drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in evince
Name: |
Mehrere Probleme in evince |
|
ID: |
DSA-2357-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian lenny, Debian sid, Debian wheezy |
|
Datum: |
So, 4. Dezember 2011, 15:12 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2643 |
|
Applikationen: |
evince |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2357-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 03, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : evince Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-264320 Debian Bug : 609534
Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer:
CVE-2010-2640
Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution.
CVE-2010-2641
Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution.
CVE-2010-2642
Insuficient bounds checks in the AFM fonts parser when writing data to a memory buffer allocated on heap could lead to arbitrary memory overwrite and arbitrary code execution.
CVE-2010-2643
Insuficient check on an integer used as a size for memory allocation can lead to arbitrary write outside the allocated range and cause arbitrary code execution.
For the oldstable distribution (lenny), this problem has been fixed in version 2.22.2-4~lenny2.
For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641 and CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for CVE-2010-2642 was incomplete. The final fix is present in version 2.30.3-2+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 3.0.2.
For the unstable distribution (sid), this problem has been fixed in version 3.0.2.
We recommend that you upgrade your evince packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJO21HvAAoJEL97/wQC1SS+JxMIAK29WNymDBn531GMOwTdaCi9 rkRDz1sg44KyXuoXaP9H15TMtOgfG7bIp6CvrasPNRH5Sh9l6PfLtbadREheZ8+p /fRLE9d83v/X+8tlaRx4LDWMpaQzifhzuHWC4pY5ULTbBlJQv+B4b3PcbPAI3sWV ol8/9G4cemg26Mv20fBO6LamDr9muWeU3BT6VoT58cUJBqpSxEkEpBL1CrUunhNx rOasd67gVUNmeByg8CYAO37jjzqa8goqHRRM9bMOKcDXLgI5OpWHt2TNRkFo0rMR PyxwC2TiFiHQI24Ck2nJx3HZnEUjRsAcnZkZZFIsClFz0gMudamuGGY55+lR5uU= =sbHj -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/8739d0boa2.fsf@mid.deneb.enyo.de
|
|
|
|