[SECURITY] [DTSA-54-1] New poppler packages fix integer overflow
- Subject: [SECURITY] [DTSA-54-1] New poppler packages fix integer overflow
- From: white at debian.org (Steffen Joeris)
- Date: Wed, 22 Aug 2007 16:44:40 +1000
- Message-id: <[🔎] 200708221650.57035.white@debian.org>
- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-54-1 August 22nd , 2007
secure-testing-team at lists.alioth.debian.org Steffen Joeris
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------
Package : poppler
Vulnerability : integer overflow
Problem-Scope : local (remote)
Debian-specific: no
CVE ID : CVE-2007-3387
It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.
For the testing distribution (lenny) this is fixed in version
0.5.4-6lenny1
For the unstable distribution (sid) this is fixed in version
0.5.4-6.1
This upgrade is recommended if you use poppler
Upgrade Instructions
- --------------------
To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free
To install the update, run this command as root:
apt-get update && apt-get upgrade
For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-announce/attachments/20070822/491d3a25/attachment.pgp
Reply to: