Debian Bug report logs -
#342286
gpdf: source taken from xpdf may introduce heap-overflow vulnerabilities
Reported by: Paul Szabo <psz@maths.usyd.edu.au>
Date: Tue, 6 Dec 2005 19:48:06 UTC
Severity: grave
Fixed in version gpdf/2.10.0-2
Done: Filip Van Raemdonck <mechanix@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Hamish Moffatt <hamish@debian.org>:
Bug#342281; Package xpdf-reader.
(full text, mbox, link).
Acknowledgement sent to Paul Szabo <psz@maths.usyd.edu.au>:
New Bug report received and forwarded. Copy sent to Hamish Moffatt <hamish@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: xpdf-reader
Version: 3.00-13
Severity: critical
Justification: causes serious data loss
Arbitrary code execution (with privileges as user of package) issues
reported by iDefense:
Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability
Multiple Vendor xpdf DCTStream Progressive Heap Overflow
Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability
Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability
http://www.idefense.com/application/poi/display?id=342
http://www.idefense.com/application/poi/display?id=343
http://www.idefense.com/application/poi/display?id=344
http://www.idefense.com/application/poi/display?id=345
(Debian, both woody and sarge, is specifically mentioned as vulnerable.)
Reported also on public mailing lists, see
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/
http://www.securityfocus.com/archive/1
Upstream/vendor patches are apparently available.
Cheers,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm0.5
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages xpdf-reader depends on:
ii gsfonts 8.14+v8.11+urw-0.2 Fonts for the Ghostscript interpre
ii lesstif2 1:0.93.94-11.4 OSF/Motif 2.1 implementation relea
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib
ii libgcc1 1:3.4.3-13 GCC support library
ii libice6 4.3.0.dfsg.1-14sarge1 Inter-Client Exchange library
ii libpaper1 1.1.14-3 Library for handling paper charact
ii libsm6 4.3.0.dfsg.1-14sarge1 X Window System Session Management
ii libstdc++5 1:3.3.5-13 The GNU Standard C++ Library v3
ii libt1-5 5.0.2-3 Type 1 font rasterizer library - r
ii libx11-6 4.3.0.dfsg.1-14sarge1 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-14sarge1 X Window System miscellaneous exte
ii libxp6 4.3.0.dfsg.1-14sarge1 X Window System printing extension
ii libxpm4 4.3.0.dfsg.1-14sarge1 X pixmap library
ii libxt6 4.3.0.dfsg.1-14sarge1 X Toolkit Intrinsics
ii xlibs 4.3.0.dfsg.1-14sarge1 X Keyboard Extension (XKB) configu
ii xpdf-common 3.00-13 Portable Document Format (PDF) sui
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- no debconf information
Severity set to `grave'.
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Hamish Moffatt <hamish@debian.org>:
Bug#342281; Package xpdf-reader.
(full text, mbox, link).
Acknowledgement sent to Daniel Leidert <daniel.leidert.spam@gmx.net>:
Extra info received and forwarded to list. Copy sent to Hamish Moffatt <hamish@debian.org>.
(full text, mbox, link).
Message #12 received at 342281@bugs.debian.org (full text, mbox, reply):
clone 342281 -1 -2 -3
reassign -1 gpdf
retitle -1 gpdf: source taken from xpdf may introduce heap-overflow vulnerabilities
reassign -2 kpdf
retitle -2 kpdf: source taken from xpdf may introduce heap-overflow vulnerabilities
reassign -3 libpoppler0c2
retitle -3 libpoppler0c2: source taken from xpdf may introduce heap-overflow vulnerabilities
stop
Following the news at heise.de
(http://www.heise.de/security/news/meldung/67056) the packages kpdf,
gpdf and the poppler library could be or are affected too. Please test,
if this is true.
Regards, Daniel
Bug reassigned from package `xpdf-reader' to `gpdf'.
Request was from Daniel Leidert <daniel.leidert.spam@gmx.net>
to control@bugs.debian.org.
(full text, mbox, link).
Changed Bug title.
Request was from Daniel Leidert <daniel.leidert.spam@gmx.net>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Filip Van Raemdonck <mechanix@debian.org>:
Bug#342286; Package gpdf.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Filip Van Raemdonck <mechanix@debian.org>.
(full text, mbox, link).
Message #23 received at 342286@bugs.debian.org (full text, mbox, reply):
tags 342276 security
thanks
Hi,
gpdf is in fact vulnerable to the latest xpdf issues from iDefense.
Cheers,
Moritz
Reply sent to Filip Van Raemdonck <mechanix@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Paul Szabo <psz@maths.usyd.edu.au>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #28 received at 342286-close@bugs.debian.org (full text, mbox, reply):
Source: gpdf
Source-Version: 2.10.0-2
We believe that the bug you reported is fixed in the latest version of
gpdf, which is due to be installed in the Debian FTP archive:
gpdf_2.10.0-2.diff.gz
to pool/main/g/gpdf/gpdf_2.10.0-2.diff.gz
gpdf_2.10.0-2.dsc
to pool/main/g/gpdf/gpdf_2.10.0-2.dsc
gpdf_2.10.0-2_i386.deb
to pool/main/g/gpdf/gpdf_2.10.0-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 342286@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Filip Van Raemdonck <mechanix@debian.org> (supplier of updated gpdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 15 Jan 2006 11:18:36 +0100
Source: gpdf
Binary: gpdf
Architecture: source i386
Version: 2.10.0-2
Distribution: unstable
Urgency: high
Maintainer: Filip Van Raemdonck <mechanix@debian.org>
Changed-By: Filip Van Raemdonck <mechanix@debian.org>
Description:
gpdf - Portable Document Format (PDF) viewer
Closes: 342286
Changes:
gpdf (2.10.0-2) unstable; urgency=high
.
* Patch provided by Security Team:
Added more precautionary checks by Dirk Müller
[xpdf/Stream.cc, xpdf/JBIG2Stream.cc]
Fixes CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625
CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
(Closes: #342286)
Files:
eb4a8294a098e64e256fb02c7f4ab0ea 1775 text optional gpdf_2.10.0-2.dsc
4ed9a9d431e41bde5f81b548dc7f7109 13538 text optional gpdf_2.10.0-2.diff.gz
f3b4ae54ee1ddaa226010a2e1f83455c 806274 text optional gpdf_2.10.0-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDy/JPEjn3CY6VDgARAncMAJ0Z8489D+4J9ZmBHOqyWRL0GrhL5gCfURun
x0eoakRHpWxhUTUt1iZsFwI=
=c7+v
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 19 Jun 2007 02:01:36 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:02:44 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon