b8325c426c3e83

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_m68k.deb
      Size/MD5 checksum:   427756 e516e992cf634de082e9261fec596417
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_m68k.deb
      Size/MD5 checksum:   795168 5315ec1734af63b31df537992fd575d7

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mips.deb
      Size/MD5 checksum:   555626 38b3797dc8685b374bfa4d5b8310e002
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mips.deb
      Size/MD5 checksum:  1017302 f1420c53961b3574c404e3dcee80e633

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mipsel.deb
      Size/MD5 checksum:   546712 be27f108ed722e04bee9473fb463a749
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mipsel.deb
      Size/MD5 checksum:   999554 d8983b16cb67d5b5da734e8a166079b1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_powerpc.deb
      Size/MD5 checksum:   470466 c90999ac3ffef0f1ca9907ec0c52e8ca
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_powerpc.deb
      Size/MD5 checksum:   860678 1b79e9b04f6b86cee3365c27c99b8c8a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_s390.deb
      Size/MD5 checksum:   430408 09493b1bae3177137a922adbaee7af25
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_s390.deb
      Size/MD5 checksum:   786644 98062cef2cfd5f78eba94f92f7ffc7ec

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_sparc.deb
      Size/MD5 checksum:   444146 9bb3e73108672a45c87eb172b30b645e
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_sparc.deb
      Size/MD5 checksum:   810204 53735cf450d1ff09449dd4e744e31f4a


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.dsc
      Size/MD5 checksum:      781 df2be00a261c47ed25cbf00bdcefcc32
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.diff.gz
      Size/MD5 checksum:    50734 3018a9155bbcf704f47132bbefddd5b5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5 checksum:   534697 95294cef3031dd68e65f331e8750b2c2

  Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.4_all.deb
      Size/MD5 checksum:    56504 333976022e4bd6b1a241844231f2db30
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4_all.deb
      Size/MD5 checksum:     1284 1b077a992654b8df5727d844deb84e0c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_alpha.deb
      Size/MD5 checksum:   802112 93e96a4213f4966d8c0bb2c1e34b572d
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_alpha.deb
      Size/MD5 checksum:  1528190 5db2e3cd7ab5f2865d5303163c3d08a7

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_amd64.deb
      Size/MD5 checksum:   667754 df5e85b58bcb2f7b86837e7a79b745f9
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_amd64.deb
      Size/MD5 checksum:  1273734 5554c8f473a892cc8478f50bc1dd96dd

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_arm.deb
      Size/MD5 checksum:   674458 b419a39cb5b1bbaefe52c51f163913d5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_arm.deb
      Size/MD5 checksum:  1279040 fe5af7d7209bb14e865404ea695a6df3

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_i386.deb
      Size/MD5 checksum:   656804 e319b835c10f76ad7946b74da24ba1bf
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_i386.deb
      Size/MD5 checksum:  1242164 731e556748f3f84465bd6537462fde03

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_ia64.deb
      Size/MD5 checksum:   950974 fe4f3be5aa05772806309faaa3847db3
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_ia64.deb
      Size/MD5 checksum:  1801950 27c19b5813e7d2aa34aca9847c277b40

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_hppa.deb
      Size/MD5 checksum:   832646 a2504b353573d384d443e923782775f1
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_hppa.deb
      Size/MD5 checksum:  1580478 72266677b36f9ec9ab2c2bcac1dfe7ac

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_m68k.deb
      Size/MD5 checksum:   585736 e1331547251b0d5eba96c68e6665abf2
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_m68k.deb
      Size/MD5 checksum:  1116746 46d969a98302c1b49b5e9a355047adfc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mips.deb
      Size/MD5 checksum:   807800 d1acd349bc0a932ea3467db9796919f5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mips.deb
      Size/MD5 checksum:  1524848 685d65d2a07676b55fa3abd8505018a9

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mipsel.deb
      Size/MD5 checksum:   798090 18503fbab79be783005bed35d4cdb02d
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mipsel.deb
      Size/MD5 checksum:  1503796 aaa4b1de4370d52cc2b3e595542f82c3

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_powerpc.deb
      Size/MD5 checksum:   694126 08e64354f30b1bd573092925b894c77f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_powerpc.deb
      Size/MD5 checksum:  1313048 5f39d0ffe44186db884a7c1115704666

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_s390.deb
      Size/MD5 checksum:   630774 8b48412164ae96066c61399a5c7b3cd7
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_s390.deb
      Size/MD5 checksum:  1198670 6b837427a05f0b19630197183c9c50f1

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_sparc.deb
      Size/MD5 checksum:   626394 0bbb59b11b9d11f9129fbd475e3ab186
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_sparc.deb
      Size/MD5 checksum:  1181726 a523c04a7ae1c3b8fc24c29f46d3c589


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDwpWrW5ql+IAeqTIRAhdkAKCgwmk5BFUWu5yB3YbFlL2fLf90ZwCfbgnG
UEndv6nnPJdfmUKQUHx2Jus=
=+8on
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F42862)

Ubuntu Security Notice 236-1 (PacketStormID:F42862)
2006-01-08 00:00:00
Ubuntu  security.ubuntu.com
advisory,overflow,arbitrary
linux,ubuntu
CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627
[点击下载]

Ubuntu Security Notice USN-236-1 - Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.

===========================================================
Ubuntu Security Notice USN-236-1	   January 05, 2006
xpdf, poppler, cupsys, tetex-bin vulnerabilities
CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

cupsys
libpoppler0c2
tetex-bin
xpdf-reader
xpdf-utils

The problem can be corrected by upgrading the affected package to the
following versions:

Ubuntu 4.10:
  xpdf:		 3.00-8ubuntu1.10
  cupsys:	 1.1.20final+cvs20040330-4ubuntu16.10
  tetex-bin:	 2.0.2-21ubuntu0.7

Ubuntu 5.04:
  xpdf:		 3.00-11ubuntu3.6
  tetex-bin:	 2.0.2-25ubuntu0.4

Ubuntu 5.10:
  libpoppler0c2: 0.4.2-0ubuntu6.5
  tetex-bin:	 2.0.2-30ubuntu3.4

In general, a standard system upgrade is sufficient to effect the necessary
changes.

Details follow:

Chris Evans discovered several integer overflows in the XPDF code,
which is present in xpdf, the Poppler library, and tetex-bin. By
tricking an user into opening a specially crafted PDF file, an
attacker could exploit this to execute arbitrary code with the
privileges of the application that processes the document.

The CUPS printing system also uses XPDF code to convert PDF files to
PostScript. By attempting to print such a crafted PDF file, a remote
attacker could execute arbitrary code with the privileges of the
printer server (user 'cupsys').

Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.10.diff.gz
      Size/MD5:  1356783 70cf50cb2698eda0f1fdf4ba80bba9c0
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.10.dsc
      Size/MD5:      869 6419d00d007c25bbb3dfde3a211da8a2
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz
      Size/MD5:  5645146 5eb5983a71b26e4af841c26703fc2f79
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.8.diff.gz
      Size/MD5:   115044 1e418efc75c217322017a65531aa7577
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.8.dsc
      Size/MD5:     1062 08d1cae5f243f41c22849af971df51a2
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.10.diff.gz
      Size/MD5:    50967 df04827d6c4e0444319c9ceae6f64e7c
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.10.dsc
      Size/MD5:      790 67411f3b9b4bab265bc6d99b2c5cdb3d
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5:   534697 95294cef3031dd68e65f331e8750b2c2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.10_all.deb
      Size/MD5:    56950 6ee4e6d4442efd717e1a9a2ae080986c
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.10_all.deb
      Size/MD5:     1282 b2695f5415cf3541bdaf5fe4d7115d3e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb
      Size/MD5:    59524 a85a0138ae4d9d5467703136e9ac6e97
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb
      Size/MD5:   107866 5764836e8deebbfab06b4e3519eed2c1
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb
      Size/MD5:  3615784 fa3748932d7e2d007012ca15882d3e35
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb
      Size/MD5:    63178 17dd4cd8ebbb35628a87add73feaa88a
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb
      Size/MD5:    53828 18778f1d6d2534e32304a97004a82e28
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb
      Size/MD5:   102316 fadb908483701999d4a5e3b45a0c5e3f
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb
      Size/MD5:    75364 cea8e759b61180e3b3caf0077163e130
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.8_amd64.deb
      Size/MD5:    72750 0286333baff0270901cad8a7ba39bd43
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.8_amd64.deb
      Size/MD5:    60678 050ccb51b249f8251b353d3f790c37a0
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.8_amd64.deb
      Size/MD5:  4329890 1a89d71600ca13bdc909937e161028e6
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.10_amd64.deb
      Size/MD5:   668002 dc13243a970e6e7613e6f40a80f35d4a
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.10_amd64.deb
      Size/MD5:  1274366 9139208cdc21eea9a918e03c261483b2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb
      Size/MD5:    58868 c10b30a78ba36ed779a4559e21e4f750
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb
      Size/MD5:   105608 6cc7a55b7b329ebc1b276b393ababdfe
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb
      Size/MD5:  3604646 ad79b6c0aa5d22e9d895edb0a2e2bfbc
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb
      Size/MD5:    62736 a147e720d247c711937b506392f00939
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb
      Size/MD5:    53392 87a5119820ce75167ab660e02f6e9b1d
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb
      Size/MD5:    98952 adf242c814d93aa8f69e8555499969c5
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb
      Size/MD5:    72636 d7dd933126043bd716596f5388c593ae
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.8_i386.deb
      Size/MD5:    64816 b612d75ce93f9d0a8c719d3a561c1665
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.8_i386.deb
      Size/MD5:    57108 0f6214c10ad0f219da4f68e27140c30d
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.8_i386.deb
      Size/MD5:  3814532 610ab1d57e85c9c54097664df9b44a2c
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.10_i386.deb
      Size/MD5:   633054 39428df85e30742c005ccb5e6cb85ad9
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.10_i386.deb
      Size/MD5:  1196622 7796d8702bc51268325abeef2a3e8705

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb
      Size/MD5:    63444 e5f1b9c38f9301dfa3dda5a5abf5132d
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb
      Size/MD5:   115430 b4b4a1c965cb5c6cfbbfed0f6350cf75
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb
      Size/MD5:  3635092 6e90b4c97a89abc955bd0a27cfbf081d
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb
      Size/MD5:    62364 ba9781a3f6ac12995e468178f9579ab7
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb
      Size/MD5:    56028 ecd23c117a5d9baedae11666f59de4d6
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb
      Size/MD5:   101692 338f9c14d0cc16f13a4e8ef205fce357
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb
      Size/MD5:    75462 a8f11ea69bb384a28419826c135bc675
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.8_powerpc.deb
      Size/MD5:    74894 75c33bc046c97e754f646f3f0e12411f
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.8_powerpc.deb
      Size/MD5:    62056 da8d8549d1d038ddc79b2e9a64887d50
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.8_powerpc.deb
      Size/MD5:  4352698 b86700e68e8dcd7688751edcbf519d27
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.10_powerpc.deb
      Size/MD5:   694178 3d58566f6d96c4cab62317b49aa6ae87
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.10_powerpc.deb
      Size/MD5:  1314108 4f2b9f97072c67b168d38caf822c552c

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-25ubuntu0.4.diff.gz
      Size/MD5:   128664 45240e7994c9367f938f584098fbb09c
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-25ubuntu0.4.dsc
      Size/MD5:     1062 a07000b306e0920065c77cd2f9b384cc
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-11ubuntu3.6.diff.gz
      Size/MD5:    51784 b15793093c9c2711075888c63af9ab39
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-11ubuntu3.6.dsc
      Size/MD5:      798 906bd260f2b44a8a5ac9d01dd4993995
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5:   534697 95294cef3031dd68e65f331e8750b2c2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-11ubuntu3.6_all.deb
      Size/MD5:    57200 4400774e9933c5349b9789c52a44b095
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-11ubuntu3.6_all.deb
      Size/MD5:     1284 c625f5692f602d4ebcf2c47258fdece3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-25ubuntu0.4_amd64.deb
      Size/MD5:    72754 f363a4a3d8722e498f0f18bf73ce497f
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-25ubuntu0.4_amd64.deb
      Size/MD5:    61370 eb13736eb2b41093d1bf90773c2910f5
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-25ubuntu0.4_amd64.deb
      Size/MD5:  4355314 a681cbd47377db085c2a42019d0a053f
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-11ubuntu3.6_amd64.deb
      Size/MD5:   668054 1eab64286fbeaef4657cb49511973707
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-11ubuntu3.6_amd64.deb
      Size/MD5:  1274368 4de5460d641a76aad11e151c3b026dd6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-25ubuntu0.4_i386.deb
      Size/MD5:    64806 31942578e6865ed72e00f14dbe3a9343
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-25ubuntu0.4_i386.deb
      Size/MD5:    57828 42bd4718aea17e67f3e29871d05cfc95
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-25ubuntu0.4_i386.deb
      Size/MD5:  3835352 023cbca029204dc69d56711fbc659f81
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-11ubuntu3.6_i386.deb
      Size/MD5:   632918 b920732995531e02d8890c3215de6ea2
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-11ubuntu3.6_i386.deb
      Size/MD5:  1196030 4613c0b5ef2c9c7be45d1c3b6869c80b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-25ubuntu0.4_powerpc.deb
      Size/MD5:    74898 a1554733d124cb750632520bd899754d
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-25ubuntu0.4_powerpc.deb
      Size/MD5:    62822 ac4f66789f6decf07d4e80e52ff9e0d5
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-25ubuntu0.4_powerpc.deb
      Size/MD5:  4380704 32db3c3f89c30f7dd5ca3c358e49cd34
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-11ubuntu3.6_powerpc.deb
      Size/MD5:   694340 0faabc75501ead26b97d7517d233627a
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-11ubuntu3.6_powerpc.deb
      Size/MD5:  1314038 d26cb93199833036603de84a618ae958

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.4.2-0ubuntu6.5.diff.gz
      Size/MD5:   108158 3b0400388e9fe6848d52f944950fbc2a
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.4.2-0ubuntu6.5.dsc
      Size/MD5:     1655 ee433ee2475783eb5e3170931773ed0e
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.4.2.orig.tar.gz
      Size/MD5:   777935 beb1eea135a3c5b679a7a22d01a500c0
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.4.diff.gz
      Size/MD5:   156562 bb792572fbde8b63615165e3740186f9
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.4.dsc
      Size/MD5:     1026 23cac8967296e48d4da27de0837c2a0f
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.4_amd64.deb
      Size/MD5:    73848 900cf4e89cf55f4680a5944817840b6c
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.4_amd64.deb
      Size/MD5:    63076 5009e9b32adaa3ac8bbe635b599909e0
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.4.2-0ubuntu6.5_amd64.deb
      Size/MD5:   611756 95c5c5c54b57e6e70593be4f99568f53
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.4.2-0ubuntu6.5_amd64.deb
      Size/MD5:    44156 06abe0627ce47641f5f21411e7573024
    http://security.ubuntu.com/ubuntu/pool/universe/p/poppler/libpoppler-qt-dev_0.4.2-0ubuntu6.5_amd64.deb
      Size/MD5:    29460 e4ab72981af906ee9f502d868f2ecb92
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler0c2-glib_0.4.2-0ubuntu6.5_amd64.deb
      Size/MD5:    39820 b04fed79f5981be18da3c147c7f2d468
    http://security.ubuntu.com/ubuntu/pool/universe/p/poppler/libpoppler0c2-qt_0.4.2-0ubuntu6.5_amd64.deb
      Size/MD5:    28164 236bf5b8c7db1e4eca25993af9b73308
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler0c2_0.4.2-0ubuntu6.5_amd64.deb
      Size/MD5:   455384 7a943e97109c49e9e0451681f6b3dc4b
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.4.2-0ubuntu6.5_amd64.deb
      Size/MD5:    82644 59448a2dd769a55417a282c678c727cf
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.4_amd64.deb
      Size/MD5:  4482546 13854c81a43ff61f83f5acb62073457b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.4_i386.deb
      Size/MD5:    65990 be626bfe51eb356c164680fc3473e88f
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.4_i386.deb
      Size/MD5:    59122 56367f7df74b07d5920c6eec00e415c2
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.4.2-0ubuntu6.5_i386.deb
      Size/MD5:   549104 c3e85404bed40383f2a50e321e77e2eb
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.4.2-0ubuntu6.5_i386.deb
      Size/MD5:    41376 9a949716495531222246fe1bf26b5fbf
    http://security.ubuntu.com/ubuntu/pool/universe/p/poppler/libpoppler-qt-dev_0.4.2-0ubuntu6.5_i386.deb
      Size/MD5:    28392 e4af4ab179e8aa794a44b87edb61bc6b
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler0c2-glib_0.4.2-0ubuntu6.5_i386.deb
      Size/MD5:    38286 c43802ca8e232aa7ac8b8c64e826c4be
    http://security.ubuntu.com/ubuntu/pool/universe/p/poppler/libpoppler0c2-qt_0.4.2-0ubuntu6.5_i386.deb
      Size/MD5:    27502 b1dc43c7cf9b1df947ff3c0512c4f5ee
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler0c2_0.4.2-0ubuntu6.5_i386.deb
      Size/MD5:   416006 bb98e269ec369ac2142cef3b4e183a7f
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.4.2-0ubuntu6.5_i386.deb
      Size/MD5:    76994 b4752646cdcd2f2a662008b6a2955833
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.4_i386.deb
      Size/MD5:  3883882 1e314747d160ea172c78f15e6924ad80

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.4_powerpc.deb
      Size/MD5:    75808 d6fd625468a9b7ef81a6c2fb3bf49e9c
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.4_powerpc.deb
      Size/MD5:    64304 faf97ea53dcdbff89049204171a0e69f
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.4.2-0ubuntu6.5_powerpc.deb
      Size/MD5:   643884 8a478eb72ab0c39fec824f42f787ecf4
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.4.2-0ubuntu6.5_powerpc.deb
      Size/MD5:    46320 cbdf9ca4730b2a9cc44f1787d993cae6
    http://security.ubuntu.com/ubuntu/pool/universe/p/poppler/libpoppler-qt-dev_0.4.2-0ubuntu6.5_powerpc.deb
      Size/MD5:    29786 ba6e5d1dd6a10b99e94f00651e27f420
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler0c2-glib_0.4.2-0ubuntu6.5_powerpc.deb
      Size/MD5:    41310 d461300dd976d041d514f07761026647
    http://security.ubuntu.com/ubuntu/pool/universe/p/poppler/libpoppler0c2-qt_0.4.2-0ubuntu6.5_powerpc.deb
      Size/MD5:    29652 a7d323e54fa19dfb1b287a3dbb33a399
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler0c2_0.4.2-0ubuntu6.5_powerpc.deb
      Size/MD5:   457778 48200cc18151a2c6d1c24d5fa91b4529
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.4.2-0ubuntu6.5_powerpc.deb
      Size/MD5:    87660 f0efcd8ce009edf98a43e0a2f0a28d5a
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.4_powerpc.deb
      Size/MD5:  4471706 c982b93f69b93ffbb4ef021b523165f5
    

- 漏洞信息

22235
Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

- 时间线

2006-01-03 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站