[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy



Package: tetex-bin
Version: 3.0-10.1
Severity: grave
Tags: security
Justification: user security hole

Multiple exploitable security problems have been found in xpdf, which are
all present in tetex-bin's embedded xpdf copy as well:

Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability
 http://www.idefense.com/application/poi/display?id=342

Multiple Vendor xpdf DCTStream Progressive Heap Overflow
 http://www.idefense.com/application/poi/display?id=343

Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability
 http://www.idefense.com/application/poi/display?id=344

Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability
 http://www.idefense.com/application/poi/display?id=345

Please reference CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193 when fixing
this.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages tetex-bin depends on:
ii  debconf [debconf-2.0]    1.4.62          Debian configuration management sy
ii  debianutils              2.15.1          Miscellaneous utilities specific t
ii  dpkg                     1.13.11.0.1     package maintenance system for Deb
ii  ed                       0.2-20          The classic unix line editor
ii  libc6                    2.3.5-8.1       GNU C Library: Shared libraries an
ii  libgcc1                  1:4.0.2-5       GCC support library
ii  libice6                  6.8.2.dfsg.1-11 Inter-Client Exchange library
ii  libkpathsea4             3.0-10.1        path search library for teTeX (run
ii  libpaper1                1.1.14-3        Library for handling paper charact
ii  libpng12-0               1.2.8rel-5      PNG library - runtime
ii  libsm6                   6.8.2.dfsg.1-11 X Window System Session Management
ii  libstdc++6               4.0.2-5         The GNU Standard C++ Library v3
ii  libt1-5                  5.1.0-2         Type 1 font rasterizer library - r
ii  libx11-6                 6.8.2.dfsg.1-11 X Window System protocol client li
ii  libxaw8                  6.8.2.dfsg.1-11 X Athena widget set library
ii  libxext6                 6.8.2.dfsg.1-11 X Window System miscellaneous exte
ii  libxmu6                  6.8.2.dfsg.1-11 X Window System miscellaneous util
ii  libxp6                   6.8.2.dfsg.1-11 X Window System printing extension
ii  libxpm4                  6.8.2.dfsg.1-11 X pixmap library
ii  libxt6                   6.8.2.dfsg.1-11 X Toolkit Intrinsics
ii  mime-support             3.35-1          MIME files 'mime.types' & 'mailcap
ii  perl                     5.8.7-8         Larry Wall's Practical Extraction 
ii  sed                      4.1.4-4         The GNU sed stream editor
ii  tetex-base               3.0-10          Basic library files of teTeX
ii  ucf                      2.004           Update Configuration File: preserv
pi  xlibs                    6.8.2.dfsg.1-11 X Window System client libraries m
ii  zlib1g                   1:1.2.3-8       compression library - runtime

Versions of packages tetex-bin recommends:
ii  dialog                    1.0-20051107-1 Displays user-friendly dialog boxe
pn  libxml-parser-perl        <none>         (no description available)
pn  perl-tk                   <none>         (no description available)
ii  psutils                   1.17-21        A collection of PostScript documen
ii  whiptail                  0.51.6-31      Displays user-friendly dialog boxe

-- debconf information excluded



Reply to: