drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberläufe in xpdf
Name: |
Zahlenüberläufe in xpdf |
|
ID: |
USN-236-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Do, 5. Januar 2006, 19:09 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 |
|
Applikationen: |
xpdf |
|
Originalnachricht |
--===============1198217943== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+HmK7y6O+lKZIGkr" Content-Disposition: inline
--+HmK7y6O+lKZIGkr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-236-1 January 05, 2006 xpdf, poppler, cupsys, tetex-bin vulnerabilities CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
cupsys libpoppler0c2 tetex-bin xpdf-reader xpdf-utils
The problem can be corrected by upgrading the affected package to the following versions:
Ubuntu 4.10: xpdf: 3.00-8ubuntu1.10 cupsys: 1.1.20final+cvs20040330-4ubuntu16.10 tetex-bin: 2.0.2-21ubuntu0.7
Ubuntu 5.04: xpdf: 3.00-11ubuntu3.6 tetex-bin: 2.0.2-25ubuntu0.4
Ubuntu 5.10: libpoppler0c2: 0.4.2-0ubuntu6.5 tetex-bin: 2.0.2-30ubuntu3.4
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.
The CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user 'cupsys').
Updated packages for Ubuntu 4.10:
Source archives:
cupsys_1.1.20final+cvs20040330-4ubuntu16.10.diff.gz Size/MD5: 1356783 70cf50cb2698eda0f1fdf4ba80bba9c0 cupsys_1.1.20final+cvs20040330-4ubuntu16.10.dsc Size/MD5: 869 6419d00d007c25bbb3dfde3a211da8a2 cupsys_1.1.20final+cvs20040330.orig.tar.gz Size/MD5: 5645146 5eb5983a71b26e4af841c26703fc2f79 tetex-bin_2.0.2-21ubuntu0.8.diff.gz Size/MD5: 115044 1e418efc75c217322017a65531aa7577 tetex-bin_2.0.2-21ubuntu0.8.dsc Size/MD5: 1062 08d1cae5f243f41c22849af971df51a2 tetex-bin_2.0.2.orig.tar.gz Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63 xpdf_3.00-8ubuntu1.10.diff.gz Size/MD5: 50967 df04827d6c4e0444319c9ceae6f64e7c xpdf_3.00-8ubuntu1.10.dsc Size/MD5: 790 67411f3b9b4bab265bc6d99b2c5cdb3d http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2
Architecture independent packages:
xpdf-common_3.00-8ubuntu1.10_all.deb Size/MD5: 56950 6ee4e6d4442efd717e1a9a2ae080986c xpdf_3.00-8ubuntu1.10_all.deb Size/MD5: 1282 b2695f5415cf3541bdaf5fe4d7115d3e
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb Size/MD5: 59524 a85a0138ae4d9d5467703136e9ac6e97 cupsys-client_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb Size/MD5: 107866 5764836e8deebbfab06b4e3519eed2c1 cupsys_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb Size/MD5: 3615784 fa3748932d7e2d007012ca15882d3e35 libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb Size/MD5: 63178 17dd4cd8ebbb35628a87add73feaa88a libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb Size/MD5: 53828 18778f1d6d2534e32304a97004a82e28 libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb Size/MD5: 102316 fadb908483701999d4a5e3b45a0c5e3f libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.10_amd64.deb Size/MD5: 75364 cea8e759b61180e3b3caf0077163e130 libkpathsea-dev_2.0.2-21ubuntu0.8_amd64.deb Size/MD5: 72750 0286333baff0270901cad8a7ba39bd43 libkpathsea3_2.0.2-21ubuntu0.8_amd64.deb Size/MD5: 60678 050ccb51b249f8251b353d3f790c37a0 tetex-bin_2.0.2-21ubuntu0.8_amd64.deb Size/MD5: 4329890 1a89d71600ca13bdc909937e161028e6 xpdf-reader_3.00-8ubuntu1.10_amd64.deb Size/MD5: 668002 dc13243a970e6e7613e6f40a80f35d4a xpdf-utils_3.00-8ubuntu1.10_amd64.deb Size/MD5: 1274366 9139208cdc21eea9a918e03c261483b2
i386 architecture (x86 compatible Intel/AMD)
cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb Size/MD5: 58868 c10b30a78ba36ed779a4559e21e4f750 cupsys-client_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb Size/MD5: 105608 6cc7a55b7b329ebc1b276b393ababdfe cupsys_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb Size/MD5: 3604646 ad79b6c0aa5d22e9d895edb0a2e2bfbc libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb Size/MD5: 62736 a147e720d247c711937b506392f00939 libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb Size/MD5: 53392 87a5119820ce75167ab660e02f6e9b1d libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb Size/MD5: 98952 adf242c814d93aa8f69e8555499969c5 libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.10_i386.deb Size/MD5: 72636 d7dd933126043bd716596f5388c593ae libkpathsea-dev_2.0.2-21ubuntu0.8_i386.deb Size/MD5: 64816 b612d75ce93f9d0a8c719d3a561c1665 libkpathsea3_2.0.2-21ubuntu0.8_i386.deb Size/MD5: 57108 0f6214c10ad0f219da4f68e27140c30d tetex-bin_2.0.2-21ubuntu0.8_i386.deb Size/MD5: 3814532 610ab1d57e85c9c54097664df9b44a2c xpdf-reader_3.00-8ubuntu1.10_i386.deb Size/MD5: 633054 39428df85e30742c005ccb5e6cb85ad9 xpdf-utils_3.00-8ubuntu1.10_i386.deb Size/MD5: 1196622 7796d8702bc51268325abeef2a3e8705
powerpc architecture (Apple Macintosh G3/G4/G5)
cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb Size/MD5: 63444 e5f1b9c38f9301dfa3dda5a5abf5132d cupsys-client_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb Size/MD5: 115430 b4b4a1c965cb5c6cfbbfed0f6350cf75 cupsys_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb Size/MD5: 3635092 6e90b4c97a89abc955bd0a27cfbf081d libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb Size/MD5: 62364 ba9781a3f6ac12995e468178f9579ab7 libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb Size/MD5: 56028 ecd23c117a5d9baedae11666f59de4d6 libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb Size/MD5: 101692 338f9c14d0cc16f13a4e8ef205fce357 libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.10_powerpc.deb Size/MD5: 75462 a8f11ea69bb384a28419826c135bc675 libkpathsea-dev_2.0.2-21ubuntu0.8_powerpc.deb Size/MD5: 74894 75c33bc046c97e754f646f3f0e12411f libkpathsea3_2.0.2-21ubuntu0.8_powerpc.deb Size/MD5: 62056 da8d8549d1d038ddc79b2e9a64887d50 tetex-bin_2.0.2-21ubuntu0.8_powerpc.deb Size/MD5: 4352698 b86700e68e8dcd7688751edcbf519d27 xpdf-reader_3.00-8ubuntu1.10_powerpc.deb Size/MD5: 694178 3d58566f6d96c4cab62317b49aa6ae87 xpdf-utils_3.00-8ubuntu1.10_powerpc.deb Size/MD5: 1314108 4f2b9f97072c67b168d38caf822c552c
Updated packages for Ubuntu 5.04:
Source archives:
tetex-bin_2.0.2-25ubuntu0.4.diff.gz Size/MD5: 128664 45240e7994c9367f938f584098fbb09c tetex-bin_2.0.2-25ubuntu0.4.dsc Size/MD5: 1062 a07000b306e0920065c77cd2f9b384cc tetex-bin_2.0.2.orig.tar.gz Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63 xpdf_3.00-11ubuntu3.6.diff.gz Size/MD5: 51784 b15793093c9c2711075888c63af9ab39 xpdf_3.00-11ubuntu3.6.dsc Size/MD5: 798 906bd260f2b44a8a5ac9d01dd4993995 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2
Architecture independent packages:
xpdf-common_3.00-11ubuntu3.6_all.deb Size/MD5: 57200 4400774e9933c5349b9789c52a44b095 xpdf_3.00-11ubuntu3.6_all.deb Size/MD5: 1284 c625f5692f602d4ebcf2c47258fdece3
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libkpathsea-dev_2.0.2-25ubuntu0.4_amd64.deb Size/MD5: 72754 f363a4a3d8722e498f0f18bf73ce497f libkpathsea3_2.0.2-25ubuntu0.4_amd64.deb Size/MD5: 61370 eb13736eb2b41093d1bf90773c2910f5 tetex-bin_2.0.2-25ubuntu0.4_amd64.deb Size/MD5: 4355314 a681cbd47377db085c2a42019d0a053f xpdf-reader_3.00-11ubuntu3.6_amd64.deb Size/MD5: 668054 1eab64286fbeaef4657cb49511973707 xpdf-utils_3.00-11ubuntu3.6_amd64.deb Size/MD5: 1274368 4de5460d641a76aad11e151c3b026dd6
i386 architecture (x86 compatible Intel/AMD)
libkpathsea-dev_2.0.2-25ubuntu0.4_i386.deb Size/MD5: 64806 31942578e6865ed72e00f14dbe3a9343 libkpathsea3_2.0.2-25ubuntu0.4_i386.deb Size/MD5: 57828 42bd4718aea17e67f3e29871d05cfc95 tetex-bin_2.0.2-25ubuntu0.4_i386.deb Size/MD5: 3835352 023cbca029204dc69d56711fbc659f81 xpdf-reader_3.00-11ubuntu3.6_i386.deb Size/MD5: 632918 b920732995531e02d8890c3215de6ea2 xpdf-utils_3.00-11ubuntu3.6_i386.deb Size/MD5: 1196030 4613c0b5ef2c9c7be45d1c3b6869c80b
powerpc architecture (Apple Macintosh G3/G4/G5)
libkpathsea-dev_2.0.2-25ubuntu0.4_powerpc.deb Size/MD5: 74898 a1554733d124cb750632520bd899754d libkpathsea3_2.0.2-25ubuntu0.4_powerpc.deb Size/MD5: 62822 ac4f66789f6decf07d4e80e52ff9e0d5 tetex-bin_2.0.2-25ubuntu0.4_powerpc.deb Size/MD5: 4380704 32db3c3f89c30f7dd5ca3c358e49cd34 xpdf-reader_3.00-11ubuntu3.6_powerpc.deb Size/MD5: 694340 0faabc75501ead26b97d7517d233627a xpdf-utils_3.00-11ubuntu3.6_powerpc.deb Size/MD5: 1314038 d26cb93199833036603de84a618ae958
Updated packages for Ubuntu 5.10:
Source archives:
poppler_0.4.2-0ubuntu6.5.diff.gz Size/MD5: 108158 3b0400388e9fe6848d52f944950fbc2a poppler_0.4.2-0ubuntu6.5.dsc Size/MD5: 1655 ee433ee2475783eb5e3170931773ed0e poppler_0.4.2.orig.tar.gz Size/MD5: 777935 beb1eea135a3c5b679a7a22d01a500c0 tetex-bin_2.0.2-30ubuntu3.4.diff.gz Size/MD5: 156562 bb792572fbde8b63615165e3740186f9 tetex-bin_2.0.2-30ubuntu3.4.dsc Size/MD5: 1026 23cac8967296e48d4da27de0837c2a0f tetex-bin_2.0.2.orig.tar.gz Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libkpathsea-dev_2.0.2-30ubuntu3.4_amd64.deb Size/MD5: 73848 900cf4e89cf55f4680a5944817840b6c libkpathsea3_2.0.2-30ubuntu3.4_amd64.deb Size/MD5: 63076 5009e9b32adaa3ac8bbe635b599909e0 libpoppler-dev_0.4.2-0ubuntu6.5_amd64.deb Size/MD5: 611756 95c5c5c54b57e6e70593be4f99568f53 libpoppler-glib-dev_0.4.2-0ubuntu6.5_amd64.deb Size/MD5: 44156 06abe0627ce47641f5f21411e7573024 libpoppler-qt-dev_0.4.2-0ubuntu6.5_amd64.deb Size/MD5: 29460 e4ab72981af906ee9f502d868f2ecb92 libpoppler0c2-glib_0.4.2-0ubuntu6.5_amd64.deb Size/MD5: 39820 b04fed79f5981be18da3c147c7f2d468 libpoppler0c2-qt_0.4.2-0ubuntu6.5_amd64.deb Size/MD5: 28164 236bf5b8c7db1e4eca25993af9b73308 libpoppler0c2_0.4.2-0ubuntu6.5_amd64.deb Size/MD5: 455384 7a943e97109c49e9e0451681f6b3dc4b poppler-utils_0.4.2-0ubuntu6.5_amd64.deb Size/MD5: 82644 59448a2dd769a55417a282c678c727cf tetex-bin_2.0.2-30ubuntu3.4_amd64.deb Size/MD5: 4482546 13854c81a43ff61f83f5acb62073457b
i386 architecture (x86 compatible Intel/AMD)
libkpathsea-dev_2.0.2-30ubuntu3.4_i386.deb Size/MD5: 65990 be626bfe51eb356c164680fc3473e88f libkpathsea3_2.0.2-30ubuntu3.4_i386.deb Size/MD5: 59122 56367f7df74b07d5920c6eec00e415c2 libpoppler-dev_0.4.2-0ubuntu6.5_i386.deb Size/MD5: 549104 c3e85404bed40383f2a50e321e77e2eb libpoppler-glib-dev_0.4.2-0ubuntu6.5_i386.deb Size/MD5: 41376 9a949716495531222246fe1bf26b5fbf libpoppler-qt-dev_0.4.2-0ubuntu6.5_i386.deb Size/MD5: 28392 e4af4ab179e8aa794a44b87edb61bc6b libpoppler0c2-glib_0.4.2-0ubuntu6.5_i386.deb Size/MD5: 38286 c43802ca8e232aa7ac8b8c64e826c4be libpoppler0c2-qt_0.4.2-0ubuntu6.5_i386.deb Size/MD5: 27502 b1dc43c7cf9b1df947ff3c0512c4f5ee libpoppler0c2_0.4.2-0ubuntu6.5_i386.deb Size/MD5: 416006 bb98e269ec369ac2142cef3b4e183a7f poppler-utils_0.4.2-0ubuntu6.5_i386.deb Size/MD5: 76994 b4752646cdcd2f2a662008b6a2955833 tetex-bin_2.0.2-30ubuntu3.4_i386.deb Size/MD5: 3883882 1e314747d160ea172c78f15e6924ad80
powerpc architecture (Apple Macintosh G3/G4/G5)
libkpathsea-dev_2.0.2-30ubuntu3.4_powerpc.deb Size/MD5: 75808 d6fd625468a9b7ef81a6c2fb3bf49e9c libkpathsea3_2.0.2-30ubuntu3.4_powerpc.deb Size/MD5: 64304 faf97ea53dcdbff89049204171a0e69f libpoppler-dev_0.4.2-0ubuntu6.5_powerpc.deb Size/MD5: 643884 8a478eb72ab0c39fec824f42f787ecf4 libpoppler-glib-dev_0.4.2-0ubuntu6.5_powerpc.deb Size/MD5: 46320 cbdf9ca4730b2a9cc44f1787d993cae6 libpoppler-qt-dev_0.4.2-0ubuntu6.5_powerpc.deb Size/MD5: 29786 ba6e5d1dd6a10b99e94f00651e27f420 libpoppler0c2-glib_0.4.2-0ubuntu6.5_powerpc.deb Size/MD5: 41310 d461300dd976d041d514f07761026647 libpoppler0c2-qt_0.4.2-0ubuntu6.5_powerpc.deb Size/MD5: 29652 a7d323e54fa19dfb1b287a3dbb33a399 libpoppler0c2_0.4.2-0ubuntu6.5_powerpc.deb Size/MD5: 457778 48200cc18151a2c6d1c24d5fa91b4529 poppler-utils_0.4.2-0ubuntu6.5_powerpc.deb Size/MD5: 87660 f0efcd8ce009edf98a43e0a2f0a28d5a tetex-bin_2.0.2-30ubuntu3.4_powerpc.deb Size/MD5: 4471706 c982b93f69b93ffbb4ef021b523165f5
--+HmK7y6O+lKZIGkr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDvV6NDecnbV4Fd/IRAqSRAJ4p2Z9qahWPAuLCRtq965/6p4TeBACg2Ql3 eguVmJgMxIalqCNijmocGGI= =33G3 -----END PGP SIGNATURE-----
--+HmK7y6O+lKZIGkr--
--===============1198217943== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1198217943==--
|
|
|
|