=========================================================== Ubuntu Security Notice 14-1 November 1, 2004 xpdf vulnerabilities CAN-2004-0888, CAN-2004-0889 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: xpdf-reader xpdf-utils cupsys tetex-bin The problem can be corrected by upgrading the affected package(s) to version 1.1.20final+cvs20040330-4ubuntu16.2 (cupsys), version 3.00-8ubuntu1.2 (xpdf-reader, xpdf-utils), or version 2.0.2-21ubuntu0.2 (tetex-bin). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Markus Meissner discovered even more integer overflow vulnerabilities in xpdf, a viewer for PDF files. These integer overflows can eventually lead to buffer overflows. The Common UNIX Printing System (CUPS) uses the same code to print PDF files; tetex-bin uses the code to generate PDF output and process included PDF files. In any case, these vulnerabilities could be exploited by an attacker providing a specially crafted PDF file which, when processed by CUPS, xpdf, or pdflatex, could result in abnormal program termination or the execution of program code supplied by the attacker. In the case of CUPS, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys). In the cases of xpdf and pdflatex, this bug could be exploited to gain the privileges of the user invoking the program. Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2.diff.gz Size/MD5: 1349183 2a9af09fb2281cc7d8b33a7cbe787c1e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2.dsc Size/MD5: 867 0b814f95ca945f00b994b85b21529ed0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz Size/MD5: 5645146 5eb5983a71b26e4af841c26703fc2f79 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2.diff.gz Size/MD5: 110942 d3656e1ce48c5b76d2c4a2e419e46af2 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2.dsc Size/MD5: 1062 cf4f5d0938cfe9067c9659ff81446798 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.2.diff.gz Size/MD5: 47228 aecaab970f7a93ff0aa6eabeab2d8c84 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.2.dsc Size/MD5: 788 79e1a5984f2603684ab96e56d2bfb87d http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.2_all.deb Size/MD5: 56176 01178c68df7b149fce48a4c402b5f96d http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.2_all.deb Size/MD5: 1272 8c7d1abd4f790ed93d5f58e3052de6b0 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb Size/MD5: 58096 ac0101e69dd47329ea063a5b4537402a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb Size/MD5: 105948 88defb355b823d487cd7a03dc428d3e3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb Size/MD5: 3613942 c0b7985c971ba193b8124bf5c69c13f2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb Size/MD5: 61724 ddc259225e40fc2e2fa963df3bd55582 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb Size/MD5: 52388 e826f2b159ea716f594bcf8c5cad9a2d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb Size/MD5: 100826 29525bf26d559b76d5dfe16662353308 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb Size/MD5: 73910 1ea1c865abf1a9973620d66858306652 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.2_amd64.deb Size/MD5: 72744 135f2379dd167e61de064be723dba23c http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.2_amd64.deb Size/MD5: 59926 39b8460a7d86e1ad28cfd6b5bbfb27d4 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2_amd64.deb Size/MD5: 4327706 f94e137f5fa9aa0cc5b2f60a559af861 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.2_amd64.deb Size/MD5: 666694 4f1aa4a202484f10305d3469db754a3f http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.2_amd64.deb Size/MD5: 1270778 4722054b11da6c2bebfb61287423f32b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb Size/MD5: 57442 2781ff2d7c97b109de7cbc9d88a62cd7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb Size/MD5: 103832 f5d421595e723e49dff5bce567057ced http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb Size/MD5: 3602424 d5b8b43a814af86a83aa5e91c6308dcc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb Size/MD5: 61292 3dfd72714a5afb053de5a2ce0b28d266 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb Size/MD5: 51960 688bfed1ff18c11c34bdac8f7c68846a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb Size/MD5: 97530 61356952dd9267eedbc9ee6c27147003 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb Size/MD5: 71172 613ab789243b600cc4b5442f30c106fa http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.2_i386.deb Size/MD5: 64830 61293e557d6f0fad07244412917f1053 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.2_i386.deb Size/MD5: 56326 743b2cae54cfbfb38cfbbdb3b4037c53 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2_i386.deb Size/MD5: 3812462 196509178e258629483368f89b3a380f http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.2_i386.deb Size/MD5: 631510 22bdbe4b6e1669e632f3ff7a4462d80d http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.2_i386.deb Size/MD5: 1192886 1bf8406a9a11e1cde44101edecf07446 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb Size/MD5: 62050 0d94667a4a5ec4b07d4b3af1cad43a1a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb Size/MD5: 113636 3dfdef5696f579e9f5faf8589c607b78 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb Size/MD5: 3632952 7ab065c5ec821c39fc10ea10e3983d27 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb Size/MD5: 60918 8bc8293f67f4e1a94772dbb29a919634 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb Size/MD5: 54614 4cafe7af9dcedb199b23e50e059b130f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb Size/MD5: 100214 48a662bb07c036cacc50a3e462382cfc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb Size/MD5: 74016 83a562bfb37100d1b6f2e107dd7ea09b http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.2_powerpc.deb Size/MD5: 74898 b3da7cccc2b9158cf9e76d656ebfc140 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.2_powerpc.deb Size/MD5: 61268 8021461b6861cfabc6fdeebc094e7241 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2_powerpc.deb Size/MD5: 4350430 04d2aeb65e2ce086f31f71a8ba37a5f0 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.2_powerpc.deb Size/MD5: 692700 ea37a0a274161869ede9f9787f35c726 http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.2_powerpc.deb Size/MD5: 1310526 9d50c892a6c0452e166e93a825920738
Attachment:
signature.asc
Description: Digital signature