Date: Sun, 10 Sep 2000 15:22:42 +0200
From: Wichert Akkerman wichert@cistron.nl
Reply-To: security@debian.org
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] New version of xpdf released
Resent-Date: Sun, 10 Sep 2000 13:27:12 GMT
Resent-From: debian-security-announce@lists.debian.org
------------------------------------------------------------------------
Debian Security Advisory security@debian.org
http://www.debian.org/security/ Wichert Akkerman
September 10, 2000
------------------------------------------------------------------------
Package : xpdf
Problem type : local exploit
Debian-specific: no
xpdf as distributed in Debian GNU/Linux 2.2 suffered from two problems:
1. creation of temporary files was not done safely which made xpdf
vulnerable to a symlink attack.
2. when handling URLs in documents no checking was done for shell
metacharacters before starting the browser. This makes it possible
to construct a document which cause xpdf to run arbitrary commands
when the user views an URL.
Both problems have been fixed in version 0.90-7, and we recommend you
upgrade your xpdf package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
architectures. At this moment no fixed package is available for arm
machines.
Source archives:
http://security.debian.org/dists/stable/updates/main/source/xpdf_0.90-7.diff.gz
MD5 checksum: e9b2584ea9dda178ed1a63771aa7019f
http://security.debian.org/dists/stable/updates/main/source/xpdf_0.90-7.dsc
MD5 checksum: 332ca1d9970dda5808538793bd3e346d
http://security.debian.org/dists/stable/updates/main/source/xpdf_0.90.orig.tar.gz
MD5 checksum: a7678b64713a466279b61c28ba01134b
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/xpdf_0.90-7_alpha.deb
MD5 checksum: cb4cf0761c5b5ae53c5fdbc84ef2b76d
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/xpdf_0.90-7_i386.deb
MD5 checksum: 9c8379176a3af032d1e6ec96e084c0d4
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/xpdf_0.90-7_m68k.deb
MD5 checksum: 9a1d4b46ef498bee595a028d96ff6ba4
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpdf_0.90-7_powerpc.deb
MD5 checksum: 489a06b7961873c2482e28108133d065
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/xpdf_0.90-7_sparc.deb
MD5 checksum: 46d1781a7d21f8ffb02137ebf22f20de
These files will be moved into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org
----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts