PDA

Bekijk Volledige Versie : [SECURITY] [DSA 1350-1] New tetex-bin packages fix arbitrary code execution



Moritz Muehlenhoff
06/08/07, 23:43
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1350-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 6th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : tetex-bin
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2007-3387

It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

tetex-bin includes a copy of the xpdf code and required an update as
well.

For the oldstable distribution (sarge) this problem has been fixed in
version 2.0.2-30sarge5.

The package from the stable distribution (etch) links dynamically
against libpoppler and doesn't require a separate update.

The package from the unstable distribution (sid) links dynamically
against libpoppler and doesn't require a separate update.

We recommend that you upgrade your tetex-bin packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5.dsc
Size/MD5 checksum: 1004 408dc2085cdba46890456dd0994466ed
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5.diff.gz
Size/MD5 checksum: 162289 af8ba42d1ba901a866f8a9a3be169a8d
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_alpha.deb
Size/MD5 checksum: 90938 d8159c21d95fe23977f3f04293e05d2b
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_alpha.deb
Size/MD5 checksum: 65658 8499ce76230803e3e8ca57f74d3ddc1a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_alpha.deb
Size/MD5 checksum: 5191902 e59ace42020339489e5dce272346937d

AMD64 architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_amd64.deb
Size/MD5 checksum: 72760 c74b0d671d1e598133ccbabba4b055d0
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_amd64.deb
Size/MD5 checksum: 61976 18539f87cc4ca768e94812dd82a4ba92
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_amd64.deb
Size/MD5 checksum: 4357092 c343a5100fa62f02fea94cb8298d1dfe

ARM architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_arm.deb
Size/MD5 checksum: 67792 56ead90cbac34f20bbd3a9c561d8e766
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_arm.deb
Size/MD5 checksum: 58222 9615aad9835cf82cda04c2270b23bcc6
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_arm.deb
Size/MD5 checksum: 4300932 797d1b12e5c33b994b54ea3ed0e56605

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_hppa.deb
Size/MD5 checksum: 78298 b02ebc84baf40bdf85bdd095259a6fc0
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_hppa.deb
Size/MD5 checksum: 66718 fc8516836487be2143681dde8a547afa
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_hppa.deb
Size/MD5 checksum: 4613010 8a86c1ff20b5e7d796f4729688b38846

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_i386.deb
Size/MD5 checksum: 66214 9cdb34e878a67780bb6495585ef14db7
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_i386.deb
Size/MD5 checksum: 59248 591ed69f05d3a395c0e438bbe046db12
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_i386.deb
Size/MD5 checksum: 3939528 d352ae38e2349e355e5da81651fcbb81

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_ia64.deb
Size/MD5 checksum: 89818 194a8c9d3fdbdb2de3a1132cfc5fefd8
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_ia64.deb
Size/MD5 checksum: 73578 98b1887daec4d21c5f6541a4857f2765
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_ia64.deb
Size/MD5 checksum: 5909754 72b1fc89df3534e940f0c276ac30e834

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_m68k.deb
Size/MD5 checksum: 63570 c28eb2d915d1993744a07c6110634370
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_m68k.deb
Size/MD5 checksum: 58802 e5c73af748d2c66f038b5f52929d938a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_m68k.deb
Size/MD5 checksum: 3601196 49dd7766842ec386c1a62685079c80ed

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_mips.deb
Size/MD5 checksum: 75566 e8c8a8f53f4aab6029f7e92b5994247d
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_mips.deb
Size/MD5 checksum: 59274 2ec0a1573e3e1aa68a7f71177616b61b
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_mips.deb
Size/MD5 checksum: 4603054 b05d0400b14e006284b383364dcdb609

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_mipsel.deb
Size/MD5 checksum: 75536 342424bab48f7baa4a28dd033ade7a89
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_mipsel.deb
Size/MD5 checksum: 59504 aa940915c0a195a5fa6bc7dcdcddd796
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_mipsel.deb
Size/MD5 checksum: 4559858 1c2999179723139ef15ce8fac0094ab3

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_powerpc.deb
Size/MD5 checksum: 74908 827173cc664bccc030eb1e8607f2e5de
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_powerpc.deb
Size/MD5 checksum: 63436 b53beaa55824df5c86230ee76a58f46a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_powerpc.deb
Size/MD5 checksum: 4382190 19f6451563e03f4847cf7b548b822273

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_s390.deb
Size/MD5 checksum: 71830 7f4ab010974b161ebb3e43e4fa946571
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_s390.deb
Size/MD5 checksum: 63692 21ba0cfb5d848ee8db9a84c0d1d90cbc
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_s390.deb
Size/MD5 checksum: 4269382 8d527032ff17054e05f2030e76e0d20f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_sparc.deb
Size/MD5 checksum: 70016 db4e0ff13dc82882a8af0ab231439d80
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_sparc.deb
Size/MD5 checksum: 61066 715b8af76681d9d491f538011b75fa26
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_sparc.deb
Size/MD5 checksum: 4157218 e2f76ec4340abd8f99aa44c941a87dea


These files will probably be moved into the oldstable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGt1rYXm3vHE4uyloRAgDsAKDoUXmnJ3RQySW/8M42AIqZkBL/nACfXCTB
65bBxkPu0KG9yJTONnNgFQ4=
=JSxH
-----END PGP SIGNATURE-----