From e2d2601af48cf003e7285145d0f00164fa13bfd5 Mon Sep 17 00:00:00 2001 From: Neil McGovern Date: Wed, 25 Jan 2006 20:12:20 +0000 Subject: Releasing DTSA-28-1 (gpdf) git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3368 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- website/DTSA/DTSA-28-1.html | 140 ++++++++++++++++++++++++++++++++++++++++++++ website/list.html | 4 +- 2 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 website/DTSA/DTSA-28-1.html (limited to 'website') diff --git a/website/DTSA/DTSA-28-1.html b/website/DTSA/DTSA-28-1.html new file mode 100644 index 0000000000..df33e390f3 --- /dev/null +++ b/website/DTSA/DTSA-28-1.html @@ -0,0 +1,140 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-28-1

+
+
Date Reported:
+
January 25th, 2005
+
Affected Package:
+
gpdf
+
Vulnerability:
+
multiple vulnerabilities
+
Problem-Scope:
+
local/user-initiated
+
Debian-specific:
+
No
+
CVE:
+
+CVE-2005-2097 +CVE-2005-3193 +CVE-2005-3624 +CVE-2005-3625 +CVE-2005-3626 +CVE-2005-3627 +CVE-2005-3628 +
+
More information:
+
 
+Multiple security holes have been found in the xpdf library which gpdf embbeds: 

+CVE-2005-2097 
+ xpdf does not properly validate the "loca" table in PDF files, which allows 
+ local users to cause a denial of service (disk consumption and hang) via a 
+ PDF file with a "broken" loca table, which causes a large temporary file to 
+ be created when xpdf attempts to reconstruct the information.  
+  
+CVE-2005-3193 
+ Heap-based buffer overflow in the JPXStream::readCodestream function in the 
+ JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows 
+ user-complicit attackers to cause a denial of service (heap corruption) and 
+ possibly execute arbitrary code via a crafted PDF file with large size values 
+ that cause insufficient memory to be allocated. 
+  
+CVE-2005-3624 
+ The CCITTFaxStream::CCITTFaxStream function in Stream.cc for gpdf allows 
+ attackers to corrupt the heap via negative or large integers in a 
+ CCITTFaxDecode stream, which lead to integer overflows and integer 
+ underflows. 
+  
+CVE-2005-3625 
+ Xpdf allows attackers to cause a denial of service (infinite loop) via 
+ streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode 
+ and (2) DCTDecode streams, aka "Infinite CPU spins." 
+  
+CVE-2005-3626 
+ Xpdf allows attackers to cause a denial of service (crash) via a crafted 
+ FlateDecode stream that triggers a null dereference. 
+  
+CVE-2005-3627 
+ Stream.cc in Xpdf allows attackers to modify memory and possibly execute 
+ arbitrary code via a DCTDecode stream with (1) a large "number of components" 
+ value that is not checked by DCTStream::readBaselineSOF or 
+ DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that 
+ is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the 
+ scanInfo.numComps value by DCTStream::readScanInfo. 
+  
+CVE-2005-3628 
+ Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in 
+ Xpdf allows attackers to modify memory and possibly execute arbitrary code 
+ via unknown attack vectors. 

+Please note, these issues have already been fixed in stable from the following 
+security announcements: 
+DSA-780-1, DSA-931-1, DSA-932-1, DSA-936-1, DSA-937-1, DSA-938-1, DSA-940-1, 
+DSA-950-1 
+
+
For the testing distribution (etch) this is fixed in version 2.10.0-1+etch1
+
For the unstable distribution (sid) this is fixed in version 2.10.0-2
+
This upgrade is recommended if you use gpdf.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:
+ +
apt-get update && apt-get install gpdf
+
+ +
+
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+
+
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
+
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
+
+
The archive signing key can be downloaded from
+
http://secure-testing.debian.net/ziyi-2005-7.asc
+ +
+ + +
+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/list.html b/website/list.html index 61b2f10754..b4b60047e7 100644 --- a/website/list.html +++ b/website/list.html @@ -87,8 +87,10 @@
access validation error
[December 5th, 2005] DTSA-26-1 trackballs
symlink attack
-
[Janurary 20th, 2006] DTSA-27-1 fuse
+
[January 20th, 2006] DTSA-27-1 fuse
potential data corruption when installed seduid root
+
[January 25th, 2005] DTSA-28-1 gpdf
+
multiple vulnerabilities
-- cgit v1.2.3