Re: [SECURITY] [DSA 2357-1] evince security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2357-1] evince security update
From: Yves-Alexis Perez <corsac@debian.org>
Date: Sun, 04 Dec 2011 23:10:48 +0100
Message-id: <[🔎] 1323036648.14294.17.camel@scapa>
In-reply-to: <8739d0boa2.fsf@mid.deneb.enyo.de>
References: <8739d0boa2.fsf@mid.deneb.enyo.de>

On dim., 2011-12-04 at 11:54 +0100, Yves-Alexis Perez wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2357-1                   security@debian.org
> http://www.debian.org/security/                         Yves-Alexis Perez
> December 03, 2011                      http://www.debian.org/security/faq
> -------------------------------------------------------------------------
> 
> Package        : evince
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-264320
> Debian Bug     : 609534
> 
> Jon Larimer from IBM X-Force Advanced Research discovered multiple
> vulnerabilities in the DVI backend of the evince document viewer:
> 
> CVE-2010-2640
> 
>     Insuficient array bounds checks in the PK fonts parser could lead
>     to function pointer overwrite, causing arbitrary code execution.
> 
> CVE-2010-2641
> 
>     Insuficient array bounds checks in the PK fonts parser could lead
>     to function pointer overwrite, causing arbitrary code execution.
> 
> CVE-2010-2642
> 
>     Insuficient bounds checks in the AFM fonts parser when writing
>     data to a memory buffer allocated on heap could lead to arbitrary
>     memory overwrite and arbitrary code execution.
> 
> CVE-2010-2643
> 
>     Insuficient check on an integer used as a size for memory
>     allocation can lead to arbitrary write outside the allocated range
>     and cause arbitrary code execution.
> 
> For the oldstable distribution (lenny), this problem has been fixed in
> version 2.22.2-4~lenny2.
> 
> For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641
> and CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for
> CVE-2010-2642 was incomplete. The final fix is present in version
> 2.30.3-2+squeeze1.
> 
> For the testing distribution (wheezy), this problem has been fixed in
> version 3.0.2.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 3.0.2.

In case this wasn't completely clear, this is about CVE-2010-2642, and
the testing (wheezy) and unstable (sid) fixed versions are 3.0.2-1. For
the other CVEs, the fixed version was 2.30.3-2.

Sorry for the ambiguity.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Re: Bug#645881: critical update 29 available
Next by Date: Re: [SECURITY] [DSA 2358-1] openjdk-6 security update
Previous by thread: Re: Bug#645881: critical update 29 available
Next by thread: Re: [SECURITY] [DSA 2358-1] openjdk-6 security update
Index(es):
- Date
- Thread