On Mon, Jan 06, 2003 at 05:22:48PM +0100, Martin Schulze remarked: > -------------------------------------------------------------------------- > Debian Security Advisory DSA 222-1 security@debian.org > http://www.debian.org/security/ Martin Schulze > January 6th, 2003 http://www.debian.org/security/faq > -------------------------------------------------------------------------- > > Package : xpdf > Vulnerability : integer overflow > Problem-Type : local, remote > Debian-specific: no > CVE Id : CAN-2002-1384 > > iDEFENSE discovered an integer overflow in the pdftops filter from the > xpdf package that can be exploited to gain the privileges of the > target user. This can lead to gaining privileged access to the 'lp' > user if thee pdftops program is part of the print filter. > > For the current stable distribution (woody) this problem has been > fixed in version 1.00-3.1. > > For the old stable distribution (potato) this problem has been > fixed in version 0.90-8.1. > > For the unstable distribution (sid) this problem has been > fixed in version 2.01-2. > > We recommend that you upgrade your xpdf package. [snip] Does anyone know if the 'xpdf-i' is affected by this also, or not? TIA, Raymond
Attachment:
pgpFvOhJMTMW6.pgp
Description: PGP signature