-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1350-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 6th, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : tetex-bin Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2007-3387 It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. tetex-bin includes a copy of the xpdf code and required an update as well. For the oldstable distribution (sarge) this problem has been fixed in version 2.0.2-30sarge5. The package from the stable distribution (etch) links dynamically against libpoppler and doesn't require a separate update. The package from the unstable distribution (sid) links dynamically against libpoppler and doesn't require a separate update. We recommend that you upgrade your tetex-bin packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5.dsc Size/MD5 checksum: 1004 408dc2085cdba46890456dd0994466ed http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5.diff.gz Size/MD5 checksum: 162289 af8ba42d1ba901a866f8a9a3be169a8d http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63 Alpha architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_alpha.deb Size/MD5 checksum: 90938 d8159c21d95fe23977f3f04293e05d2b http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_alpha.deb Size/MD5 checksum: 65658 8499ce76230803e3e8ca57f74d3ddc1a http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_alpha.deb Size/MD5 checksum: 5191902 e59ace42020339489e5dce272346937d AMD64 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_amd64.deb Size/MD5 checksum: 72760 c74b0d671d1e598133ccbabba4b055d0 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_amd64.deb Size/MD5 checksum: 61976 18539f87cc4ca768e94812dd82a4ba92 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_amd64.deb Size/MD5 checksum: 4357092 c343a5100fa62f02fea94cb8298d1dfe ARM architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_arm.deb Size/MD5 checksum: 67792 56ead90cbac34f20bbd3a9c561d8e766 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_arm.deb Size/MD5 checksum: 58222 9615aad9835cf82cda04c2270b23bcc6 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_arm.deb Size/MD5 checksum: 4300932 797d1b12e5c33b994b54ea3ed0e56605 HP Precision architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_hppa.deb Size/MD5 checksum: 78298 b02ebc84baf40bdf85bdd095259a6fc0 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_hppa.deb Size/MD5 checksum: 66718 fc8516836487be2143681dde8a547afa http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_hppa.deb Size/MD5 checksum: 4613010 8a86c1ff20b5e7d796f4729688b38846 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_i386.deb Size/MD5 checksum: 66214 9cdb34e878a67780bb6495585ef14db7 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_i386.deb Size/MD5 checksum: 59248 591ed69f05d3a395c0e438bbe046db12 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_i386.deb Size/MD5 checksum: 3939528 d352ae38e2349e355e5da81651fcbb81 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_ia64.deb Size/MD5 checksum: 89818 194a8c9d3fdbdb2de3a1132cfc5fefd8 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_ia64.deb Size/MD5 checksum: 73578 98b1887daec4d21c5f6541a4857f2765 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_ia64.deb Size/MD5 checksum: 5909754 72b1fc89df3534e940f0c276ac30e834 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_m68k.deb Size/MD5 checksum: 63570 c28eb2d915d1993744a07c6110634370 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_m68k.deb Size/MD5 checksum: 58802 e5c73af748d2c66f038b5f52929d938a http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_m68k.deb Size/MD5 checksum: 3601196 49dd7766842ec386c1a62685079c80ed Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_mips.deb Size/MD5 checksum: 75566 e8c8a8f53f4aab6029f7e92b5994247d http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_mips.deb Size/MD5 checksum: 59274 2ec0a1573e3e1aa68a7f71177616b61b http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_mips.deb Size/MD5 checksum: 4603054 b05d0400b14e006284b383364dcdb609 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_mipsel.deb Size/MD5 checksum: 75536 342424bab48f7baa4a28dd033ade7a89 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_mipsel.deb Size/MD5 checksum: 59504 aa940915c0a195a5fa6bc7dcdcddd796 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_mipsel.deb Size/MD5 checksum: 4559858 1c2999179723139ef15ce8fac0094ab3 PowerPC architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_powerpc.deb Size/MD5 checksum: 74908 827173cc664bccc030eb1e8607f2e5de http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_powerpc.deb Size/MD5 checksum: 63436 b53beaa55824df5c86230ee76a58f46a http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_powerpc.deb Size/MD5 checksum: 4382190 19f6451563e03f4847cf7b548b822273 IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_s390.deb Size/MD5 checksum: 71830 7f4ab010974b161ebb3e43e4fa946571 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_s390.deb Size/MD5 checksum: 63692 21ba0cfb5d848ee8db9a84c0d1d90cbc http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_s390.deb Size/MD5 checksum: 4269382 8d527032ff17054e05f2030e76e0d20f Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_sparc.deb Size/MD5 checksum: 70016 db4e0ff13dc82882a8af0ab231439d80 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_sparc.deb Size/MD5 checksum: 61066 715b8af76681d9d491f538011b75fa26 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_sparc.deb Size/MD5 checksum: 4157218 e2f76ec4340abd8f99aa44c941a87dea These files will probably be moved into the oldstable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGt1rYXm3vHE4uyloRAgDsAKDoUXmnJ3RQySW/8M42AIqZkBL/nACfXCTB 65bBxkPu0KG9yJTONnNgFQ4= =JSxH -----END PGP SIGNATURE-----