Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecurityNotifies] [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecurityNotifies] [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecurityNotifies] [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities
  • Date: Tue, 21 Dec 2010 18:34:34 +0100
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <jmm AT inutil.org>
  • Priority: urgent
  • Resent-date: Tue, 21 Dec 2010 17:34:51 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <ziTzNAf1ikJ.A.veB.7UOENB@liszt>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2135-1 security AT debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 21, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : xpdf
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-3702 CVE-2010-3704

Joel Voss of Leviathan Security Group discovered two vulnerabilities
in xpdf rendering engine, which may lead to the execution of arbitrary
code if a malformed PDF file is opened.

For the stable distribution (lenny), these problems have been fixed in
version 3.02-1.4+lenny3.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems don't apply, since xpdf has been
patched to use the Poppler PDF library.

We recommend that you upgrade your poppler packages.

Upgrade instructions
- --------------------

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce AT lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0Q5M4ACgkQXm3vHE4uyloQDACfabZRl0gOaEHypK8Ovaggiyte
XHgAn18UdLjvYoXkxzbPC7NqNvsmaCg6
=UpYe
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: 20101221173434.GA3250 AT galadriel.inutil.org">http://lists.debian.org/20101221173434.GA3250 AT galadriel.inutil.org



  • [IT-SecurityNotifies] [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities, Moritz Muehlenhoff, 21.12.2010

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang