drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebigen Codes in xpdf
Name: |
Ausführen beliebigen Codes in xpdf
|
|
ID: |
200306-11 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Do, 26. Juni 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
xpdf |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200306-11 --------------------------------------------------------------------
PACKAGE : xpdf SUMMARY : arbitrary code execution DATE : 2003-06-25 21:48 UTC EXPLOIT : remote VERSIONS AFFECTED : <xpdf-2.02.1 FIXED VERSION : >=xpdf-2.02.1 CVE : CAN-2003-0434
--------------------------------------------------------------------
from advisory: "Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers.
The hyperlinks must be activated or followed for the malicious script to run. The obvious case is for a user to click on one. "
Read the full advisory at http://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running app-text/xpdf upgrade to xpdf-2.02.1 as follows
emerge sync emerge xpdf emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE++hjOfT7nyhUpoZMRAsvzAJ9FpDMIUV3e+WQZmTpmPr6yrqpC+QCePShi lhHeXjsGjVQPZNWxy8aUxFg= =IjqN -----END PGP SIGNATURE-----
|
|
|
|