Login
Newsletter
Werbung

Sicherheit: Zahlenüberlauf in poppler
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in poppler
ID: DTSA-54-1
Distribution: Debian Testing
Plattformen: Debian testing
Datum: Mi, 22. August 2007, 13:58
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
Applikationen: poppler

Originalnachricht

--===============0416012725823681192==
Content-Type: multipart/signed;
boundary="nextPart4520178.xJZjPM66hK";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart4520178.xJZjPM66hK
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-54-1 August 22nd , 2007
secure-testing-team at lists.alioth.debian.org Steffen Joeris
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------

Package : poppler
Vulnerability : integer overflow
Problem-Scope : local (remote)
Debian-specific: no
CVE ID : CVE-2007-3387

It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

For the testing distribution (lenny) this is fixed in version
0.5.4-6lenny1

For the unstable distribution (sid) this is fixed in version
0.5.4-6.1

This upgrade is recommended if you use poppler

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free

To install the update, run this command as root:

apt-get update && apt-get upgrade

For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/

--nextPart4520178.xJZjPM66hK
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBGy9zQ62zWxYk/rQcRArGWAKCzpVWzFZCfDoEvJwScqdzfYkiAbgCgnhgD
FayS1S5Lvl/naRUWw8Na4/k=
=RU7k
-----END PGP SIGNATURE-----

--nextPart4520178.xJZjPM66hK--


--===============0416012725823681192==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
secure-testing-announce mailing list
secure-testing-announce@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce
--===============0416012725823681192==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung