exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-101

Mandriva Linux Security Advisory 2009-101
Posted Apr 29, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-101 - Multiple buffer overflows, integer overflows, NULL pointer dereference and various other vulnerabilities affect the JBIG2 decoder.

tags | advisory, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183
SHA-256 | 1f6303a55e2ad8d1888c82a4caa6883c76f13e3d36bdb15b5f1e3cc6bbaa4a0b

Mandriva Linux Security Advisory 2009-101

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:101
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xpdf
Date : April 28, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple buffer overflows in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0146).

Multiple integer overflows in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0147).

An integer overflow in the JBIG2 decoder has unspecified
impact. (CVE-2009-0165).

A free of uninitialized memory flaw in the the JBIG2 decoder allows
remote to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0166).

Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).

An out-of-bounds read flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).

An integer overflow in the JBIG2 decoder allows remote attackers to
execute arbitrary code via a crafted PDF file (CVE-2009-1179).

A free of invalid data flaw in the JBIG2 decoder allows remote
attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).

A NULL pointer dereference flaw in the JBIG2 decoder allows remote
attackers to cause denial of service (crash) via a crafted PDF file
(CVE-2009-1181).

Multiple buffer overflows in the JBIG2 MMR decoder allows remote
attackers to cause denial of service or to execute arbitrary code
via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).

This update provides fixes for that vulnerabilities.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
ca5d4aa0fd4d773a0c07152230125a17 2008.0/i586/xpdf-3.02-8.2mdv2008.0.i586.rpm
c559996e39714143bf05932da647f366 2008.0/i586/xpdf-common-3.02-8.2mdv2008.0.i586.rpm
faf1b71ba57c4dc04e13967efe905022 2008.0/i586/xpdf-tools-3.02-8.2mdv2008.0.i586.rpm
e7a41f655996dc3fe042792834c98f53 2008.0/SRPMS/xpdf-3.02-8.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
c5679f6c06322aa5771721eff8b04f52 2008.0/x86_64/xpdf-3.02-8.2mdv2008.0.x86_64.rpm
268fe7bc2cab7dc799958b8cbb1d0cf1 2008.0/x86_64/xpdf-common-3.02-8.2mdv2008.0.x86_64.rpm
4fc6ea9b648664b86034e7a705a5d4ad 2008.0/x86_64/xpdf-tools-3.02-8.2mdv2008.0.x86_64.rpm
e7a41f655996dc3fe042792834c98f53 2008.0/SRPMS/xpdf-3.02-8.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
44669f3080692ccd8a36f2c6ceccef94 2008.1/i586/xpdf-3.02-10.1mdv2008.1.i586.rpm
3df82267b407e35f8cce33902fd25282 2008.1/i586/xpdf-common-3.02-10.1mdv2008.1.i586.rpm
3ef4252f9c88a7ec76b5d2289cd47586 2008.1/SRPMS/xpdf-3.02-10.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
513359e39e158cb9a0897dfdc636d7ff 2008.1/x86_64/xpdf-3.02-10.1mdv2008.1.x86_64.rpm
07116c6ca3f91cff7db289a3b2454b53 2008.1/x86_64/xpdf-common-3.02-10.1mdv2008.1.x86_64.rpm
3ef4252f9c88a7ec76b5d2289cd47586 2008.1/SRPMS/xpdf-3.02-10.1mdv2008.1.src.rpm

Mandriva Linux 2009.0:
b4f7a0c5a77a5e4c976d3c5d4962260d 2009.0/i586/xpdf-3.02-12.1mdv2009.0.i586.rpm
c2539bdb62cfd965b4833498c01e1476 2009.0/i586/xpdf-common-3.02-12.1mdv2009.0.i586.rpm
e98cd0e2ddaf8e38545517ca3c5a52c9 2009.0/SRPMS/xpdf-3.02-12.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
a8f3f47b0f7abab2e14278ef3a9ab949 2009.0/x86_64/xpdf-3.02-12.1mdv2009.0.x86_64.rpm
e8149bd894a353b26a6d649a1b2c4f80 2009.0/x86_64/xpdf-common-3.02-12.1mdv2009.0.x86_64.rpm
e98cd0e2ddaf8e38545517ca3c5a52c9 2009.0/SRPMS/xpdf-3.02-12.1mdv2009.0.src.rpm

Corporate 3.0:
e5c3d7b817a68494e9196f03912c1cbf corporate/3.0/i586/xpdf-3.02-0.2.C30mdk.i586.rpm
3b59d02393cdf7faf7ad6defa6fd1c1d corporate/3.0/i586/xpdf-tools-3.02-0.2.C30mdk.i586.rpm
cee0a0b2af176cb5d57118f24ff709ef corporate/3.0/SRPMS/xpdf-3.02-0.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
16d8f445db66382e04f9069f0d1ea0b7 corporate/3.0/x86_64/xpdf-3.02-0.2.C30mdk.x86_64.rpm
e1b540672b1294126341ea59d4a7cc61 corporate/3.0/x86_64/xpdf-tools-3.02-0.2.C30mdk.x86_64.rpm
cee0a0b2af176cb5d57118f24ff709ef corporate/3.0/SRPMS/xpdf-3.02-0.2.C30mdk.src.rpm

Corporate 4.0:
6427d710feee38e81cfc6f8ea83d33f4 corporate/4.0/i586/xpdf-3.02-0.2.20060mlcs4.i586.rpm
b72effda26fc1ce0efc67a89bdec2b8d corporate/4.0/i586/xpdf-tools-3.02-0.2.20060mlcs4.i586.rpm
0dc34a5646041ead38fa548b6d077e30 corporate/4.0/SRPMS/xpdf-3.02-0.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
15790cc89933284c5bf608073b30e9c0 corporate/4.0/x86_64/xpdf-3.02-0.2.20060mlcs4.x86_64.rpm
e80e0468222a1d7c9514ffa17e827f7f corporate/4.0/x86_64/xpdf-tools-3.02-0.2.20060mlcs4.x86_64.rpm
0dc34a5646041ead38fa548b6d077e30 corporate/4.0/SRPMS/xpdf-3.02-0.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ9121mqjQ0CJFipgRAqovAKCMSsii64fdThApUudcr4IbnxnGJACgt9Vh
qgdM9ItadgxrhLua6l9zDP4=
=HcEM
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close