User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-236-1 (xpdf, poppler, cupsys, tetex-bin)

From:  Martin Pitt <martin.pitt@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-236-1] xpdf vulnerabilities
Date:  Thu, 5 Jan 2006 18:59:41 +0100
Cc:  full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com

=========================================================== Ubuntu Security Notice USN-236-1 January 05, 2006 xpdf, poppler, cupsys, tetex-bin vulnerabilities CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: cupsys libpoppler0c2 tetex-bin xpdf-reader xpdf-utils The problem can be corrected by upgrading the affected package to the following versions: Ubuntu 4.10: xpdf: 3.00-8ubuntu1.10 cupsys: 1.1.20final+cvs20040330-4ubuntu16.10 tetex-bin: 2.0.2-21ubuntu0.7 Ubuntu 5.04: xpdf: 3.00-11ubuntu3.6 tetex-bin: 2.0.2-25ubuntu0.4 Ubuntu 5.10: libpoppler0c2: 0.4.2-0ubuntu6.5 tetex-bin: 2.0.2-30ubuntu3.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document. The CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user 'cupsys'). Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 1356783 70cf50cb2698eda0f1fdf4ba80bba9c0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 869 6419d00d007c25bbb3dfde3a211da8a2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 5645146 5eb5983a71b26e4af841c26703fc2f79 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 115044 1e418efc75c217322017a65531aa7577 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 1062 08d1cae5f243f41c22849af971df51a2 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3... Size/MD5: 50967 df04827d6c4e0444319c9ceae6f64e7c http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3... Size/MD5: 790 67411f3b9b4bab265bc6d99b2c5cdb3d http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3... Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-c... Size/MD5: 56950 6ee4e6d4442efd717e1a9a2ae080986c http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3... Size/MD5: 1282 b2695f5415cf3541bdaf5fe4d7115d3e amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 59524 a85a0138ae4d9d5467703136e9ac6e97 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 107866 5764836e8deebbfab06b4e3519eed2c1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 3615784 fa3748932d7e2d007012ca15882d3e35 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 63178 17dd4cd8ebbb35628a87add73feaa88a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 53828 18778f1d6d2534e32304a97004a82e28 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 102316 fadb908483701999d4a5e3b45a0c5e3f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 75364 cea8e759b61180e3b3caf0077163e130 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 72750 0286333baff0270901cad8a7ba39bd43 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 60678 050ccb51b249f8251b353d3f790c37a0 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 4329890 1a89d71600ca13bdc909937e161028e6 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-r... Size/MD5: 668002 dc13243a970e6e7613e6f40a80f35d4a http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-u... Size/MD5: 1274366 9139208cdc21eea9a918e03c261483b2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 58868 c10b30a78ba36ed779a4559e21e4f750 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 105608 6cc7a55b7b329ebc1b276b393ababdfe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 3604646 ad79b6c0aa5d22e9d895edb0a2e2bfbc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 62736 a147e720d247c711937b506392f00939 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 53392 87a5119820ce75167ab660e02f6e9b1d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 98952 adf242c814d93aa8f69e8555499969c5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 72636 d7dd933126043bd716596f5388c593ae http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 64816 b612d75ce93f9d0a8c719d3a561c1665 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 57108 0f6214c10ad0f219da4f68e27140c30d http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 3814532 610ab1d57e85c9c54097664df9b44a2c http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-r... Size/MD5: 633054 39428df85e30742c005ccb5e6cb85ad9 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-u... Size/MD5: 1196622 7796d8702bc51268325abeef2a3e8705 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 63444 e5f1b9c38f9301dfa3dda5a5abf5132d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 115430 b4b4a1c965cb5c6cfbbfed0f6350cf75 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 3635092 6e90b4c97a89abc955bd0a27cfbf081d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 62364 ba9781a3f6ac12995e468178f9579ab7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 56028 ecd23c117a5d9baedae11666f59de4d6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 101692 338f9c14d0cc16f13a4e8ef205fce357 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 75462 a8f11ea69bb384a28419826c135bc675 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 74894 75c33bc046c97e754f646f3f0e12411f http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 62056 da8d8549d1d038ddc79b2e9a64887d50 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 4352698 b86700e68e8dcd7688751edcbf519d27 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-r... Size/MD5: 694178 3d58566f6d96c4cab62317b49aa6ae87 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-u... Size/MD5: 1314108 4f2b9f97072c67b168d38caf822c552c Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 128664 45240e7994c9367f938f584098fbb09c http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 1062 a07000b306e0920065c77cd2f9b384cc http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3... Size/MD5: 51784 b15793093c9c2711075888c63af9ab39 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3... Size/MD5: 798 906bd260f2b44a8a5ac9d01dd4993995 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3... Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-c... Size/MD5: 57200 4400774e9933c5349b9789c52a44b095 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3... Size/MD5: 1284 c625f5692f602d4ebcf2c47258fdece3 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 72754 f363a4a3d8722e498f0f18bf73ce497f http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 61370 eb13736eb2b41093d1bf90773c2910f5 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 4355314 a681cbd47377db085c2a42019d0a053f http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-r... Size/MD5: 668054 1eab64286fbeaef4657cb49511973707 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-u... Size/MD5: 1274368 4de5460d641a76aad11e151c3b026dd6 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 64806 31942578e6865ed72e00f14dbe3a9343 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 57828 42bd4718aea17e67f3e29871d05cfc95 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 3835352 023cbca029204dc69d56711fbc659f81 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-r... Size/MD5: 632918 b920732995531e02d8890c3215de6ea2 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-u... Size/MD5: 1196030 4613c0b5ef2c9c7be45d1c3b6869c80b powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 74898 a1554733d124cb750632520bd899754d http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 62822 ac4f66789f6decf07d4e80e52ff9e0d5 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 4380704 32db3c3f89c30f7dd5ca3c358e49cd34 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-r... Size/MD5: 694340 0faabc75501ead26b97d7517d233627a http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-u... Size/MD5: 1314038 d26cb93199833036603de84a618ae958 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/pop... Size/MD5: 108158 3b0400388e9fe6848d52f944950fbc2a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/pop... Size/MD5: 1655 ee433ee2475783eb5e3170931773ed0e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/pop... Size/MD5: 777935 beb1eea135a3c5b679a7a22d01a500c0 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 156562 bb792572fbde8b63615165e3740186f9 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 1026 23cac8967296e48d4da27de0837c2a0f http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 73848 900cf4e89cf55f4680a5944817840b6c http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 63076 5009e9b32adaa3ac8bbe635b599909e0 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 611756 95c5c5c54b57e6e70593be4f99568f53 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 44156 06abe0627ce47641f5f21411e7573024 http://security.ubuntu.com/ubuntu/pool/universe/p/poppler... Size/MD5: 29460 e4ab72981af906ee9f502d868f2ecb92 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 39820 b04fed79f5981be18da3c147c7f2d468 http://security.ubuntu.com/ubuntu/pool/universe/p/poppler... Size/MD5: 28164 236bf5b8c7db1e4eca25993af9b73308 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 455384 7a943e97109c49e9e0451681f6b3dc4b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/pop... Size/MD5: 82644 59448a2dd769a55417a282c678c727cf http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 4482546 13854c81a43ff61f83f5acb62073457b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 65990 be626bfe51eb356c164680fc3473e88f http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 59122 56367f7df74b07d5920c6eec00e415c2 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 549104 c3e85404bed40383f2a50e321e77e2eb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 41376 9a949716495531222246fe1bf26b5fbf http://security.ubuntu.com/ubuntu/pool/universe/p/poppler... Size/MD5: 28392 e4af4ab179e8aa794a44b87edb61bc6b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 38286 c43802ca8e232aa7ac8b8c64e826c4be http://security.ubuntu.com/ubuntu/pool/universe/p/poppler... Size/MD5: 27502 b1dc43c7cf9b1df947ff3c0512c4f5ee http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 416006 bb98e269ec369ac2142cef3b4e183a7f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/pop... Size/MD5: 76994 b4752646cdcd2f2a662008b6a2955833 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 3883882 1e314747d160ea172c78f15e6924ad80 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 75808 d6fd625468a9b7ef81a6c2fb3bf49e9c http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/l... Size/MD5: 64304 faf97ea53dcdbff89049204171a0e69f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 643884 8a478eb72ab0c39fec824f42f787ecf4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 46320 cbdf9ca4730b2a9cc44f1787d993cae6 http://security.ubuntu.com/ubuntu/pool/universe/p/poppler... Size/MD5: 29786 ba6e5d1dd6a10b99e94f00651e27f420 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 41310 d461300dd976d041d514f07761026647 http://security.ubuntu.com/ubuntu/pool/universe/p/poppler... Size/MD5: 29652 a7d323e54fa19dfb1b287a3dbb33a399 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/lib... Size/MD5: 457778 48200cc18151a2c6d1c24d5fa91b4529 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/pop... Size/MD5: 87660 f0efcd8ce009edf98a43e0a2f0a28d5a http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/t... Size/MD5: 4471706 c982b93f69b93ffbb4ef021b523165f5 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds