DSA 1347-1: New xpdf packages fix arbitrary code execution
Posted on: 08/04/2007 04:00 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1347-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 4th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : xpdf
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2007-3387

It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

For the oldstable distribution (sarge) this problem has been fixed in
version 3.00-13.7.

For the stable distribution (etch) this problem has been fixed in
version 3.01-9etch1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your xpdf packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.dsc
Size/MD5 checksum: 781 0e263d3ecbd956af7d756e6b10b450b9
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.diff.gz
Size/MD5 checksum: 51994 73102654c2dc695ba52153332cf6355e
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
Size/MD5 checksum: 534697 95294cef3031dd68e65f331e8750b2c2

Architecture independent components:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.7_all.deb
Size/MD5 checksum: 56612 3844dc954e1b076cedb1df334f1d9fee
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7_all.deb
Size/MD5 checksum: 1276 894fe92a845e0e211e0217c590bd59b8

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_alpha.deb
Size/MD5 checksum: 803682 da21c5c482000a03a782310682a17c61
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_alpha.deb
Size/MD5 checksum: 1528526 634bc43be530058b8df65cb8477add20

AMD64 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_amd64.deb
Size/MD5 checksum: 668656 7c5d4d69e1415bedc58ee5fea3c0ba4e
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_amd64.deb
Size/MD5 checksum: 1275056 5b449abdea091655726bf3263d06c24b

ARM architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_arm.deb
Size/MD5 checksum: 675168 4c806b183382516f9b228fcb534a5fc2
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_arm.deb
Size/MD5 checksum: 1280198 eccbbcb5fb6688685e6274d393d06c58

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb
Size/MD5 checksum: 833234 53a85c49c0d0ed760da1ac5bd256cc1c
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_hppa.deb
Size/MD5 checksum: 1581132 b830198ef741369f777e4a231c2b2352

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_i386.deb
Size/MD5 checksum: 657156 69e930d035bf8e338da085162061f8f2
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_i386.deb
Size/MD5 checksum: 1242988 208188fd587d1bf6d76ce0b83b2d14d1

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_ia64.deb
Size/MD5 checksum: 951362 8a68c556f5cb892f22305d8be9906d63
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_ia64.deb
Size/MD5 checksum: 1803002 4f339242fb23f7d564f6909db48d3b6e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_m68k.deb
Size/MD5 checksum: 586488 de9ba73580d4c5ae1d9587dee185c5f2
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_m68k.deb
Size/MD5 checksum: 1117854 4c573f4e9433eeb2b07659c78dd34e8e

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mips.deb
Size/MD5 checksum: 808354 53efd66f685a4dbfc81548373c4c7b14
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mips.deb
Size/MD5 checksum: 1525936 f102ccb14e87431e7920f0856b46f896

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mipsel.deb
Size/MD5 checksum: 798650 d5f16d74b898d95480b3a7411328340f
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mipsel.deb
Size/MD5 checksum: 1504484 63e65bbdd21f3290f5ff7fe8f2605489

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_powerpc.deb
Size/MD5 checksum: 694722 08e6ef661dd969b992ed8e524860c6d0
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_powerpc.deb
Size/MD5 checksum: 1313852 cc4faa2d9a6f34e0f2617150d0ed4983

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_s390.deb
Size/MD5 checksum: 631070 af2bcecc6f6020ba4716446dc72b627b
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_s390.deb
Size/MD5 checksum: 1199558 ce19e172165131f98d8b436849ba1c08

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_sparc.deb
Size/MD5 checksum: 626964 eda25a6a10d0e69f51d686ea23a99480
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_sparc.deb
Size/MD5 checksum: 1182548 6560c5dd893ce3fca7f0c86b022a818e


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.dsc
Size/MD5 checksum: 968 d8dc0eef65699dd4ba038a096d2a81e4
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.diff.gz
Size/MD5 checksum: 34901 b432feb9ba16a593df406baba307df1b
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz
Size/MD5 checksum: 599778 e004c69c7dddef165d768b1362b44268

Architecture independent components:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9etch1_all.deb
Size/MD5 checksum: 61024 7c0fd8bfc7fc90bc5c17464700edb42f
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1_all.deb
Size/MD5 checksum: 1278 7e5c71c975f30e46a6cb50d3bbff5adc

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_alpha.deb
Size/MD5 checksum: 905816 03bf81436242b6a3b9aaf3f0b2bb3164
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_alpha.deb
Size/MD5 checksum: 1651508 3432db911ace408ae0f7dad55eac0f2b

AMD64 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_amd64.deb
Size/MD5 checksum: 794428 e24ed84c50324d45177ae0235db5a313
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_amd64.deb
Size/MD5 checksum: 1455166 590fc7c28c6c70cacc043fd64473c4ef

ARM architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_arm.deb
Size/MD5 checksum: 787430 7eb238efc796199d130b295c62092cd0
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_arm.deb
Size/MD5 checksum: 1429968 e238b03168bfede6bf830a304ff50620

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_i386.deb
Size/MD5 checksum: 781640 c9d20758cf278db78638def045a863c5
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_i386.deb
Size/MD5 checksum: 1423878 68bd5716e0f169d5086b2fd00e7d8f4a

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_ia64.deb
Size/MD5 checksum: 1195858 cbbdd5d6d0414169145dbdf3fea12707
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_ia64.deb
Size/MD5 checksum: 2165458 21e2ed7de71da57d66751757ef53342d

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mips.deb
Size/MD5 checksum: 944050 8c6990ce24678d320e2e867f4878a730
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mips.deb
Size/MD5 checksum: 1707498 be641af6c68aa385ac279915239749fc

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mipsel.deb
Size/MD5 checksum: 931700 41a0d5de1726aab65964ed65de106fa8
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mipsel.deb
Size/MD5 checksum: 1686070 9ed4f7c4d3f0a1a0a2606a76022c9bea

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_powerpc.deb
Size/MD5 checksum: 833600 8f1e3926bb539d37386a9e614c5a8dda
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_powerpc.deb
Size/MD5 checksum: 1520882 6000cb9a1adadcd8b150bb642fe1040f

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_s390.deb
Size/MD5 checksum: 752384 9e58b3a148b490a0869a1b2ea6450157
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_s390.deb
Size/MD5 checksum: 1363574 315e1ce79f6f2b8a7765cc453925bfc0

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_sparc.deb
Size/MD5 checksum: 750250 e6d86666b4b9b2050ed1a144411f613f
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_sparc.deb
Size/MD5 checksum: 1363236 a7ccb1bdcb2880c6e72387250e0f4c59


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGtHcIXm3vHE4uyloRAv3iAKCkzmPesmHDYuafUZUYbC3LbImLrQCeP9z5
NV/iPAHAmQE7vlyD6mvn/Qg=
=QwZF
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1347_1_new_xpdf_packages_fix_arbitrary_code_execution.html)