Bug#322467: marked as done ([CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
Your message dated Tue, 16 Aug 2005 10:00:40 +0200
with message-id <87vf26b9av.fsf@alhambra.kuesterei.ch>
and subject line Bug#322467: Please Help
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Aug 2005 20:18:51 +0000
>From hille42@web.de Wed Aug 10 13:18:51 2005
Return-path: <hille42@web.de>
Received: from smtp08.web.de [217.72.192.226]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E2x2I-0004ox-00; Wed, 10 Aug 2005 13:18:50 -0700
Received: from [212.14.71.206] (helo=preusse.amasol.de)
by smtp08.web.de with asmtp (WEB.DE 4.105 #314)
id 1E2x1n-0000tf-00
for submit@bugs.debian.org; Wed, 10 Aug 2005 22:18:19 +0200
Received: by preusse.amasol.de (sSMTP sendmail emulation); Wed, 10 Aug 2005 22:18:18 +0200
Date: Wed, 10 Aug 2005 22:18:18 +0200
From: Hilmar Preusse <hille42@web.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability
Message-ID: <[🔎] 20050810201817.GA2452@preusse>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="KsGdsel6WgEHnImy"
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
X-Operating-System: CYGWIN_NT-5.0 1.5.18(0.132/4/2) i686
X-www.distributed.net: OGR-P2: 19 packets (1478.47 stats units) [3.19 Mnodes/s]
X-Face: .n=jHnz:2pu0c0)ef]4O#1FE{Vak?h89!g7_#2+PzSRoIU[pJFNnz>gLhn}UMwv}4/j{X.. 2E+>U>P!`PYk
X-Confirmation-Request: yes
X-Confirm-Reading-To: "Hilmar Preusse" <hille42@web.de>
Sender: hille42@web.de
X-Sender: hille42@web.de
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02
--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package: tetex-bin
Version: 2.0.2-31
Severity: grave
Tags: patch
Justification: can result in disk consumption and ultimately lead to a denial of service condition.
Just a reminder,
http://www.securityfocus.com/bid/14529/info
Ubuntu^1 already fixed the xpdf packages. I guess we're affected too,
as pdftex processes pdf files using the code from xpdf. I did not
file a bug against xpdf yet. I'm attaching a patch taken from
ftp://ftp.kde.org/pub/kde/security_patches/ and the sig. According to
Martin Pitt the original patch was posted to vendor-sec but I'm not
subscribed to it.
Regards,
Hilmar
^1 http://www.ubuntulinux.org/support/documentation/usn/usn-163-1
--
sigmentation fault
--KsGdsel6WgEHnImy
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="patch.tar.bz2"
Content-Transfer-Encoding: base64
QlpoOTFBWSZTWSo69mkAA9N/hvwwAgBz////////2n//3/4AAIAgAAhQBCxk8rNw3dOdN3YS
UJNTyap+lDwSe0MlPU9R6ZJ6TE9J6nqbSPU9TZNT1GmQ9QNHqYCUVPTJT9BppDSjEH6iPI0T
amgGQ0GaQBkZ6ggAEiRBT0FPyp4o2po0NDTQ8k9QNGjagAAABoGgcyaaGQAMRkGQA0wQMQDR
poAMgaABJESaTxMVPYon6mkDEHlNA/UjRpoaAAAAB6jRzGjT2yDxE4QmPgkD1qoWBxMSzFqB
FMQwSUoQkVMHHIksiGNFwSUpwfvFh5JruJ8HPzREOt8V0JqiGyENOV6dTmnBXTKe1mOruWme
wqt1sGQaBQkw+o0JFwEjGZHJEgk2hqCaGMYoqVX0l7AUi6VjJNduZSvpOlTBqGmRTCPoK662
aPOaiw5fIXmMW+SWXDrmXsNng8UCKzevgJrp6uoXEMhd0PHF0GVTktWEdyjlcc2XjiI02U1a
97gnO9ionVhi2fi1lsUQhxosDQD1KdMpxBfeXBAWNZYaZ0JVjfb3y4iYtsfjNMCo06lWU/h2
46JTcZ7ba4hgxHrYwxDdPGVu0cCxUG6hJ1tg468t8aa5tfLlw6hA4DOFKGBMbBxPq8a0zEW4
UyZF4wK+RxJ/xtug31tKxbi+daSkdnvGwSYawxoFSODDByMIkCJSOSmzy4EM0x5iyQJi6mi1
7mrJt4GF7JJPT290rGEud5ko2o2JEcRqM7QoqimgVDaBwwvaKPMSrgxswLH00Ynl8aOt56IL
IKZNoy9Db4/zY+nWTN00bN3Sqt98q23dVFIzPXfWq0LwPdeQgTjjIHDS7mBpOMNfMa9dSlnl
5zooP4g/fS0yfZUGGOf93Gu5Ap8ZRNjfDOs8RqQ7l0GVWR4u0A54EsNE+DwwvENPSl+hlzRY
z/+1v5eirx3VSjKfY2jXrSDAxEMuAVBeSeUojxP28k1Q3NojqqsFYxU6aUCawjclXeGdRxze
h6bFp6uFyjTSljCkpFSGIVVzXEETK+jKe0mJMYnDD+JTtojvdO4TzzVh15xcr2/dpw3WvKra
08OBxQKEtkmmxlqSyFsLBh8kRlxKiWcvVTJ0jYVai8LVA6Ec1LMlWiulKZcy0lTFX7uipTfE
OTI0JjUKZQGQ6SYvheDUGshoDaEw7LhlOqZAuFTiPmA3jWw8ltw9mbmaqckCDvrz6rqNitD9
jweZw2+NlIImMTtu2QhXwUU/0mEyOfa02Z+AW7Z5hsZtCkW713mJiME4coTNqLs7TRHyMvny
cwDH1zMS7BG1mg3ClDNifOWSjJkTPM1okioMiyqpDGl7d9LeR6SubihXsIRzEMT4wqdg6ZKW
/Fa922euLBvfk6z4oOAXElCMOVXIC4au3vEytk8Yr0lUeuTyrI/lnMxWZEZCZS82DUCbbS07
8gR2uLcrMXZxKyftDZwpFPlk1fJ2mEGU7ZYcz8y4WCJtQMoFUoLCROUFZYkhbS003JTMj7Qc
jmVIjiefqpKf40k8aPi1IKdyYdVcSHRcPCgnJKq+SleYfCoFpY4W2mGfO6SX/F3JFOFCQKjr
2aQ=
--KsGdsel6WgEHnImy--
---------------------------------------
Received: (at 322467-done) by bugs.debian.org; 16 Aug 2005 08:00:44 +0000
>From frank@kuesterei.ch Tue Aug 16 01:00:44 2005
Return-path: <frank@kuesterei.ch>
Received: from idmailgate1.unizh.ch [130.60.127.100]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E4wNH-0008Ic-00; Tue, 16 Aug 2005 01:00:44 -0700
Received: from localhost.localdomain ([130.60.169.214])
by idmailgate1.unizh.ch (8.13.1/8.13.1/SuSE Linux 0.7) with ESMTP id j7G80egH012058;
Tue, 16 Aug 2005 10:00:40 +0200
Received: from localhost
([127.0.0.1] helo=localhost.localdomain ident=frank)
by localhost.localdomain with esmtp (Exim 4.50)
id 1E4wNE-0001U2-EX; Tue, 16 Aug 2005 10:00:40 +0200
To: 322467-done@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#322467: Please Help
X-Attribution: fant
X-Ehrenamt: http://www.langau.de
In-Reply-To: <[🔎] 20050814162942.17666.qmail@foolabs.com> (Derek B. Noonburg's
message of "Sun, 14 Aug 2005 09:29:41 -0700 (PDT)")
References: <[🔎] 20050814162942.17666.qmail@foolabs.com>
From: =?iso-8859-1?q?Frank_K=FCster?= <frank@debian.org>
Date: Tue, 16 Aug 2005 10:00:40 +0200
Message-ID: <87vf26b9av.fsf@alhambra.kuesterei.ch>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: by amavisd-new
Delivered-To: 322467-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
"Derek B. Noonburg" <derekn@foolabs.com> wrote:
> On 12 Aug, Martin Schr=F6der wrote:
>> On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote:
>>> I don't know about 2005-2097, but the worst would be a crash of
>>> pdfTeX. Is a patch around?
>>=20
>> I've found it and checked the code: The vulnerable code
>> (fofi/FoFiTrueType.cc) is only called from the interactive code
>> (xpdf/PShOutputDev.cc and xpdf/SplashOutputDev.cc), which is not
>> included in pdfTex/teTeX.=20
>>=20
>> So teTeX is not affected.
>
> Well, PSOutputDev isn't "interactive" as such, but you're correct that
> it only affects those two modules (which means xpdf, pdftoppm, and
> pdftops).
So I'm closing this teTeX bug; xpdf already has its own.
Regards, Frank
--=20
Frank K=FCster
Inst. f. Biochemie der Univ. Z=FCrich
Debian Developer
Reply to: