[Full-Disclosure] [USN-2-1] xpdf vulnerabilities

From: Matt Zimmerman (mdz_at_canonical.com)
Date: 10/23/04

  • Next message: Danny: "Re: [Full-Disclosure] Undetectable Virus from CANADA ISP 69.197.83.68"
    To: ubuntu-security-announce@lists.ubuntu.com
    Date: Fri, 22 Oct 2004 19:11:45 -0700
    
    
    

    ===========================================================
    Ubuntu Security Notice 2-1 October 22, 2004
    xpdf vulnerabilities
    CAN-2004-0889
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)

    The following packages are affected:

    cupsys
    xpdf-reader
    xpdf-utils

    The problem can be corrected by upgrading the affected package(s) to version
    1.1.20final+cvs20040330-4ubuntu16.1 (cupsys) or version 3.00-8ubuntu1.1
    (xpdf, xpdf-utils).

    Details follow:

    Chris Evans discovered several integer overflow vulnerabilities in xpdf, a
    viewer for PDF files. The Common UNIX Printing System (CUPS) also uses the
    same code to print PDF files. In either case, these vulnerabilities could
    be exploited by an attacker by providing a specially crafted PDF file which,
    when processed by CUPS or xpdf, could result in abnormal program termination
    or the execution of program code supplied by the attacker.

    In the case of CUPS, this bug could be exploited to gain the privileges of
    the CUPS print server (by default, user cupsys).

    In the case of xpdf, this bug could be exploited to gain the privileges of
    the user invoking xpdf.

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
          Size/MD5 checksum: 534697 95294cef3031dd68e65f331e8750b2c2
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1.dsc
          Size/MD5 checksum: 867 84928a37fe563897e3f2be08d14309af
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.1.dsc
          Size/MD5 checksum: 788 470fec01c4327c0347b0351567d07434
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz
          Size/MD5 checksum: 5645146 5eb5983a71b26e4af841c26703fc2f79
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1.diff.gz
          Size/MD5 checksum: 1348256 c9d229c76aed774b30cdbd31a9ca5869
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.1.diff.gz
          Size/MD5 checksum: 46663 bcd2ba36826be729be49fced752a6aa2

      Architecture independent packages:

        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.1_all.deb
          Size/MD5 checksum: 55980 a4e57a1a56abe868399efefbdf4a7da2
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.1_all.deb
          Size/MD5 checksum: 1278 34c127a497b18538b94626e5286300e1

      amd64 architecture (AMD and Intel x86-64)

        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
          Size/MD5 checksum: 57900 fd3b099c21a175c088115b688043325c
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
          Size/MD5 checksum: 100616 589d1ca530dcd2407dbc9d5f521623d5
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
          Size/MD5 checksum: 105720 a6beeb55e0f84f71e18417e509ee38b9
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
          Size/MD5 checksum: 52182 0567416ac047848c9888afd5b850b3e8
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
          Size/MD5 checksum: 3613930 bb4cf6391e7708941a94ea1f758dd275
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
          Size/MD5 checksum: 73714 62dffb68ac76edb97b13274d5273e849
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.1_amd64.deb
          Size/MD5 checksum: 1270772 e0f9a993688d6f8fdfba60645fedc8ee
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.1_amd64.deb
          Size/MD5 checksum: 666558 9e94c9cf00b7c26a035f58ed3b2bdac9
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
          Size/MD5 checksum: 61522 71092a1307e3d3115cfeed2fc6d507ac

      i386 architecture (Intel ia32)

        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
          Size/MD5 checksum: 3602474 95ac36e9490207d1fdfe895cff833fc2
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
          Size/MD5 checksum: 70966 4277ba252c8edb01dfa1db5833bf7723
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
          Size/MD5 checksum: 97318 2e6fb007551503f230048ad7be42b08c
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
          Size/MD5 checksum: 61096 dd3c7d717b13674fe5aee29410612bf2
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
          Size/MD5 checksum: 103634 e4b2bdc1a6ab3cf68fa990f2099c5577
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
          Size/MD5 checksum: 57262 7bac9ae503674c5a3fd8860e265d4fb1
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.1_i386.deb
          Size/MD5 checksum: 631514 88e9d956fe472d017b61100b349c3edc
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
          Size/MD5 checksum: 51762 74acc9940b404e5816a0af4ef912544f
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.1_i386.deb
          Size/MD5 checksum: 1192898 5821d0fcdeea9419976fb1ed69db3dbe

      powerpc architecture (PowerPC)

        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
          Size/MD5 checksum: 3632962 dc740fa9fb8a8b279005683575457e1d
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
          Size/MD5 checksum: 73814 638effcf358a445961f9873a8efbb8be
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
          Size/MD5 checksum: 113416 e2e28d35d2e052d7b48530f868b929e9
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
          Size/MD5 checksum: 60714 76a834ca3f5db8a1c4b46c40a5510b77
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
          Size/MD5 checksum: 54406 c9a3448bce8de88c0067716c056e3340
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
          Size/MD5 checksum: 100014 35a168439b4ad855aa8f67300732e75d
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.1_powerpc.deb
          Size/MD5 checksum: 692706 266d4ceddfa50615162322156210d07e
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.1_powerpc.deb
          Size/MD5 checksum: 1310532 551067f4faad4865750cdcbbf6e4145d
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
          Size/MD5 checksum: 61806 4651dea9b5f83e499980af94bbd9c920

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



  • Next message: Danny: "Re: [Full-Disclosure] Undetectable Virus from CANADA ISP 69.197.83.68"

    Relevant Pages