Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200512-08 ] Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1650

PostPosted: Fri Dec 16, 2005 9:26 am    Post subject: [ GLSA 200512-08 ] Xpdf, GPdf, CUPS, Poppler: Multiple vulne Reply with quote

Gentoo Linux Security Advisory

Title: Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities (GLSA 200512-08)
Severity: normal
Exploitable: remote
Date: December 16, 2005
Updated: December 17, 2005
Bug(s): #114428, #115286
ID: 200512-08

Synopsis


Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and
Poppler potentially resulting in the execution of arbitrary code.


Background


Xpdf and GPdf are PDF file viewers that run under the X Window System.
Poppler is a PDF rendering library based on Xpdf code. The Common UNIX
Printing System (CUPS) is a cross-platform print spooler. It makes use
of Xpdf code to handle PDF files.


Affected Packages

Package: app-text/xpdf
Vulnerable: < 3.01-r2
Unaffected: >= 3.01-r2
Architectures: All supported architectures

Package: app-text/gpdf
Vulnerable: < 2.10.0-r2
Unaffected: >= 2.10.0-r2
Architectures: All supported architectures

Package: app-text/poppler
Vulnerable: < 0.4.2-r1
Unaffected: >= 0.4.2-r1
Unaffected: >= 0.3.0-r1 < 0.3.1
Architectures: All supported architectures

Package: net-print/cups
Vulnerable: < 1.1.23-r3
Unaffected: >= 1.1.23-r3
Architectures: All supported architectures


Description


infamous41md discovered that several Xpdf functions lack sufficient
boundary checking, resulting in multiple exploitable buffer overflows.


Impact


An attacker could entice a user to open a specially-crafted PDF file
which would trigger an overflow, potentially resulting in execution of
arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or
Poppler.


Workaround


There is no known workaround at this time.


Resolution


All Xpdf users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r2"

All GPdf users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r2"

All Poppler users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose app-text/poppler

All CUPS users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r3"


References

CVE-2005-3191
CVE-2005-3192
CVE-2005-3193


Last edited by GLSA on Sat Mar 26, 2011 4:21 am; edited 3 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum