Zahlenüberlauf in poppler
ID: | DTSA-54-1 |
Distribution: | Debian Testing |
Plattformen: | Debian testing |
Datum: | Mi, 22. August 2007, 13:58 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 |
Applikationen: | poppler |
Originalnachricht |
|
--===============0416012725823681192== Content-Type: multipart/signed; boundary="nextPart4520178.xJZjPM66hK"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart4520178.xJZjPM66hK Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline - -------------------------------------------------------------------------- Debian Testing Security Advisory DTSA-54-1 August 22nd , 2007 secure-testing-team at lists.alioth.debian.org Steffen Joeris http://secure-testing-master.debian.net/ - -------------------------------------------------------------------------- Package : poppler Vulnerability : integer overflow Problem-Scope : local (remote) Debian-specific: no CVE ID : CVE-2007-3387 It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. For the testing distribution (lenny) this is fixed in version 0.5.4-6lenny1 For the unstable distribution (sid) this is fixed in version 0.5.4-6.1 This upgrade is recommended if you use poppler Upgrade Instructions - -------------------- To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list: deb http://security.debian.org/ testing/updates main contrib non-free deb-src http://security.debian.org/ testing/updates main contrib non-free To install the update, run this command as root: apt-get update && apt-get upgrade For further information about the Debian testing security team, please refer to http://secure-testing-master.debian.net/ --nextPart4520178.xJZjPM66hK Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBGy9zQ62zWxYk/rQcRArGWAKCzpVWzFZCfDoEvJwScqdzfYkiAbgCgnhgD FayS1S5Lvl/naRUWw8Na4/k= =RU7k -----END PGP SIGNATURE----- --nextPart4520178.xJZjPM66hK-- --===============0416012725823681192== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ secure-testing-announce mailing list secure-testing-announce@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce --===============0416012725823681192==-- |