Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-410-2] teTeX vulnerability

from [Kees Cook] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-410-2] teTeX vulnerability
Date: Thu, 25 Jan 2007 17:04:00 -0800 
=========================================================== 
Ubuntu Security Notice USN-410-2           January 25, 2007
tetex-bin vulnerability
CVE-2007-0104
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  tetex-bin                                2.0.2-30ubuntu3.6

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-410-1 fixed vulnerabilities in the poppler PDF loader library.  This 
update provides the corresponding updates for a copy of this code in 
tetex-bin in Ubuntu 5.10.  Versions of tetex-bin after Ubuntu 5.10 use 
poppler directly and do not need a separate update.

Original advisory details:

 The poppler PDF loader library did not limit the recursion depth of
 the page model tree. By tricking a user into opening a specially
 crafter PDF file, this could be exploited to trigger an infinite loop
 and eventually crash an application that uses this library.


Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6.diff.gz
      Size/MD5:   157893 b6007efd29194cc9fec42307922c3ba7
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6.dsc
      Size/MD5:     1026 e8f70041aef468507fa065c6f954b5c0
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.6_amd64.deb
      Size/MD5:    73832 70ffe21b80c15ad83dc01d740103fab9
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.6_amd64.deb
      Size/MD5:    63206 293d6e51cb2040243b5fd295e9c14be6
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6_amd64.deb
      Size/MD5:  4483952 e247a7e58f1d01deca3a21c9f5cab205

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.6_i386.deb
      Size/MD5:    65990 45d8cde62b5130125d75bff6382ecdaa
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.6_i386.deb
      Size/MD5:    59262 58fbd1420c687797aae6ba9f311a3db0
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6_i386.deb
      Size/MD5:  3885432 3641a03d2496ddb37041fe1a1688b00f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.6_powerpc.deb
      Size/MD5:    75806 0649e9b518f220facf494af01590a9c0
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.6_powerpc.deb
      Size/MD5:    64436 09bcbd56e5613821b40119ba87b5d2a7
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6_powerpc.deb
      Size/MD5:  4472130 751f6987e7a38ca7a7dc9313ab867ee8

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.6_sparc.deb
      Size/MD5:    72188 a4a1f70848c7bc7155ec5cf14d207b15
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.6_sparc.deb
      Size/MD5:    62896 8c9e04a67589f38219e88f74966b831b
    
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6_sparc.deb
      Size/MD5:  4237728 e4b5610a38c00f601ea23b5f1a534e4a

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-410-2] teTeX vulnerability, Kees Cook <=
Previous by Date:  [Full-disclosure] rPSA-2007-0021-1 bind bind-utils, rPath Update Announcements
Next by Date:  [Full-disclosure] [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati
Previous by Thread:  [Full-disclosure] rPSA-2007-0021-1 bind bind-utils, rPath Update Announcements
Next by Thread:  [Full-disclosure] [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati
Indexes:  [Date] [Thread] [Top] [All Lists]