Security advisory: xpdf (CVE-2005-3624/25/26/27)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Security advisory: xpdf (CVE-2005-3624/25/26/27)

Yaakov (Cygwin/X)
Xpdf is vulnerable to integer overflows that may be exploited to execute
arbitrary code.

Solution: apply this patch to xpdf-3.01:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-text/xpdf/files/xpdf-3.01-sec-rollup.patch

More information:
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml


Yaakov
Reply | Threaded
Open this post in threaded view
|

Re: Security advisory: xpdf (CVE-2005-3624/25/26/27)

Yaakov (Cygwin/X)
Yaakov S (Cygwin Ports) wrote:
> Xpdf is vulnerable to integer overflows that may be exploited to execute
> arbitrary code.
>
> Solution: apply this patch to xpdf-3.01:
> http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-text/xpdf/files/xpdf-3.01-sec-rollup.patch 
>
>
> More information:
> http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

Now, in addition to the above, there's another heap overflow
vulnerability.  Isn't maintaining xpdf a lot of fun? :-)

Solution:  apply this patch (IN ADDITION to the others):
https://bugzilla.novell.com/attachment.cgi?id=66287

More information:
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml


Yaakov
Reply | Threaded
Open this post in threaded view
|

Re: Security advisory: xpdf (CVE-2005-3624/25/26/27)

Dr. Volker Zell
>>>>> Yaakov S writes:

    > Yaakov S (Cygwin Ports) wrote:
    >> Xpdf is vulnerable to integer overflows that may be exploited to
    >> execute arbitrary code.
    >> Solution: apply this patch to xpdf-3.01:
    >> http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-text/xpdf/files/xpdf-3.01-sec-rollup.patch
    >> More information:
    >> http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

    > Now, in addition to the above, there's another heap overflow
    > vulnerability.  Isn't maintaining xpdf a lot of fun? :-)

I'll try packaging a new version this evening.

    > Yaakov

Ciao
  Volker