[USN-14-1] xpdf vulnerabilities

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 11/01/04

  • Next message: Sowhat .: "XDICT Buffer OverRun Vulnerability,funny :-)"
    Date: Mon, 1 Nov 2004 18:33:42 +0100
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    

    ===========================================================
    Ubuntu Security Notice 14-1 November 1, 2004
    xpdf vulnerabilities
    CAN-2004-0888, CAN-2004-0889
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)

    The following packages are affected:

    xpdf-reader
    xpdf-utils
    cupsys
    tetex-bin

    The problem can be corrected by upgrading the affected package(s) to
    version 1.1.20final+cvs20040330-4ubuntu16.2 (cupsys), version
    3.00-8ubuntu1.2 (xpdf-reader, xpdf-utils), or version
    2.0.2-21ubuntu0.2 (tetex-bin). In general, a standard system upgrade
    is sufficient to effect the necessary changes.

    Details follow:

    Markus Meissner discovered even more integer overflow vulnerabilities
    in xpdf, a viewer for PDF files. These integer overflows can
    eventually lead to buffer overflows.

    The Common UNIX Printing System (CUPS) uses the same code to print PDF
    files; tetex-bin uses the code to generate PDF output and process
    included PDF files. In any case, these vulnerabilities could be
    exploited by an attacker providing a specially crafted PDF file which,
    when processed by CUPS, xpdf, or pdflatex, could result in abnormal
    program termination or the execution of program code supplied by the
    attacker.

    In the case of CUPS, this bug could be exploited to gain the privileges of
    the CUPS print server (by default, user cupsys).

    In the cases of xpdf and pdflatex, this bug could be exploited to gain
    the privileges of the user invoking the program.

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2.diff.gz
          Size/MD5: 1349183 2a9af09fb2281cc7d8b33a7cbe787c1e
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2.dsc
          Size/MD5: 867 0b814f95ca945f00b994b85b21529ed0
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz
          Size/MD5: 5645146 5eb5983a71b26e4af841c26703fc2f79
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2.diff.gz
          Size/MD5: 110942 d3656e1ce48c5b76d2c4a2e419e46af2
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2.dsc
          Size/MD5: 1062 cf4f5d0938cfe9067c9659ff81446798
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
          Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.2.diff.gz
          Size/MD5: 47228 aecaab970f7a93ff0aa6eabeab2d8c84
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.2.dsc
          Size/MD5: 788 79e1a5984f2603684ab96e56d2bfb87d
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
          Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2

      Architecture independent packages:

        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.2_all.deb
          Size/MD5: 56176 01178c68df7b149fce48a4c402b5f96d
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.2_all.deb
          Size/MD5: 1272 8c7d1abd4f790ed93d5f58e3052de6b0

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb
          Size/MD5: 58096 ac0101e69dd47329ea063a5b4537402a
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb
          Size/MD5: 105948 88defb355b823d487cd7a03dc428d3e3
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb
          Size/MD5: 3613942 c0b7985c971ba193b8124bf5c69c13f2
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb
          Size/MD5: 61724 ddc259225e40fc2e2fa963df3bd55582
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb
          Size/MD5: 52388 e826f2b159ea716f594bcf8c5cad9a2d
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb
          Size/MD5: 100826 29525bf26d559b76d5dfe16662353308
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb
          Size/MD5: 73910 1ea1c865abf1a9973620d66858306652
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.2_amd64.deb
          Size/MD5: 72744 135f2379dd167e61de064be723dba23c
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.2_amd64.deb
          Size/MD5: 59926 39b8460a7d86e1ad28cfd6b5bbfb27d4
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2_amd64.deb
          Size/MD5: 4327706 f94e137f5fa9aa0cc5b2f60a559af861
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.2_amd64.deb
          Size/MD5: 666694 4f1aa4a202484f10305d3469db754a3f
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.2_amd64.deb
          Size/MD5: 1270778 4722054b11da6c2bebfb61287423f32b

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb
          Size/MD5: 57442 2781ff2d7c97b109de7cbc9d88a62cd7
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb
          Size/MD5: 103832 f5d421595e723e49dff5bce567057ced
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb
          Size/MD5: 3602424 d5b8b43a814af86a83aa5e91c6308dcc
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb
          Size/MD5: 61292 3dfd72714a5afb053de5a2ce0b28d266
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb
          Size/MD5: 51960 688bfed1ff18c11c34bdac8f7c68846a
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb
          Size/MD5: 97530 61356952dd9267eedbc9ee6c27147003
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb
          Size/MD5: 71172 613ab789243b600cc4b5442f30c106fa
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.2_i386.deb
          Size/MD5: 64830 61293e557d6f0fad07244412917f1053
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.2_i386.deb
          Size/MD5: 56326 743b2cae54cfbfb38cfbbdb3b4037c53
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2_i386.deb
          Size/MD5: 3812462 196509178e258629483368f89b3a380f
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.2_i386.deb
          Size/MD5: 631510 22bdbe4b6e1669e632f3ff7a4462d80d
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.2_i386.deb
          Size/MD5: 1192886 1bf8406a9a11e1cde44101edecf07446

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb
          Size/MD5: 62050 0d94667a4a5ec4b07d4b3af1cad43a1a
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb
          Size/MD5: 113636 3dfdef5696f579e9f5faf8589c607b78
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb
          Size/MD5: 3632952 7ab065c5ec821c39fc10ea10e3983d27
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb
          Size/MD5: 60918 8bc8293f67f4e1a94772dbb29a919634
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb
          Size/MD5: 54614 4cafe7af9dcedb199b23e50e059b130f
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb
          Size/MD5: 100214 48a662bb07c036cacc50a3e462382cfc
        http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb
          Size/MD5: 74016 83a562bfb37100d1b6f2e107dd7ea09b
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.2_powerpc.deb
          Size/MD5: 74898 b3da7cccc2b9158cf9e76d656ebfc140
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.2_powerpc.deb
          Size/MD5: 61268 8021461b6861cfabc6fdeebc094e7241
        http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2_powerpc.deb
          Size/MD5: 4350430 04d2aeb65e2ce086f31f71a8ba37a5f0
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.2_powerpc.deb
          Size/MD5: 692700 ea37a0a274161869ede9f9787f35c726
        http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.2_powerpc.deb
          Size/MD5: 1310526 9d50c892a6c0452e166e93a825920738

    
    



  • Next message: Sowhat .: "XDICT Buffer OverRun Vulnerability,funny :-)"

    Relevant Pages