drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberlauf in poppler
Name: |
Zahlenüberlauf in poppler |
|
ID: |
DTSA-54-1 |
|
Distribution: |
Debian Testing |
|
Plattformen: |
Debian testing |
|
Datum: |
Mi, 22. August 2007, 13:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 |
|
Applikationen: |
poppler |
|
Originalnachricht |
--===============0416012725823681192== Content-Type: multipart/signed; boundary="nextPart4520178.xJZjPM66hK"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit
--nextPart4520178.xJZjPM66hK Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline
- -------------------------------------------------------------------------- Debian Testing Security Advisory DTSA-54-1 August 22nd , 2007 secure-testing-team at lists.alioth.debian.org Steffen Joeris http://secure-testing-master.debian.net/ - --------------------------------------------------------------------------
Package : poppler Vulnerability : integer overflow Problem-Scope : local (remote) Debian-specific: no CVE ID : CVE-2007-3387
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.
For the testing distribution (lenny) this is fixed in version 0.5.4-6lenny1
For the unstable distribution (sid) this is fixed in version 0.5.4-6.1
This upgrade is recommended if you use poppler
Upgrade Instructions - --------------------
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free deb-src http://security.debian.org/ testing/updates main contrib non-free
To install the update, run this command as root:
apt-get update && apt-get upgrade
For further information about the Debian testing security team, please refer to http://secure-testing-master.debian.net/
--nextPart4520178.xJZjPM66hK Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQBGy9zQ62zWxYk/rQcRArGWAKCzpVWzFZCfDoEvJwScqdzfYkiAbgCgnhgD FayS1S5Lvl/naRUWw8Na4/k= =RU7k -----END PGP SIGNATURE-----
--nextPart4520178.xJZjPM66hK--
--===============0416012725823681192== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
_______________________________________________ secure-testing-announce mailing list secure-testing-announce@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce --===============0416012725823681192==--
|
|
|
|