Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0743 -- Debian Security Advisory DSA 599-1 New tetex-bin packages fix arbitrary code execution 26 November 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tetex-bin Publisher: Debian Operating System: Debian GNU/Linux 3.0 Linux variants UNIX variants Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CAN-2004-0888 Original Bulletin: http://www.debian.org/security/2004/dsa-599 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 599-1 security@debian.org http://www.debian.org/security/ Martin Schulze November 25th, 2004 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : tetex-bin Vulnerability : integer overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0888 Debian Bug : 278298 Chris Evans discovered several integer overflows in xpdf, that are also present in tetex-bin, binary files for the teTeX distribution, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code. For the stable distribution (woody) these problems have been fixed in version 20011202-7.3. For the unstable distribution (sid) these problems have been fixed in version 2.0.2-23. We recommend that you upgrade your tetex-bin packages. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.dsc Size/MD5 checksum: 874 0774ffbc5e428a21939d7d10070ef12b http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.tar.gz Size/MD5 checksum: 10329770 9ffa7015b10981c3524e8d6147f2c077 Alpha architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_alpha.deb Size/MD5 checksum: 84664 7b82ef947ccbd60c57e31fa1cdbceeae http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_alpha.deb Size/MD5 checksum: 53042 e14d212ec7d9a21859b443ea11210d12 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_alpha.deb Size/MD5 checksum: 4568870 d8a00aedde830f02a46f70ae97bcdfbc ARM architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_arm.deb Size/MD5 checksum: 65256 c7fb486f0e58d6f90a080313ade6d980 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_arm.deb Size/MD5 checksum: 43610 acf504677a35232f075cb6368cb73c4f http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_arm.deb Size/MD5 checksum: 3703874 25b4e1d62d2b010382bb74e610f7de32 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_i386.deb Size/MD5 checksum: 62598 6c11adfac9cbe8007aa89fa91bef57da http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_i386.deb Size/MD5 checksum: 40742 afda3a9de40083b9fb4a9d92a57749f3 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_i386.deb Size/MD5 checksum: 3137234 898331b25326db5114be3fde93b191d1 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_ia64.deb Size/MD5 checksum: 89716 c18229e93ad1bcd55a4baf9236798545 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_ia64.deb Size/MD5 checksum: 63354 67c881d278113cd980dcfba6b52b2b1a http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_ia64.deb Size/MD5 checksum: 5598790 7e42e2710c659668fd6cb49ee73d333d HP Precision architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_hppa.deb Size/MD5 checksum: 79336 56b55b712e71ff618a1f861fe79ec21c http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_hppa.deb Size/MD5 checksum: 49324 8577bdb403711604e3ff31cef86a9f1a http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_hppa.deb Size/MD5 checksum: 4106740 0f07a18dd4762a7d4bd5ea0881b8a80e Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_m68k.deb Size/MD5 checksum: 61894 645b35f6e1d139a50f2fbd33be3c985b http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_m68k.deb Size/MD5 checksum: 41370 7b6ce68854bf90f1914f90d386a83dcf http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_m68k.deb Size/MD5 checksum: 2923076 de62311a6c75ca949adf65b09c5d0722 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mips.deb Size/MD5 checksum: 75110 725f811a3b30630c84fa63137eca473d http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mips.deb Size/MD5 checksum: 42380 a89bb43e57cfb784e5b9193177c7894e http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mips.deb Size/MD5 checksum: 3941306 2e93d929facb57b8a3500780c00c2335 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mipsel.deb Size/MD5 checksum: 74908 973bf6cec0fd0f972d1e159e1565953c http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mipsel.deb Size/MD5 checksum: 42592 360874783cafee5a52b11a9f34cca859 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mipsel.deb Size/MD5 checksum: 3899668 a8f1b96d1cd98bbb47ab0a685d719695 PowerPC architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_powerpc.deb Size/MD5 checksum: 73942 631231dd210da928ae371d327d1d9c19 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_powerpc.deb Size/MD5 checksum: 45282 0452f97d7b0fa7d385c2bbe1f7f9010f http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_powerpc.deb Size/MD5 checksum: 3587232 c4895e69f2428a9641418ebc751fe7d3 IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_s390.deb Size/MD5 checksum: 64264 a1d4534009c6c82335c5231869b921d9 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_s390.deb Size/MD5 checksum: 43760 ead82804aaee31f3ba40d98d6d11ed7b http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_s390.deb Size/MD5 checksum: 3441172 8ca00fddab7f9c3c612e6ac3db9889a4 Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_sparc.deb Size/MD5 checksum: 70710 d0e1d6a50ca4dfbe852445d6b49b1a40 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_sparc.deb Size/MD5 checksum: 48748 907d98a1136cfd90f0678497728885d0 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_sparc.deb Size/MD5 checksum: 3598666 0deea34aef2ec55cb04eb8f93204d2f2 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBpfC4W5ql+IAeqTIRAkfJAJ0WxP0zV5CTgCOBQFLHRwiLsRUCvwCgkTQt AYT6xca57KtGVtMIKxy6HXk= =M2UP - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQaZ4DSh9+71yA2DNAQKwzwQAkxm6eaQc029Ci/ZCkwoJkW7gAb36BEqV 2ANErLlHWBgr9CcRjT5LlmH135bJRO/qm/hE+BU/UeB8/geQw5PWoD+A4HtLy0iy 9xZeas99FBWNYNcAESsOL+vX5j8/NgCFh7DcdsulqEgBZ88O/rO6IE1zL2C9UcrS dkmoFq1KCAI= =ORBj -----END PGP SIGNATURE-----