On dim., 2011-12-04 at 11:54 +0100, Yves-Alexis Perez wrote: > ------------------------------------------------------------------------- > Debian Security Advisory DSA-2357-1 security@debian.org > http://www.debian.org/security/ Yves-Alexis Perez > December 03, 2011 http://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : evince > Vulnerability : several > Problem type : remote > Debian-specific: no > CVE ID : CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-264320 > Debian Bug : 609534 > > Jon Larimer from IBM X-Force Advanced Research discovered multiple > vulnerabilities in the DVI backend of the evince document viewer: > > CVE-2010-2640 > > Insuficient array bounds checks in the PK fonts parser could lead > to function pointer overwrite, causing arbitrary code execution. > > CVE-2010-2641 > > Insuficient array bounds checks in the PK fonts parser could lead > to function pointer overwrite, causing arbitrary code execution. > > CVE-2010-2642 > > Insuficient bounds checks in the AFM fonts parser when writing > data to a memory buffer allocated on heap could lead to arbitrary > memory overwrite and arbitrary code execution. > > CVE-2010-2643 > > Insuficient check on an integer used as a size for memory > allocation can lead to arbitrary write outside the allocated range > and cause arbitrary code execution. > > For the oldstable distribution (lenny), this problem has been fixed in > version 2.22.2-4~lenny2. > > For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641 > and CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for > CVE-2010-2642 was incomplete. The final fix is present in version > 2.30.3-2+squeeze1. > > For the testing distribution (wheezy), this problem has been fixed in > version 3.0.2. > > For the unstable distribution (sid), this problem has been fixed in > version 3.0.2. In case this wasn't completely clear, this is about CVE-2010-2642, and the testing (wheezy) and unstable (sid) fixed versions are 3.0.2-1. For the other CVEs, the fixed version was 2.30.3-2. Sorry for the ambiguity. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part