-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2135-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 21, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : xpdf Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-3702 CVE-2010-3704 Joel Voss of Leviathan Security Group discovered two vulnerabilities in xpdf rendering engine, which may lead to the execution of arbitrary code if a malformed PDF file is opened. For the stable distribution (lenny), these problems have been fixed in version 3.02-1.4+lenny3. For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems don't apply, since xpdf has been patched to use the Poppler PDF library. We recommend that you upgrade your poppler packages. Upgrade instructions - -------------------- If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0Q5M4ACgkQXm3vHE4uyloQDACfabZRl0gOaEHypK8Ovaggiyte XHgAn18UdLjvYoXkxzbPC7NqNvsmaCg6 =UpYe -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/