Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0159 -- [Debian]
New xpdf packages fix several problems
3 March 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xpdf
Publisher: Debian
Operating System: Debian GNU/Linux 3.1
Access: Remote/Unauthenticated
Original Bulletin: http://www.debian.org/security/2006/dsa-984
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 984-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
March 2nd, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : xpdf
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
Derek Noonburg has fixed several potential vulnerabilities in xpdf,
the Portable Document Format (PDF) suite.
The old stable distribution (woody) does not seem to be affected.
For the stable distribution (sarge) these problems have been fixed in
version 3.00-13.6.
For the unstable distribution (sid) these problems have been fixed in
version 3.01-7.
We recommend that you upgrade your xpdf packages.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6.dsc
Size/MD5 checksum: 781 3b09a41551eb88e135d4c1545edc3897
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6.diff.gz
Size/MD5 checksum: 51817 20487e64403271f8193ddc959ff46d06
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
Size/MD5 checksum: 534697 95294cef3031dd68e65f331e8750b2c2
Architecture independent components:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.6_all.deb
Size/MD5 checksum: 56592 49fcfd17053fba4b288e0ce69660f108
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6_all.deb
Size/MD5 checksum: 1284 91afb670cc3c9c19fb1e153c650f5fc1
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_alpha.deb
Size/MD5 checksum: 802784 6db7693ed94beda4f4918e8a639e0165
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_alpha.deb
Size/MD5 checksum: 1528860 edaa31b0b8c87b8605f4fddbe5197826
AMD64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_amd64.deb
Size/MD5 checksum: 668468 6038c7858722032cef42823af1ceb27d
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_amd64.deb
Size/MD5 checksum: 1275066 cad43af52cea66d5e2e046eaf0b0c734
ARM architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_arm.deb
Size/MD5 checksum: 675102 933e77479fa35243f25b9cf0a7af9960
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_arm.deb
Size/MD5 checksum: 1279998 a2618d91a020e91f4a543526b00bab7e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_i386.deb
Size/MD5 checksum: 657110 7da2961c7030f4753ea677d40c7e8264
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_i386.deb
Size/MD5 checksum: 1242800 1fe93e71851091093ad61e0fc9e207ef
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_ia64.deb
Size/MD5 checksum: 951326 055fe0db7d1f7111cc6370f65d45f439
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_ia64.deb
Size/MD5 checksum: 1802816 f9168deac0eda96b115bde2fbbf422e6
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb
Size/MD5 checksum: 833234 53a85c49c0d0ed760da1ac5bd256cc1c
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_hppa.deb
Size/MD5 checksum: 1581132 b830198ef741369f777e4a231c2b2352
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_m68k.deb
Size/MD5 checksum: 586338 a951da441c2a3288622b116932faa42d
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_m68k.deb
Size/MD5 checksum: 1117564 2fa1b6c62f770dbae84a02ca274fc0be
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mips.deb
Size/MD5 checksum: 808166 590198eb28d9ed0d6b32be9d1bac320b
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_mips.deb
Size/MD5 checksum: 1525622 64de5bac988b7dc970cbf4e2ac5c991e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mipsel.deb
Size/MD5 checksum: 798476 f269b9c1fc2ed4b90c32f4c53b0a8c91
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_mipsel.deb
Size/MD5 checksum: 1504284 998fc34caadad1809fcb5bfe8d9dccd1
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_powerpc.deb
Size/MD5 checksum: 694632 bc97e0eb5dbaa07f107507d5f956f1c6
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_powerpc.deb
Size/MD5 checksum: 1313730 8851ce3bb1bc3fd71a3e6ced3080e392
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_s390.deb
Size/MD5 checksum: 631038 0ffbacdcf61d48ba58c27c3a21156520
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_s390.deb
Size/MD5 checksum: 1199354 3d551ef88027086a58bbe6e2312728fe
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_sparc.deb
Size/MD5 checksum: 626786 9ab324a84408a8ab36b6d334d8ca0a65
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_sparc.deb
Size/MD5 checksum: 1182350 bc265faf7e76574c8256e33d17b6faeb
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEBtoyW5ql+IAeqTIRAqt9AKCxS2vwEbRHxlY6UPNgQj4H5FKx8wCfdJWa
jp4TZxeaK2w3GTOUcb+XPPM=
=o28I
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRAeIhyh9+71yA2DNAQIzbQQAkZUxShEGSemvuPHnv3aHfBBcJVVbTdZM
xtKcenJrQjPLggmXM8tPI9Iqg9mPrY5v8S6Gm6AnSNB17IiYtMqRVv0bnHlDKANP
hJWq5KjgQ1L2l8Vh0kywqVY4J8yiZmBa83FAafxzI/qPkaKs2UCZSV5mU+GgDwqO
Pl1APa6lYqU=
=LmFC
-----END PGP SIGNATURE-----