---

Ubuntu Advisories: xpdf, groff


Ubuntu Security Notice 14-1 November 1, 2004
xpdf vulnerabilities
CAN-2004-0888, CAN-2004-0889


A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

xpdf-reader
xpdf-utils
cupsys
tetex-bin

The problem can be corrected by upgrading the affected
package(s) to version 1.1.20final+cvs20040330-4ubuntu16.2 (cupsys),
version 3.00-8ubuntu1.2 (xpdf-reader, xpdf-utils), or version
2.0.2-21ubuntu0.2 (tetex-bin). In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

Markus Meissner discovered even more integer overflow
vulnerabilities in xpdf, a viewer for PDF files. These integer
overflows can eventually lead to buffer overflows.

The Common UNIX Printing System (CUPS) uses the same code to
print PDF files; tetex-bin uses the code to generate PDF output and
process included PDF files. In any case, these vulnerabilities
could be exploited by an attacker providing a specially crafted PDF
file which, when processed by CUPS, xpdf, or pdflatex, could result
in abnormal program termination or the execution of program code
supplied by the attacker.

In the case of CUPS, this bug could be exploited to gain the
privileges of the CUPS print server (by default, user cupsys).

In the cases of xpdf and pdflatex, this bug could be exploited
to gain the privileges of the user invoking the program.

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2.diff.gz

Size/MD5: 1349183 2a9af09fb2281cc7d8b33a7cbe787c1e

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2.dsc

Size/MD5: 867 0b814f95ca945f00b994b85b21529ed0

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz

Size/MD5: 5645146 5eb5983a71b26e4af841c26703fc2f79

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2.diff.gz

Size/MD5: 110942 d3656e1ce48c5b76d2c4a2e419e46af2

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2.dsc

Size/MD5: 1062 cf4f5d0938cfe9067c9659ff81446798

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz

Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.2.diff.gz

Size/MD5: 47228 aecaab970f7a93ff0aa6eabeab2d8c84

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.2.dsc

Size/MD5: 788 79e1a5984f2603684ab96e56d2bfb87d

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz

Size/MD5: 534697 95294cef3031dd68e65f331e8750b2c2

Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.2_all.deb

Size/MD5: 56176 01178c68df7b149fce48a4c402b5f96d

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.2_all.deb

Size/MD5: 1272 8c7d1abd4f790ed93d5f58e3052de6b0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb

Size/MD5: 58096 ac0101e69dd47329ea063a5b4537402a

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb

Size/MD5: 105948 88defb355b823d487cd7a03dc428d3e3

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb

Size/MD5: 3613942 c0b7985c971ba193b8124bf5c69c13f2

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb

Size/MD5: 61724 ddc259225e40fc2e2fa963df3bd55582

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb

Size/MD5: 52388 e826f2b159ea716f594bcf8c5cad9a2d

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb

Size/MD5: 100826 29525bf26d559b76d5dfe16662353308

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.2_amd64.deb

Size/MD5: 73910 1ea1c865abf1a9973620d66858306652

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.2_amd64.deb

Size/MD5: 72744 135f2379dd167e61de064be723dba23c

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.2_amd64.deb

Size/MD5: 59926 39b8460a7d86e1ad28cfd6b5bbfb27d4

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2_amd64.deb

Size/MD5: 4327706 f94e137f5fa9aa0cc5b2f60a559af861

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.2_amd64.deb

Size/MD5: 666694 4f1aa4a202484f10305d3469db754a3f

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.2_amd64.deb

Size/MD5: 1270778 4722054b11da6c2bebfb61287423f32b

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb

Size/MD5: 57442 2781ff2d7c97b109de7cbc9d88a62cd7

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb

Size/MD5: 103832 f5d421595e723e49dff5bce567057ced

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb

Size/MD5: 3602424 d5b8b43a814af86a83aa5e91c6308dcc

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb

Size/MD5: 61292 3dfd72714a5afb053de5a2ce0b28d266

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb

Size/MD5: 51960 688bfed1ff18c11c34bdac8f7c68846a

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb

Size/MD5: 97530 61356952dd9267eedbc9ee6c27147003

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.2_i386.deb

Size/MD5: 71172 613ab789243b600cc4b5442f30c106fa

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.2_i386.deb

Size/MD5: 64830 61293e557d6f0fad07244412917f1053

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.2_i386.deb

Size/MD5: 56326 743b2cae54cfbfb38cfbbdb3b4037c53

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2_i386.deb

Size/MD5: 3812462 196509178e258629483368f89b3a380f

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.2_i386.deb

Size/MD5: 631510 22bdbe4b6e1669e632f3ff7a4462d80d

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.2_i386.deb

Size/MD5: 1192886 1bf8406a9a11e1cde44101edecf07446

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb

Size/MD5: 62050 0d94667a4a5ec4b07d4b3af1cad43a1a

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb

Size/MD5: 113636 3dfdef5696f579e9f5faf8589c607b78

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb

Size/MD5: 3632952 7ab065c5ec821c39fc10ea10e3983d27

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb

Size/MD5: 60918 8bc8293f67f4e1a94772dbb29a919634

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb

Size/MD5: 54614 4cafe7af9dcedb199b23e50e059b130f

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb

Size/MD5: 100214 48a662bb07c036cacc50a3e462382cfc

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.2_powerpc.deb

Size/MD5: 74016 83a562bfb37100d1b6f2e107dd7ea09b

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-21ubuntu0.2_powerpc.deb

Size/MD5: 74898 b3da7cccc2b9158cf9e76d656ebfc140

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-21ubuntu0.2_powerpc.deb

Size/MD5: 61268 8021461b6861cfabc6fdeebc094e7241

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-21ubuntu0.2_powerpc.deb

Size/MD5: 4350430 04d2aeb65e2ce086f31f71a8ba37a5f0

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.2_powerpc.deb

Size/MD5: 692700 ea37a0a274161869ede9f9787f35c726

http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.2_powerpc.deb

Size/MD5: 1310526 9d50c892a6c0452e166e93a825920738


Ubuntu Security Notice USN-13-1 November 1, 2004
groff utility vulnerability
CAN-2004-0969


A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

groff

The problem can be corrected by upgrading the affected package
to version 1.18.1.1-1ubuntu0.1. In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered a vulnerability in the
groff package. The utility “groffer” created a temporary directory
in an insecure way, which allowed exploitation of a race condition
to create or overwrite files with the privileges of the user
invoking the program.

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1.diff.gz

Size/MD5: 122858 a92b7aa4bc54084f4b23b5b9e5ac3c93

http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1.dsc

Size/MD5: 715 43ca684c0d8f9043bbe1379b8f974775

http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1.orig.tar.gz

Size/MD5: 2260623 511dbd64b67548c99805f1521f82cc5e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff-base_1.18.1.1-1ubuntu0.1_amd64.deb

Size/MD5: 856182 2cd0d31b4bff4b82cffb7a908b505e9b

http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1_amd64.deb

Size/MD5: 1889974 32f2d724e153d7fcf0674dadf5a7ed09

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff-base_1.18.1.1-1ubuntu0.1_i386.deb

Size/MD5: 807494 58587e715f46456b8835e1a2e79e99a6

http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1_i386.deb

Size/MD5: 1843024 5361659b8437d45e3d1d64be03269c8d

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff-base_1.18.1.1-1ubuntu0.1_powerpc.deb

Size/MD5: 860482 068d0a03621f0194cc518b6c0bc8d7b4

http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1_powerpc.deb

Size/MD5: 1885040 ab4b353bac496dc2ef4d2873bbbc67a2