Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0159 -- [Debian] New xpdf packages fix several problems 3 March 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xpdf Publisher: Debian Operating System: Debian GNU/Linux 3.1 Access: Remote/Unauthenticated Original Bulletin: http://www.debian.org/security/2006/dsa-984 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 984-1 security@debian.org http://www.debian.org/security/ Martin Schulze March 2nd, 2006 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : xpdf Vulnerability : several Problem type : local (remote) Debian-specific: no Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite. The old stable distribution (woody) does not seem to be affected. For the stable distribution (sarge) these problems have been fixed in version 3.00-13.6. For the unstable distribution (sid) these problems have been fixed in version 3.01-7. We recommend that you upgrade your xpdf packages. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6.dsc Size/MD5 checksum: 781 3b09a41551eb88e135d4c1545edc3897 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6.diff.gz Size/MD5 checksum: 51817 20487e64403271f8193ddc959ff46d06 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz Size/MD5 checksum: 534697 95294cef3031dd68e65f331e8750b2c2 Architecture independent components: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.6_all.deb Size/MD5 checksum: 56592 49fcfd17053fba4b288e0ce69660f108 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6_all.deb Size/MD5 checksum: 1284 91afb670cc3c9c19fb1e153c650f5fc1 Alpha architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_alpha.deb Size/MD5 checksum: 802784 6db7693ed94beda4f4918e8a639e0165 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_alpha.deb Size/MD5 checksum: 1528860 edaa31b0b8c87b8605f4fddbe5197826 AMD64 architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_amd64.deb Size/MD5 checksum: 668468 6038c7858722032cef42823af1ceb27d http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_amd64.deb Size/MD5 checksum: 1275066 cad43af52cea66d5e2e046eaf0b0c734 ARM architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_arm.deb Size/MD5 checksum: 675102 933e77479fa35243f25b9cf0a7af9960 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_arm.deb Size/MD5 checksum: 1279998 a2618d91a020e91f4a543526b00bab7e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_i386.deb Size/MD5 checksum: 657110 7da2961c7030f4753ea677d40c7e8264 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_i386.deb Size/MD5 checksum: 1242800 1fe93e71851091093ad61e0fc9e207ef Intel IA-64 architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_ia64.deb Size/MD5 checksum: 951326 055fe0db7d1f7111cc6370f65d45f439 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_ia64.deb Size/MD5 checksum: 1802816 f9168deac0eda96b115bde2fbbf422e6 HP Precision architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb Size/MD5 checksum: 833234 53a85c49c0d0ed760da1ac5bd256cc1c http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_hppa.deb Size/MD5 checksum: 1581132 b830198ef741369f777e4a231c2b2352 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_m68k.deb Size/MD5 checksum: 586338 a951da441c2a3288622b116932faa42d http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_m68k.deb Size/MD5 checksum: 1117564 2fa1b6c62f770dbae84a02ca274fc0be Big endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mips.deb Size/MD5 checksum: 808166 590198eb28d9ed0d6b32be9d1bac320b http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_mips.deb Size/MD5 checksum: 1525622 64de5bac988b7dc970cbf4e2ac5c991e Little endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mipsel.deb Size/MD5 checksum: 798476 f269b9c1fc2ed4b90c32f4c53b0a8c91 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_mipsel.deb Size/MD5 checksum: 1504284 998fc34caadad1809fcb5bfe8d9dccd1 PowerPC architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_powerpc.deb Size/MD5 checksum: 694632 bc97e0eb5dbaa07f107507d5f956f1c6 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_powerpc.deb Size/MD5 checksum: 1313730 8851ce3bb1bc3fd71a3e6ced3080e392 IBM S/390 architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_s390.deb Size/MD5 checksum: 631038 0ffbacdcf61d48ba58c27c3a21156520 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_s390.deb Size/MD5 checksum: 1199354 3d551ef88027086a58bbe6e2312728fe Sun Sparc architecture: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_sparc.deb Size/MD5 checksum: 626786 9ab324a84408a8ab36b6d334d8ca0a65 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_sparc.deb Size/MD5 checksum: 1182350 bc265faf7e76574c8256e33d17b6faeb These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEBtoyW5ql+IAeqTIRAqt9AKCxS2vwEbRHxlY6UPNgQj4H5FKx8wCfdJWa jp4TZxeaK2w3GTOUcb+XPPM= =o28I - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRAeIhyh9+71yA2DNAQIzbQQAkZUxShEGSemvuPHnv3aHfBBcJVVbTdZM xtKcenJrQjPLggmXM8tPI9Iqg9mPrY5v8S6Gm6AnSNB17IiYtMqRVv0bnHlDKANP hJWq5KjgQ1L2l8Vh0kywqVY4J8yiZmBa83FAafxzI/qPkaKs2UCZSV5mU+GgDwqO Pl1APa6lYqU= =LmFC -----END PGP SIGNATURE-----