Bug#322467: Please Help

To: Martin Schroeder <ms@pdftex.org>
Cc: 322467@bugs.debian.org, Thomas Esser <te@dbs.uni-hannover.de>, Hilmar Preusse <hille42@web.de>, Joey Hess <joeyh@debian.org>, Debian Security Team <team@security.debian.org>, "Derek B. Noonburg" <derekn@foolabs.com>
Subject: Bug#322467: Please Help
From: Frank Küster <frank@debian.org>
Date: Fri, 12 Aug 2005 18:11:00 +0200
Message-id: <[🔎] 87d5oj5e5n.fsf@alhambra.kuesterei.ch>
Reply-to: Frank Küster <frank@debian.org>, 322467@bugs.debian.org
In-reply-to: <[🔎] 20050812140807.GA15151@lucien.oneiros.kn-bremen.de> (Martin Schroeder's message of "Fri, 12 Aug 2005 16:08:07 +0200")
References: <[🔎] 20050810201817.GA2452@preusse> <[🔎] 87br44on2t.fsf@alhambra.kuesterei.ch> <[🔎] 87d5oj7d8l.fsf_-_@alhambra.kuesterei.ch> <[🔎] 20050812113632.GA12044@dbs.uni-hannover.de> <[🔎] 20050812140807.GA15151@lucien.oneiros.kn-bremen.de>

Martin Schroeder <ms@pdftex.org> wrote:

> On 2005-08-12 13:36:32 +0200, Thomas Esser wrote:
>> > Now I'm wondering which changes you have made to the upstream sources,
>> > and whether they were on purpose; and whether this makes teTeX
>> > non-vulnerable, or requires a different patch to fix the vulnerability.
>> 
>> For the reasons given above, I think that teTeX is only affected by a
>> subset of all xpdf vulnerabilities.
>
> We already have xpdf 3.00pl3, so everything till then should be
> fixed. We checked sometime before CAN2005-2097 for effects of the
> known vulnerabilities on pdfTeX and found none.

Have you pdfTeX people ever considered to use libpoppler instead of
copied xpdf code - or are there any plans for a libxpdf?  In this case
it would be much easier, because all distributions would simply provide
a new version of the dynamic library and be done for all xpdf-derived
things. 

> I don't know about 2005-2097, but the worst would be a crash of
> pdfTeX. 

Unfortunately not, the worst is a DOS attack against a "pdf server", as
explained in:

http://www.ubuntulinux.org/support/documentation/usn/usn-163-1

,----
| xpdf and kpdf did not sufficiently verify the validity of the "loca"
| table in PDF files, a table that contains glyph description
| information for embedded TrueType fonts. After detecting the broken
| table, xpdf attempted to reconstruct the information in it, which
| caused the generation of a huge temporary file that quickly filled up
| available disk space and rendered the application unresponsive.
`----

> Is a patch around?

Yes, as an attachment on http://bugs.debian.org/322467, or at
ftp://ftp.kde.org/pub/kde/security_patches/ where Hilmar took it from. 

Regards, Frank
-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Reply to:

References:
- Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability
  - From: Hilmar Preusse <hille42@web.de>
- Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability
  - From: Frank Küster <frank@debian.org>
- Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
  - From: Frank Küster <frank@debian.org>
- Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
  - From: Thomas Esser <te@dbs.uni-hannover.de>
- Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
  - From: Martin Schroeder <ms@pdftex.org>

Prev by Date: Bug#316154: texmf.cfg: Close possible security problem
Next by Date: Bug#322407 acknowledged by developer (Bug#322407: fixed in python2.3 2.3.5-7)
Previous by thread: Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
Next by thread: Bug#322467: marked as done ([CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
Index(es):
- Date
- Thread