Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories, January 10, 2006

Jan 11, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 929-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
Jan 9, 2006 http://www.debian.org/security/faq


Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2005-3540

Steve Kemp from the Debian Security Audit project discovered a buffer overflow in petris, a clone of the Tetris game, which may be exploited to execute arbitary code with group games privileges.

The old stable distribution (woody) does not contain the petris package.

For the stable distribution (sarge) this problem has been fixed in version 1.0.1-4sarge0.

For the unstable distribution the package will be updated shortly.

We recommend that you upgrade your petris package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    petris_1.0.1-4sarge0.diff.gz
      Size/MD5 checksum: 4255 f043952580a76a670090f5e10456cac0
    petris_1.0.1-4sarge0.dsc
      Size/MD5 checksum: 597 a8f7e7dc2da54370faf95307432ea057
    petris_1.0.1.orig.tar.gz
      Size/MD5 checksum: 11400 36ce4098c5305606ebbb66641eb9cea3

Alpha architecture:

    petris_1.0.1-4sarge0_alpha.deb
      Size/MD5 checksum: 17164 14925ee0cd40732d78d4d3267e304a6d

AMD64 architecture:

    petris_1.0.1-4sarge0_amd64.deb
      Size/MD5 checksum: 16118 ae80ded8db7237ac7ffbd235e94583bc

ARM architecture:

    petris_1.0.1-4sarge0_arm.deb
      Size/MD5 checksum: 14808 710db3e851a54a5c385a691de161ec35

HP Precision architecture:

    petris_1.0.1-4sarge0_hppa.deb
      Size/MD5 checksum: 16402 a7f392bda8179958a5cd95299865c1a5

Intel IA-32 architecture:

    petris_1.0.1-4sarge0_i386.deb
      Size/MD5 checksum: 15040 2efc32faf40e7402e818a088ab2ba6e2

Intel IA-64 architecture:

    petris_1.0.1-4sarge0_ia64.deb
      Size/MD5 checksum: 19610 bea0e1a48f9159ea1ef1c291af8f7974

Motorola 680x0 architecture:

    petris_1.0.1-4sarge0_m68k.deb
      Size/MD5 checksum: 14342 84fd7e89e8034c491df081bf562047f5

Big endian MIPS architecture:

    petris_1.0.1-4sarge0_mips.deb
      Size/MD5 checksum: 16488 4828a8700d380fe7fee578c4982cadc1

Little endian MIPS architecture:

    petris_1.0.1-4sarge0_mipsel.deb
      Size/MD5 checksum: 16434 3da9a116a510b2d095076015494fc72c

PowerPC architecture:

    petris_1.0.1-4sarge0_powerpc.deb
      Size/MD5 checksum: 17154 246d78ced212deb20bafdffc25b34503

IBM S/390 architecture:

    petris_1.0.1-4sarge0_s390.deb
      Size/MD5 checksum: 15928 bafe7066921152a84e610268031b1c3b

Sun Sparc architecture:

    petris_1.0.1-4sarge0_sparc.deb
      Size/MD5 checksum: 14866 e7a0d84f92bbf1e57d4aef61e257fc48

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 930-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
Jan 9, 2006 http://www.debian.org/security/faq


Vulnerability : format string attack
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-0083

Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitary code with root privileges.

The old stable distribution (woody) does not contain smstools package.

For the stable distribution (sarge) this problem has been fixed in version 1.14.8-1sarge0.

For the unstable distribution the package will be updated shortly.

We recommend that you upgrade your smstools package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    smstools_1.14.8-1sarge0.diff.gz
      Size/MD5 checksum: 5106 ef55852ce6da003ef5f45df6eed1a8c5
    smstools_1.14.8-1sarge0.dsc
      Size/MD5 checksum: 624 1e69b0c4a20ce7f08bce8a8b51b8504d
    smstools_1.14.8.orig.tar.gz
      Size/MD5 checksum: 158423 85b342e53d7fdde89ef25ad21e1c5fe0

Alpha architecture:

    smstools_1.14.8-1sarge0_alpha.deb
      Size/MD5 checksum: 184268 59ca41ecd61cc94de2b63c8698464732

AMD64 architecture:

    smstools_1.14.8-1sarge0_amd64.deb
      Size/MD5 checksum: 178130 f957b798e9de3075e013521bbf6241d6

ARM architecture:

    smstools_1.14.8-1sarge0_arm.deb
      Size/MD5 checksum: 173506 aa2b0df1d47ad50070aebacc266f729d

HP Precision architecture:

    smstools_1.14.8-1sarge0_hppa.deb
      Size/MD5 checksum: 180032 168dba93586bc10214fbb6a5914f962e

Intel IA-32 architecture:

    smstools_1.14.8-1sarge0_i386.deb
      Size/MD5 checksum: 166816 aee3afc84707f7190c255ed3739c2958

Intel IA-64 architecture:

    smstools_1.14.8-1sarge0_ia64.deb
      Size/MD5 checksum: 201440 9868ead0f8885bc3851137b23d76877d

Motorola 680x0 architecture:

    smstools_1.14.8-1sarge0_m68k.deb
      Size/MD5 checksum: 166452 d713ee667bee3c3186ba477f9d0f91a8

Big endian MIPS architecture:

    smstools_1.14.8-1sarge0_mips.deb
      Size/MD5 checksum: 182332 846d0a829680db2b3662982c9fe49d4f

Little endian MIPS architecture:

    smstools_1.14.8-1sarge0_mipsel.deb
      Size/MD5 checksum: 182004 db7200f1504ea22681e23e749435c22a

PowerPC architecture:

    smstools_1.14.8-1sarge0_powerpc.deb/ Size/MD5 checksum: 172100 183e00f44548fce56df228441593bb90

IBM S/390 architecture:

    smstools_1.14.8-1sarge0_s390.deb
      Size/MD5 checksum: 179978 ab77f608c71a908bc51e7781b51c416d

Sun Sparc architecture:

    smstools_1.14.8-1sarge0_sparc.deb
      Size/MD5 checksum: 175994 a03ff752a8910e397e73f53649c5a931

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 930-2 security@debian.org
http://www.debian.org/security/ Steve Kemp

January 10, 2006 http://www.debian.org/security/faq


Package : smstools
Vulnerability : format string attack
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-0083

Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitary code with root privileges.

The original advisory for this issue said that the old stable distribution (woody) was not affected because it did not contain smstools. This was incorrect, and the only change in this updated advisory is the inclusion of corrected packages for woody.

For the old stable distribution (woody) this problem has been fixed in version 1.5.0-2woody0.

For the stable distribution (sarge) this problem has been fixed in version 1.14.8-1sarge0.

For the unstable distribution the package will be updated shortly.

We recommend that you upgrade your smstools package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0.dsc
      Size/MD5 checksum: 595 3b125f8d494769561c579a2afb8eedf3
    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0.diff.gz
      Size/MD5 checksum: 7441 8fd87155404a99eb88ff06e5e7bccd4b
    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0.orig.tar.gz
      Size/MD5 checksum: 42987 0286109d2011a5b8ab2fbd2cda6085be

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_alpha.deb
      Size/MD5 checksum: 56840 8d84dd61b7002fbb5f5ff1411345cdf6

ARM architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_arm.deb
      Size/MD5 checksum: 44604 af22b10857060a0fe0f1db651ea54689

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_i386.deb
      Size/MD5 checksum: 43106 af2b3c3a8a18d71481fbadeef60846f8

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_ia64.deb
      Size/MD5 checksum: 74424 96904451a1a06e22d4fcee797dc68450

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_hppa.deb
      Size/MD5 checksum: 44432 70d55071bbdf08f2d3265da85cb43458

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_m68k.deb
      Size/MD5 checksum: 41598 d25cce8dcfed54f7f9b62e7764775907

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_mips.deb
      Size/MD5 checksum: 52646 2edd9efcca5f608c09d6903335d7dc14

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_mipsel.deb
      Size/MD5 checksum: 52290 5f019a902c94b8d4c0a6b9781afa2664

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_powerpc.deb
      Size/MD5 checksum: 43316 df4f00d5ccc813274a3936455ff39b70

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_s390.deb
      Size/MD5 checksum: 43812 9e6f27fb09a8e1152db4238eb851b659

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_sparc.deb
      Size/MD5 checksum: 51388 d98ca0bc6bbeecb8d19e630528c6fd9f



Debian Security Advisory DSA 931-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 9th, 2006 http://www.debian.org/security/faq


Package : xpdf
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2005-3191 CAN-2005-3192 CAN-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 Debian Bug : 342281

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in version 1.00-3.8.

For the stable distribution (sarge) these problems have been fixed in version 3.00-13.4.

For the unstable distribution (sid) these problems have been fixed in version 3.01-4.

We recommend that you upgrade your xpdf package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.dsc
      Size/MD5 checksum: 706 f8091cb4e0b0c7baa8ccc4ee75a50699
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.diff.gz
      Size/MD5 checksum: 11832 ab0665a0fa767785037ceff313cbc1b3
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
      Size/MD5 checksum: 397750 81f3c381cef729e4b6f4ce21cf5bbf3c

Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.8_all.deb
      Size/MD5 checksum: 38826 43072ed4680dab2c7d68eec7b3f7c45a
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8_all.deb
      Size/MD5 checksum: 1286 7bd55048fc7aab6c9c35f65d472932da

Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_alpha.deb
      Size/MD5 checksum: 571434 7be66f32548c87a66c2353d976a99c36
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_alpha.deb
      Size/MD5 checksum: 1046964 c83387b2ce2c92faa2cbbc86f2d9a9a8

ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_arm.deb
      Size/MD5 checksum: 487502 655007df84b968ec59de01638b77f0b8
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_arm.deb
      Size/MD5 checksum: 887368 a2d7e4052bf2a5c4a495c4e45dedf89b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_i386.deb
      Size/MD5 checksum: 449748 0ae0c17cc4624b254b2aeac09c995d6f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_i386.deb
      Size/MD5 checksum: 828498 530637087a864c6def87e31283bdeceb

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_ia64.deb
      Size/MD5 checksum: 683068 19ecb0905f8636e67bf7238c10f59ad5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_ia64.deb
      Size/MD5 checksum: 1230046 ed52eb1ba803c65bed5b9b82ec551eef

HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_hppa.deb
      Size/MD5 checksum: 564570 e375463f1a090ee04616a2a28d074792
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_hppa.deb
      Size/MD5 checksum: 1034076 c7baa8decb624ae001b8325c426c3e83

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_m68k.deb
      Size/MD5 checksum: 427756 e516e992cf634de082e9261fec596417
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_m68k.deb
      Size/MD5 checksum: 795168 5315ec1734af63b31df537992fd575d7

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mips.deb
      Size/MD5 checksum: 555626 38b3797dc8685b374bfa4d5b8310e002
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mips.deb
      Size/MD5 checksum: 1017302 f1420c53961b3574c404e3dcee80e633

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mipsel.deb
      Size/MD5 checksum: 546712 be27f108ed722e04bee9473fb463a749
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mipsel.deb
      Size/MD5 checksum: 999554 d8983b16cb67d5b5da734e8a166079b1

PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_powerpc.deb
      Size/MD5 checksum: 470466 c90999ac3ffef0f1ca9907ec0c52e8ca
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_powerpc.deb
      Size/MD5 checksum: 860678 1b79e9b04f6b86cee3365c27c99b8c8a

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_s390.deb
      Size/MD5 checksum: 430408 09493b1bae3177137a922adbaee7af25
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_s390.deb
      Size/MD5 checksum: 786644 98062cef2cfd5f78eba94f92f7ffc7ec

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_sparc.deb
      Size/MD5 checksum: 444146 9bb3e73108672a45c87eb172b30b645e
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_sparc.deb
      Size/MD5 checksum: 810204 53735cf450d1ff09449dd4e744e31f4a

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.dsc
      Size/MD5 checksum: 781 df2be00a261c47ed25cbf00bdcefcc32
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.diff.gz
      Size/MD5 checksum: 50734 3018a9155bbcf704f47132bbefddd5b5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5 checksum: 534697 95294cef3031dd68e65f331e8750b2c2

Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.4_all.deb
      Size/MD5 checksum: 56504 333976022e4bd6b1a241844231f2db30
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4_all.deb
      Size/MD5 checksum: 1284 1b077a992654b8df5727d844deb84e0c

Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_alpha.deb
      Size/MD5 checksum: 802112 93e96a4213f4966d8c0bb2c1e34b572d
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_alpha.deb
      Size/MD5 checksum: 1528190 5db2e3cd7ab5f2865d5303163c3d08a7

AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_amd64.deb
      Size/MD5 checksum: 667754 df5e85b58bcb2f7b86837e7a79b745f9
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_amd64.deb
      Size/MD5 checksum: 1273734 5554c8f473a892cc8478f50bc1dd96dd

ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_arm.deb
      Size/MD5 checksum: 674458 b419a39cb5b1bbaefe52c51f163913d5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_arm.deb
      Size/MD5 checksum: 1279040 fe5af7d7209bb14e865404ea695a6df3

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_i386.deb
      Size/MD5 checksum: 656804 e319b835c10f76ad7946b74da24ba1bf
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_i386.deb
      Size/MD5 checksum: 1242164 731e556748f3f84465bd6537462fde03

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_ia64.deb
      Size/MD5 checksum: 950974 fe4f3be5aa05772806309faaa3847db3
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_ia64.deb
      Size/MD5 checksum: 1801950 27c19b5813e7d2aa34aca9847c277b40

HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_hppa.deb
      Size/MD5 checksum: 832646 a2504b353573d384d443e923782775f1
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_hppa.deb
      Size/MD5 checksum: 1580478 72266677b36f9ec9ab2c2bcac1dfe7ac

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_m68k.deb
      Size/MD5 checksum: 585736 e1331547251b0d5eba96c68e6665abf2
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_m68k.deb
      Size/MD5 checksum: 1116746 46d969a98302c1b49b5e9a355047adfc

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mips.deb
      Size/MD5 checksum: 807800 d1acd349bc0a932ea3467db9796919f5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mips.deb
      Size/MD5 checksum: 1524848 685d65d2a07676b55fa3abd8505018a9

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mipsel.deb
      Size/MD5 checksum: 798090 18503fbab79be783005bed35d4cdb02d
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mipsel.deb
      Size/MD5 checksum: 1503796 aaa4b1de4370d52cc2b3e595542f82c3

PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_powerpc.deb
      Size/MD5 checksum: 694126 08e64354f30b1bd573092925b894c77f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_powerpc.deb
      Size/MD5 checksum: 1313048 5f39d0ffe44186db884a7c1115704666

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_s390.deb
      Size/MD5 checksum: 630774 8b48412164ae96066c61399a5c7b3cd7
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_s390.deb
      Size/MD5 checksum: 1198670 6b837427a05f0b19630197183c9c50f1

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_sparc.deb
      Size/MD5 checksum: 626394 0bbb59b11b9d11f9129fbd475e3ab186
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_sparc.deb
      Size/MD5 checksum: 1181726 a523c04a7ae1c3b8fc24c29f46d3c589

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 932-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 9th, 2006 http://www.debian.org/security/faq


Package : xpdf
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no

CVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 Debian Bug : 342281

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. The same code is present in kpdf which is part of the kdegraphics package.

The old stable distribution (woody) does not contain kpdf packages.

For the stable distribution (sarge) these problems have been fixed in version 3.3.2-2sarge3.

For the unstable distribution (sid) these problems have been fixed in version 3.5.0-3.

We recommend that you upgrade your kpdf package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge3.dsc
      Size/MD5 checksum: 1317 883261a391a85afb038bb7ea2150ecd7
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge3.diff.gz
      Size/MD5 checksum: 159106 1169ddf001b77319f2859c87ce482bc4
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2.orig.tar.gz
      Size/MD5 checksum: 7661488 6d0bb2c6e2e2f666d123778fbc520317

Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge3_all.deb
      Size/MD5 checksum: 17620 9c3f491df5dcb49a81b26062df50ea98

Alpha architecture:

    http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 92500 5a48e6e37e72346756b6153dea64cb03
    http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 109094 2c0eef65ec4eeb3ed658efdbfb8783e8
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 64974 7eb446cb432616cc6caa48b3eef3e6b1
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 276194 7f1b3ceabb2e6bfbd3bf6286833e69a8
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 497566 9a2bb4bb6e4bc14a4e37d38791d7eb21
    http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 149330 5ee25f6cbc684023ed30bf965d86ada8
    http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 92958 4170a1ba0e59a2af45780bb4f45b5763
    http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 245964 8377a72e9f7739c74cdcb22326d48e0f
    http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 159532 0edc3bcc04d6f54be88002bbb713931a
    http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 244546 c2095b637627385e2630892c60b0fbb9
    http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 831188 c9c211bd627e7466a9ac9601b3adbfa6
    http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 774074 77de1419dadbe632654580ba685bf0f8
    http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 534432 f5986e5949252346fcc57e5f0732b3c5
    http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 2317542 fb2095e8e363d4d79953a899fafa6296
    http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 63414 0a3e195e572178fc40f0d1fd0e54077d
    http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 103090 acfc3b3d030f748a5b7e1e8247d90938
    http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 1357640 bba569d594464e09d8389f53580a562c
    http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 483788 bf0e57bf80bafa78ece4734d16e5c720
    http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 695424 47141779a11b3ed4d52373d21f3d0199
    http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 183880 85eaebeedbb011b5ba8d237c9a773363
    http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 33092 294ab0b1581c856d3a05dfb4d771772d
    http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_alpha.deb
      Size/MD5 checksum: 148226 51ca1b3297696bbe103b34c1e692f10e

AMD64 architecture:

    http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 87972 60ca2731887c79514aad0535af7ce5a6
    http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 100302 afa754568e0f5e3b1b08208c070ea80b
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 64970 13ead70c497d1abe4d8e0b64054673e0
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 252140 4d3a0b70d7a21e29b598a8fdfa078e1f
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 485710 ec9300643ce00f9c6194f35d5935b7d0
    http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 144900 a98182043ec1e0ddf008a94f8e9f6b39
    http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 87874 459b38e1e638dcd1a402f677b0d72ddb
    http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 234010 d591becbe09936e1d6ca04c2afc91fce
    http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 143496 ffd0abcf446a1a5df52ff1d3034525a0
    http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 233908 374d3456398f6c282c2e1f038d180872
    http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 767986 448ef8aa521118792792f0f7c9743497
    http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 759638 ba8104609502f55782e5b1e88a177c93
    http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 485858 7cebf4d6a0c863aee628c0a13ca57435
    http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 2233414 a4d0efeb95af95c396eecf9d34645c42
    http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 63094 c14bc4abc51418dd6a43c4925b7ab8ff
    http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 99826 e6b6c796dc699297438449788f1385bd
    http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 1223444 7b995aadba63947f3c16c26d60af7c04
    http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 477640 99e831229b3434c714bfbfe3b06d67c6
    http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 678640 ed56083f0c5d480e6b030bbe46cf39c5
    http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 173234 ea854daab244c805f22fab1ef00c4501
    http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 33092 8a0f5e5ccdec0da1715a228d6e918be7
    http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_amd64.deb
      Size/MD5 checksum: 140160 943f60daa34a3022cdf1e61a74be6727

ARM architecture:

    http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 82404 7cde7db938cb953a501d3042a1533859
    http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 88398 02d60aceb08f53faf77f10ae59aa170f
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 64994 8039a436f88742aaef37358b86a2522b
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 222994 b8e5d381f364876dd65d7f90eeb432f6
    http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 471280 676d721e8731aa075dcb33411fe39e15
    http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 137266 c27349004cbc42a68a0e62f622ee6f75
    http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 84972 260016c06dde14b7e4e6c4dc9da6b1c7
    http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 217514 91a5acde5bb21adc9e197f78f30c1bbd
    http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 127548 ee8f84522aa0ea8fe92653901d40f3ab
    http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 210264 4f63ea87da3f3a63d6fed1935593348f
    http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 712230 d58a0fcd3ea98346d14bc9845f3ad9bd
    http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 739682 97d75f7b75ff91a8332d59045de83dc1
    http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 424114 1152a75238667a9593905bbd40038be1
    http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 2095184 7ac33f99bea7667b03ab3c1c86870c67
    http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 59256 deed7c4085f53831f63191526d5390e6
    http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 93348 40f906de514a2593d7dad7ba7f13210a
    http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 1310486 d97b0bb5e736350a506f0a64dd57e75d
    http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_arm.deb
      Size/MD5 checksum: 465466 3f9d7de13c7aeeb827aef0c7bfb994cc