USN-2-1: xpdf vulnerabilities
Posted on: 10/23/2004 06:33 PM

Updated xpdf packages are available for Ubuntu Linux 4.10

===========================================================
Ubuntu Security Notice 2-1 October 22, 2004
xpdf vulnerabilities
CAN-2004-0889
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cupsys
xpdf-reader
xpdf-utils

The problem can be corrected by upgrading the affected package(s) to version 1.1.20final+cvs20040330-4ubuntu16.1 (cupsys) or version 3.00-8ubuntu1.1 (xpdf, xpdf-utils).

Details follow:

Chris Evans discovered several integer overflow vulnerabilities in xpdf, a viewer for PDF files. The Common UNIX Printing System (CUPS) also uses the same code to print PDF files. In either case, these vulnerabilities could be exploited by an attacker by providing a specially crafted PDF file which, when processed by CUPS or xpdf, could result in abnormal program termination or the execution of program code supplied by the attacker.

In the case of CUPS, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys).

In the case of xpdf, this bug could be exploited to gain the privileges of the user invoking xpdf.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
Size/MD5 checksum: 534697 95294cef3031dd68e65f331e8750b2c2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1.dsc
Size/MD5 checksum: 867 84928a37fe563897e3f2be08d14309af
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.1.dsc
Size/MD5 checksum: 788 470fec01c4327c0347b0351567d07434
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz
Size/MD5 checksum: 5645146 5eb5983a71b26e4af841c26703fc2f79
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1.diff.gz
Size/MD5 checksum: 1348256 c9d229c76aed774b30cdbd31a9ca5869
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.1.diff.gz
Size/MD5 checksum: 46663 bcd2ba36826be729be49fced752a6aa2

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.1_all.deb
Size/MD5 checksum: 55980 a4e57a1a56abe868399efefbdf4a7da2
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.1_all.deb
Size/MD5 checksum: 1278 34c127a497b18538b94626e5286300e1

amd64 architecture (AMD and Intel x86-64)

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
Size/MD5 checksum: 57900 fd3b099c21a175c088115b688043325c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
Size/MD5 checksum: 100616 589d1ca530dcd2407dbc9d5f521623d5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
Size/MD5 checksum: 105720 a6beeb55e0f84f71e18417e509ee38b9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
Size/MD5 checksum: 52182 0567416ac047848c9888afd5b850b3e8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
Size/MD5 checksum: 3613930 bb4cf6391e7708941a94ea1f758dd275
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
Size/MD5 checksum: 73714 62dffb68ac76edb97b13274d5273e849
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.1_amd64.deb
Size/MD5 checksum: 1270772 e0f9a993688d6f8fdfba60645fedc8ee
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.1_amd64.deb
Size/MD5 checksum: 666558 9e94c9cf00b7c26a035f58ed3b2bdac9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
Size/MD5 checksum: 61522 71092a1307e3d3115cfeed2fc6d507ac

i386 architecture (Intel ia32)

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
Size/MD5 checksum: 3602474 95ac36e9490207d1fdfe895cff833fc2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
Size/MD5 checksum: 70966 4277ba252c8edb01dfa1db5833bf7723
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
Size/MD5 checksum: 97318 2e6fb007551503f230048ad7be42b08c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
Size/MD5 checksum: 61096 dd3c7d717b13674fe5aee29410612bf2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
Size/MD5 checksum: 103634 e4b2bdc1a6ab3cf68fa990f2099c5577
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
Size/MD5 checksum: 57262 7bac9ae503674c5a3fd8860e265d4fb1
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.1_i386.deb
Size/MD5 checksum: 631514 88e9d956fe472d017b61100b349c3edc
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
Size/MD5 checksum: 51762 74acc9940b404e5816a0af4ef912544f
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.1_i386.deb
Size/MD5 checksum: 1192898 5821d0fcdeea9419976fb1ed69db3dbe

powerpc architecture (PowerPC)

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
Size/MD5 checksum: 3632962 dc740fa9fb8a8b279005683575457e1d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
Size/MD5 checksum: 73814 638effcf358a445961f9873a8efbb8be
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
Size/MD5 checksum: 113416 e2e28d35d2e052d7b48530f868b929e9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
Size/MD5 checksum: 60714 76a834ca3f5db8a1c4b46c40a5510b77
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
Size/MD5 checksum: 54406 c9a3448bce8de88c0067716c056e3340
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
Size/MD5 checksum: 100014 35a168439b4ad855aa8f67300732e75d
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.1_powerpc.deb
Size/MD5 checksum: 692706 266d4ceddfa50615162322156210d07e
http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.1_powerpc.deb
Size/MD5 checksum: 1310532 551067f4faad4865750cdcbbf6e4145d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
Size/MD5 checksum: 61806 4651dea9b5f83e499980af94bbd9c920


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_2_1_xpdf_vulnerabilities.html)