|
 |
Debian GNU/Linux
Debian Security Advisory DSA 916-1 security@debian.org
Package : inkscape Several vulnerabilities have been discovered in Inkscape, a vector-based drawing program. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3737 Joxean Koret discovered a buffer overflow in the SVG parsing routines that can lead to the execution of arbitrary code. CVE-2005-3885 Javier Fernández-Sanguino Peña noticed that the ps2epsi extension shell script uses a hardcoded temporary file making it vulnerable to symlink attacks. The old stable distribution (woody) does not contain inkscape packages. For the stable distribution (sarge) this problem has been fixed in version 0.41-4.99.sarge2. For the unstable distribution (sid) this problem has been fixed in version 0.42.2+0.43pre1-1. We recommend that you upgrade your inkscape package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge Source archives:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2.dsc Alpha architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_alpha.deb AMD64 architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_amd64.deb ARM architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_sparc.deb These files will probably be moved into the stable distribution on its next update. For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> Fedora CoreFedora Update Notification FEDORA-2005-1125 2005-12-07
Product : Fedora Core 3
Description : GPdf includes the gpdf application, a Bonobo control for PDF display which can be embedded in Nautilus, and a Nautilus property page for PDF files. Update Information:
Several flaws were discovered in Xpdf, which is used
internally by gpdf. An attacker could Users of gpdf should upgrade to this updated package, which contains a patch to resolve these issues.
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
b9cd74d341bfd9a9c257407c81f9a4c3 SRPMS/gpdf-2.8.2-5.2.src.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. Fedora Update Notification FEDORA-2005-1126 2005-12-07
Product : Fedora Core 4
Description : Install tetex if you want to use the TeX text formatting system. If you are installing tetex, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX), and tetex-xdvi (for previewing .dvi files in X). Unless you are an expert at using TeX, you should also install the tetex-doc package, which includes the documentation for TeX. The Red Hat tetex package also contains software related to Japanese support for teTeX such as ptex, what is not a part of teTeX project. Update Information: Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by this bug.The Common Vulnerabilities and Exposures project assigned the name CAN-2005-3193 to these issues. Users of teTeX should upgrade to this updated package, which contains a patch to resolve these issues.
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
c9c2edbfb432eab99adeb8d12eb0e428 SRPMS/tetex-3.0-7.FC4.src.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. Fedora Update Notification FEDORA-2005-1127 2005-12-07
Product : Fedora Core 3
Description : Install tetex if you want to use the TeX text formatting system. If you are installing tetex, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX), and tetex-xdvi (for previewing .dvi files in X). Unless you are an expert at using TeX, you should also install the tetex-doc package, which includes the documentation for TeX. Update Information: Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by this bug.The Common Vulnerabilities and Exposures project assigned the name CAN-2005-3193 to these issues. Users of teTeX should upgrade to this updated package, which contains a patch to resolve these issues.
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
802aff298f6378498cdeb9c066907f58 SRPMS/tetex-2.0.2-21.5.src.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.  
|
 |
|
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP |
