Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-2-1] xpdf vulnerabilities
From: Matt Zimmerman <mdz () canonical com>
Date: Fri, 22 Oct 2004 19:11:45 -0700

===========================================================
Ubuntu Security Notice 2-1                 October 22, 2004
xpdf vulnerabilities
CAN-2004-0889
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cupsys
xpdf-reader
xpdf-utils

The problem can be corrected by upgrading the affected package(s) to version
1.1.20final+cvs20040330-4ubuntu16.1 (cupsys) or version 3.00-8ubuntu1.1
(xpdf, xpdf-utils).

Details follow:

Chris Evans discovered several integer overflow vulnerabilities in xpdf, a
viewer for PDF files.  The Common UNIX Printing System (CUPS) also uses the
same code to print PDF files.  In either case, these vulnerabilities could
be exploited by an attacker by providing a specially crafted PDF file which,
when processed by CUPS or xpdf, could result in abnormal program termination
or the execution of program code supplied by the attacker.

In the case of CUPS, this bug could be exploited to gain the privileges of
the CUPS print server (by default, user cupsys).

In the case of xpdf, this bug could be exploited to gain the privileges of
the user invoking xpdf.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5 checksum:   534697 95294cef3031dd68e65f331e8750b2c2
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1.dsc
      Size/MD5 checksum:      867 84928a37fe563897e3f2be08d14309af
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.1.dsc
      Size/MD5 checksum:      788 470fec01c4327c0347b0351567d07434
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz
      Size/MD5 checksum:  5645146 5eb5983a71b26e4af841c26703fc2f79
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1.diff.gz
      Size/MD5 checksum:  1348256 c9d229c76aed774b30cdbd31a9ca5869
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.1.diff.gz
      Size/MD5 checksum:    46663 bcd2ba36826be729be49fced752a6aa2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.1_all.deb
      Size/MD5 checksum:    55980 a4e57a1a56abe868399efefbdf4a7da2
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.1_all.deb
      Size/MD5 checksum:     1278 34c127a497b18538b94626e5286300e1

  amd64 architecture (AMD and Intel x86-64)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
      Size/MD5 checksum:    57900 fd3b099c21a175c088115b688043325c
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
      Size/MD5 checksum:   100616 589d1ca530dcd2407dbc9d5f521623d5
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
      Size/MD5 checksum:   105720 a6beeb55e0f84f71e18417e509ee38b9
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
      Size/MD5 checksum:    52182 0567416ac047848c9888afd5b850b3e8
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
      Size/MD5 checksum:  3613930 bb4cf6391e7708941a94ea1f758dd275
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
      Size/MD5 checksum:    73714 62dffb68ac76edb97b13274d5273e849
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.1_amd64.deb
      Size/MD5 checksum:  1270772 e0f9a993688d6f8fdfba60645fedc8ee
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.1_amd64.deb
      Size/MD5 checksum:   666558 9e94c9cf00b7c26a035f58ed3b2bdac9
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.1_amd64.deb
      Size/MD5 checksum:    61522 71092a1307e3d3115cfeed2fc6d507ac

  i386 architecture (Intel ia32)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
      Size/MD5 checksum:  3602474 95ac36e9490207d1fdfe895cff833fc2
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
      Size/MD5 checksum:    70966 4277ba252c8edb01dfa1db5833bf7723
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
      Size/MD5 checksum:    97318 2e6fb007551503f230048ad7be42b08c
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
      Size/MD5 checksum:    61096 dd3c7d717b13674fe5aee29410612bf2
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
      Size/MD5 checksum:   103634 e4b2bdc1a6ab3cf68fa990f2099c5577
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
      Size/MD5 checksum:    57262 7bac9ae503674c5a3fd8860e265d4fb1
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.1_i386.deb
      Size/MD5 checksum:   631514 88e9d956fe472d017b61100b349c3edc
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.1_i386.deb
      Size/MD5 checksum:    51762 74acc9940b404e5816a0af4ef912544f
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.1_i386.deb
      Size/MD5 checksum:  1192898 5821d0fcdeea9419976fb1ed69db3dbe

  powerpc architecture (PowerPC)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
      Size/MD5 checksum:  3632962 dc740fa9fb8a8b279005683575457e1d
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
      Size/MD5 checksum:    73814 638effcf358a445961f9873a8efbb8be
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
      Size/MD5 checksum:   113416 e2e28d35d2e052d7b48530f868b929e9
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
      Size/MD5 checksum:    60714 76a834ca3f5db8a1c4b46c40a5510b77
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
      Size/MD5 checksum:    54406 c9a3448bce8de88c0067716c056e3340
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
      Size/MD5 checksum:   100014 35a168439b4ad855aa8f67300732e75d
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.1_powerpc.deb
      Size/MD5 checksum:   692706 266d4ceddfa50615162322156210d07e
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.1_powerpc.deb
      Size/MD5 checksum:  1310532 551067f4faad4865750cdcbbf6e4145d
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.1_powerpc.deb
      Size/MD5 checksum:    61806 4651dea9b5f83e499980af94bbd9c920

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
  • [USN-2-1] xpdf vulnerabilities Matt Zimmerman (Oct 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]