Re: [SECURITY] [DSA 1348-1] New poppler packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1348-1] New poppler packages fix arbitrary code execution
From: Tim <drjellyfinger@dslextreme.com>
Date: Sat, 04 Aug 2007 07:05:17 -0700
Message-id: <[🔎] 1186236317.18235.2.camel@tim-desktop>
In-reply-to: <20070804130416.GA5467@galadriel.inutil.org>
References: <20070804130416.GA5467@galadriel.inutil.org>
Tazer is my favorite
I can watch people getting tazed all day, love watching it on cops  LOL

On Sat, 2007-08-04 at 15:04 +0200, Moritz Muehlenhoff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 1348-1                    security@debian.org
> http://www.debian.org/security/                         Moritz Muehlenhoff
> August 4th, 2007                        http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> 
> Package        : poppler
> Vulnerability  : integer overflow
> Problem type   : local (remote)
> Debian-specific: no
> CVE ID         : CVE-2007-3387
> 
> It was discovered that an integer overflow in the xpdf PDF viewer may lead
> to the execution of arbitrary code if a malformed PDF file is opened.
> 
> poppler includes a copy of the xpdf code and required an update as well.
> 
> The oldstable distribution (sarge) doesn't include poppler.
> 
> For the stable distribution (etch) this problem has been fixed in
> version 0.4.5-5.1etch1.
> 
> For the unstable distribution (sid) this problem will be fixed soon.
> 
> We recommend that you upgrade your poppler packages.
> 
> 
> Upgrade Instructions
> - --------------------
> 
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
> 
> If you are using the apt-get package manager, use the line for
> sources.list as given at the end of this advisory:
> 
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
> 
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
> 
> Debian GNU/Linux 4.0 alias etch
> - -------------------------------
> 
>   Source archives:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.dsc
>       Size/MD5 checksum:      749 b1346c2cb4aee0ae1ca33ba060094007
>     http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.diff.gz
>       Size/MD5 checksum:   482690 2f989d0448c2692300bd751bf522f5bd
>     http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
>       Size/MD5 checksum:   783752 2bb1c75aa3f9c42f0ba48b5492e6d32c
> 
>   Alpha architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_alpha.deb
>       Size/MD5 checksum:   773812 d76d764076316ae07e8087303cc30992
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_alpha.deb
>       Size/MD5 checksum:    55132 cb35ceb01b25cdfc3f79442b3448d02b
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_alpha.deb
>       Size/MD5 checksum:    33820 a4a9c2b76f3701a78a9b14e970bb5ba1
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_alpha.deb
>       Size/MD5 checksum:   504252 a9026c228974e16e5d89a25042ad7318
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_alpha.deb
>       Size/MD5 checksum:    42904 c9bdb4e29ddad178743b31e90713c000
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_alpha.deb
>       Size/MD5 checksum:    30346 6955b6218af2165b20e231d25e804514
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_alpha.deb
>       Size/MD5 checksum:    86226 ec4c7750b60b527c1ffadcdccc2fc511
> 
>   AMD64 architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_amd64.deb
>       Size/MD5 checksum:   611808 4cf7b4f5c7913c534e137cde3a02f48d
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_amd64.deb
>       Size/MD5 checksum:    45814 24824bf98843df51422173dd1420ffcd
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_amd64.deb
>       Size/MD5 checksum:    30766 9d5a8cac9a7c6988ed72134992cdad1b
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_amd64.deb
>       Size/MD5 checksum:   456460 1efb9a77c4f2ac098e24d93adb45c9bf
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_amd64.deb
>       Size/MD5 checksum:    41300 4b809ddb231c59b108002aac26b2478f
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_amd64.deb
>       Size/MD5 checksum:    29528 5d0c79cd1b94df97d21ecce34e8fdfc3
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_amd64.deb
>       Size/MD5 checksum:    83972 e0e8cd89085e72d350fd43e56021ced9
> 
>   ARM architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_arm.deb
>       Size/MD5 checksum:   592632 63898117c4adef3f675f1b918d9aea82
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_arm.deb
>       Size/MD5 checksum:    44500 d5a82185b30a5e855a236a08395bcb21
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_arm.deb
>       Size/MD5 checksum:    30532 451a4ffa778a82ccd9dbe54f2f239c92
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_arm.deb
>       Size/MD5 checksum:   437908 0a6689b9a291458d022f9369650b7e17
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_arm.deb
>       Size/MD5 checksum:    39610 f2a40182a431d998a73a7c0dc40998a8
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_arm.deb
>       Size/MD5 checksum:    29242 58097f3bd8ce4c571f162b50ddfcec06
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_arm.deb
>       Size/MD5 checksum:    82498 7d3d731f89241c00b3107a1f2ad74ce8
> 
>   Intel IA-32 architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_i386.deb
>       Size/MD5 checksum:   573554 725e3b628ecfb382bfd9d75049d24f84
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_i386.deb
>       Size/MD5 checksum:    44092 93d59749719868c9e8e855ba5be957c1
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_i386.deb
>       Size/MD5 checksum:    30104 d867bd597db2deb7a818780addad7c46
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_i386.deb
>       Size/MD5 checksum:   443208 3c98ad946f941c338ce310c4dd58974f
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_i386.deb
>       Size/MD5 checksum:    40564 1d30a6edbb90f4ce1c477ed5be4e66f0
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_i386.deb
>       Size/MD5 checksum:    29336 ba2d26951c5f57b25319c00370f5d4d1
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_i386.deb
>       Size/MD5 checksum:    80734 4c162ed3aa37045dd23a9aaf97d62f7d
> 
>   Intel IA-64 architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_ia64.deb
>       Size/MD5 checksum:   808452 36eddb1c87e228a10e040e4aa810dd9f
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_ia64.deb
>       Size/MD5 checksum:    54684 ee6598a0976411bc0642a18fbac9ec9f
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_ia64.deb
>       Size/MD5 checksum:    33624 232ee172a92e67387fd0d2f0a85a44cc
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_ia64.deb
>       Size/MD5 checksum:   613016 24b0da95fed8f02496f3bde2f16ff34d
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_ia64.deb
>       Size/MD5 checksum:    47654 eb848894eda39ab7489a88cb31437ea1
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_ia64.deb
>       Size/MD5 checksum:    32046 62595c13e89cff5556267b8d154f6549
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_ia64.deb
>       Size/MD5 checksum:   105128 ba70646ab595919bb3624431170e9384
> 
>   Big endian MIPS architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mips.deb
>       Size/MD5 checksum:   672040 1461dead73436314eb88935df1ae9b13
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mips.deb
>       Size/MD5 checksum:    49638 7ee217f6d2f57a2e788092f1dfc7f0a3
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mips.deb
>       Size/MD5 checksum:    32002 90d28e7f4057ded75ca7cb7737cdce8e
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mips.deb
>       Size/MD5 checksum:   456562 fb22da4c7ea123176dcdb4021ed2dce4
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mips.deb
>       Size/MD5 checksum:    41234 c296d08bdf88d83c995f5051127b19ba
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mips.deb
>       Size/MD5 checksum:    29720 c31f5aa7cc55fc91efc83213e06791c9
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mips.deb
>       Size/MD5 checksum:    86744 663cd6aa6d9ee644aa3274338f6e34e6
> 
>   Little endian MIPS architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mipsel.deb
>       Size/MD5 checksum:   664562 a76a9ae04b3d9079316460dfd37541cf
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mipsel.deb
>       Size/MD5 checksum:    49610 9c4bf1245c7b16b6b216bbcf621204b4
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mipsel.deb
>       Size/MD5 checksum:    32034 fc77f927262ce430bcd065748b73ad66
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mipsel.deb
>       Size/MD5 checksum:   444222 1d2caa1d87e4d0b43418949153943187
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mipsel.deb
>       Size/MD5 checksum:    41046 070d0467544cb0581f0b3c133bad9d06
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mipsel.deb
>       Size/MD5 checksum:    29680 e37a2a5a6c24e9417cd67db9897fd486
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mipsel.deb
>       Size/MD5 checksum:    86486 aef8e31c38421662f3a875eb10d686e5
> 
>   PowerPC architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_powerpc.deb
>       Size/MD5 checksum:   651526 05cf43f123f3e547456cd8ab4469c609
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_powerpc.deb
>       Size/MD5 checksum:    47968 bfa6208065b64793934a43132c1421e3
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_powerpc.deb
>       Size/MD5 checksum:    31240 4d570e4ed7ee00fcc509b211cc06cfa1
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_powerpc.deb
>       Size/MD5 checksum:   472044 5468d5759aab624d75a5ae5ec8f80ea3
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_powerpc.deb
>       Size/MD5 checksum:    42980 588a81cdeaf6331b5bdd03b72039aea8
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_powerpc.deb
>       Size/MD5 checksum:    31274 1e1dbc0e4eda9c8f69ff370110d1c294
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_powerpc.deb
>       Size/MD5 checksum:    89146 475c8547c2286342097e71ca8be5e8f9
> 
>   IBM S/390 architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_s390.deb
>       Size/MD5 checksum:   621210 ed5404bd2125854397cbd66d833122ca
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_s390.deb
>       Size/MD5 checksum:    46662 f136bcbde244026bd7a5cb382909cf00
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_s390.deb
>       Size/MD5 checksum:    30396 48b3fdfa120eb49bb55fbb4dd61386cb
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_s390.deb
>       Size/MD5 checksum:   453426 267940fd3f7e641db873334b5bacc1fe
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_s390.deb
>       Size/MD5 checksum:    41518 c32030d7252d0e5b0a40988723e36239
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_s390.deb
>       Size/MD5 checksum:    29298 dd5bd8caf52912a5b5e4ebc3f1b1833f
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_s390.deb
>       Size/MD5 checksum:    80530 897b5056de7468e496e225668055d58a
> 
>   Sun Sparc architecture:
> 
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_sparc.deb
>       Size/MD5 checksum:   582952 c2d24c1f0036704fe390e629d679c56a
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_sparc.deb
>       Size/MD5 checksum:    44374 27e3b0f740919f3519f8cd1146b18f96
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_sparc.deb
>       Size/MD5 checksum:    30458 faccd537766990407a2720fe72ad437e
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_sparc.deb
>       Size/MD5 checksum:   443556 38ec6210f11c0c2e55c5b8d47dd5c17e
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_sparc.deb
>       Size/MD5 checksum:    40288 3af24912658ddecae77870cba99d7ca6
>     http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_sparc.deb
>       Size/MD5 checksum:    29122 00d80797d532b53164c3a6b62f78fc43
>     http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_sparc.deb
>       Size/MD5 checksum:    78120 5106a5323bfcf84b61ed6d0cc8203a27
> 
> 
>   These files will probably be moved into the stable distribution on
>   its next update.
> 
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFGtHkBXm3vHE4uyloRAuynAKCgWW4OTcuG40TFb8C60YtthFWl1ACfccAZ
> Y0s6KFcUQrACYB7XloHUbwA=
> =IkSZ
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
>
Reply to:
Prev by Date: Carl Martell Sippel ist außer Haus.
Next by Date: Unidentified subject!
Previous by thread: Carl Martell Sippel ist außer Haus.
Next by thread: Unidentified subject!
Index(es):
- Date
- Thread