Ubuntu
tetex-bin package

  1. Bug #26650
  2. Comment #0

Comment 0 for bug 26650

Revision history for this message
In , Moritz Muehlenhoff (jmm-inutil) wrote :

Package: tetex-bin
Version: 3.0-10.1
Severity: grave
Tags: security
Justification: user security hole

Multiple exploitable security problems have been found in xpdf, which are
all present in tetex-bin's embedded xpdf copy as well:

Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability
 http://www.idefense.com/application/poi/display?id=342

Multiple Vendor xpdf DCTStream Progressive Heap Overflow
 http://www.idefense.com/application/poi/display?id=343

Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability
 http://www.idefense.com/application/poi/display?id=344

Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability
 http://www.idefense.com/application/poi/display?id=345

Please reference CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193 when fixing
this.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages tetex-bin depends on:
ii debconf [debconf-2.0] 1.4.62 Debian configuration management sy
ii debianutils 2.15.1 Miscellaneous utilities specific t
ii dpkg 1.13.11.0.1 package maintenance system for Deb
ii ed 0.2-20 The classic unix line editor
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
ii libgcc1 1:4.0.2-5 GCC support library
ii libice6 6.8.2.dfsg.1-11 Inter-Client Exchange library
ii libkpathsea4 3.0-10.1 path search library for teTeX (run
ii libpaper1 1.1.14-3 Library for handling paper charact
ii libpng12-0 1.2.8rel-5 PNG library - runtime
ii libsm6 6.8.2.dfsg.1-11 X Window System Session Management
ii libstdc++6 4.0.2-5 The GNU Standard C++ Library v3
ii libt1-5 5.1.0-2 Type 1 font rasterizer library - r
ii libx11-6 6.8.2.dfsg.1-11 X Window System protocol client li
ii libxaw8 6.8.2.dfsg.1-11 X Athena widget set library
ii libxext6 6.8.2.dfsg.1-11 X Window System miscellaneous exte
ii libxmu6 6.8.2.dfsg.1-11 X Window System miscellaneous util
ii libxp6 6.8.2.dfsg.1-11 X Window System printing extension
ii libxpm4 6.8.2.dfsg.1-11 X pixmap library
ii libxt6 6.8.2.dfsg.1-11 X Toolkit Intrinsics
ii mime-support 3.35-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.7-8 Larry Wall's Practical Extraction
ii sed 4.1.4-4 The GNU sed stream editor
ii tetex-base 3.0-10 Basic library files of teTeX
ii ucf 2.004 Update Configuration File: preserv
pi xlibs 6.8.2.dfsg.1-11 X Window System client libraries m
ii zlib1g 1:1.2.3-8 compression library - runtime

Versions of packages tetex-bin recommends:
ii dialog 1.0-20051107-1 Displays user-friendly dialog boxe
pn libxml-parser-perl <none> (no description available)
pn perl-tk <none> (no description available)
ii psutils 1.17-21 A collection of PostScript documen
ii whiptail 0.51.6-31 Displays user-friendly dialog boxe

-- debconf information excluded