1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities

    From Moritz Muehlenhoff@1:229/2 to All on Tue Dec 21 18:40:02 2010
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------ Debian Security Advisory DSA-2135-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 21, 2010 http://www.debian.org/security/faq
    - ------------------------------------------------------------------------

    Package : xpdf
    Vulnerability : several
    Problem type : local(remote)
    Debian-specific: no
    CVE Id(s) : CVE-2010-3702 CVE-2010-3704

    Joel Voss of Leviathan Security Group discovered two vulnerabilities
    in xpdf rendering engine, which may lead to the execution of arbitrary
    code if a malformed PDF file is opened.

    For the stable distribution (lenny), these problems have been fixed in
    version 3.02-1.4+lenny3.

    For the upcoming stable distribution (squeeze) and the unstable
    distribution (sid), these problems don't apply, since xpdf has been
    patched to use the Poppler PDF library.

    We recommend that you upgrade your poppler packages.

    Upgrade instructions
    - --------------------

    If you are using the apt-get package manager, use the line for
    sources.list as given below:

    apt-get update
    will update the internal database
    apt-get upgrade
    will install corrected packages

    You may use an automated update by adding the resources from the
    footer to the proper configuration.

    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: [email protected]
    Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iEYEARECAAYFAk0Q5M4ACgkQXm3vHE4uyloQDACfabZRl0gOaEHypK8Ovaggiyte XHgAn18UdLjvYoXkxzbPC7NqNvsmaCg6
    =UpYe
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)