[SECURITY] [DTSA-54-1] New poppler packages fix integer overflow

Steffen Joeris white at debian.org
Wed Aug 22 06:44:40 UTC 2007


- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-54-1                 August 22nd , 2007
secure-testing-team at lists.alioth.debian.org                 Steffen Joeris
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------

Package        : poppler
Vulnerability  : integer overflow
Problem-Scope  : local (remote)
Debian-specific: no
CVE ID         : CVE-2007-3387

It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

For the testing distribution (lenny) this is fixed in version
0.5.4-6lenny1

For the unstable distribution (sid) this is fixed in version
0.5.4-6.1

This upgrade is recommended if you use poppler

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free

To install the update, run this command as root:

apt-get update && apt-get upgrade

For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-announce/attachments/20070822/491d3a25/attachment.pgp 


More information about the secure-testing-announce mailing list