[SECURITY] [DTSA-54-1] New poppler packages fix integer overflow

Steffen Joeris white at debian.org
Wed Aug 22 06:44:40 UTC 2007

- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-54-1                 August 22nd , 2007
secure-testing-team at lists.alioth.debian.org                 Steffen Joeris
- --------------------------------------------------------------------------

Package        : poppler
Vulnerability  : integer overflow
Problem-Scope  : local (remote)
Debian-specific: no
CVE ID         : CVE-2007-3387

It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.

For the testing distribution (lenny) this is fixed in version

For the unstable distribution (sid) this is fixed in version

This upgrade is recommended if you use poppler

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free

To install the update, run this command as root:

apt-get update && apt-get upgrade

For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-announce/attachments/20070822/491d3a25/attachment.pgp 

More information about the secure-testing-announce mailing list