Säkerhetsbulletin från Debian
DSA-931-1 xpdf -- buffertspill
- Rapporterat den:
- 2006-01-09
- Berörda paket:
- xpdf
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 342281.
I Mitres CVE-förteckning: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628. - Ytterligare information:
-
”infamous41md” och Chris Evans upptäckte flera heapbaserade buffertspill i xpdf, en svit för att hantera Portable Document Format (PDF), vilka kunde användas till överbelastningsattacker genom att krascha programmet eller möjligen till att exekvera godtycklig kod.
För den gamla stabila utgåvan (Woody) har dessa problem rättats i version 1.00-3.8.
För den stabila utgåvan (Sarge) har dessa problem rättats i version 3.00-13.4.
För den instabila utgåvan (Sid) har dessa problem rättats i version 3.01-4.
Vi rekommenderar att ni uppgraderar ert xpdf-paket.
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.dsc
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.diff.gz
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.8_all.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8_all.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_alpha.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_alpha.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_arm.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_arm.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_i386.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_i386.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_ia64.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_ia64.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_hppa.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_hppa.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_m68k.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_m68k.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mips.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mips.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_s390.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_s390.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_sparc.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_sparc.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_sparc.deb
Debian GNU/Linux 3.1 (sarge)
- Källkod:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.dsc
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.diff.gz
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.4_all.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4_all.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_alpha.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_alpha.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_amd64.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_amd64.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_arm.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_arm.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_i386.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_i386.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_ia64.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_ia64.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_hppa.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_hppa.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_m68k.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_m68k.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mips.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mips.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_s390.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_s390.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_sparc.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_sparc.deb
- http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.