[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: [SECURITY] [DSA 619-1] New xpdf packages fix arbitrary code execution

I presume the OpenBSD xpdf package has no security problems because of ProPolice?


- --------------------------------------------------------------------------
Debian Security Advisory DSA 619-1                     security_(_at_)_debian_(_dot_)_org
http://www.debian.org/security/                             Martin Schulze
December 30th, 2004                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xpdf
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1125
Debian Bug     : 286742 286983

An iDEFENSE security researcher discovered a buffer overflow in xpdf,
the portable document format (PDF) suite.  A maliciously crafted PDF
file could exploit this problem, resulting in the execution of arbitrary

For the stable distribution (woody) this problem has been fixed in
version 1.00-3.3.

For the unstable distribution (sid) this problem has been fixed in
version 3.00-11.

We recommend that you upgrade your xdpf package immediately.