[USN-163-1] xpdf vulnerability

Martin Pitt martin.pitt at canonical.com
Tue Aug 9 10:14:24 CDT 2005


===========================================================
Ubuntu Security Notice USN-163-1	    August 09, 2005
xpdf vulnerability
CAN-2005-2097
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

xpdf-reader
xpdf-utils
kpdf

The problem can be corrected by upgrading the affected package to
version 3.00-8ubuntu1.5 (for Ubuntu 4.10), or 3.00-11ubuntu3.1
(xpdf-reader and xpdf-utils for Ubuntu 5.04) and 4:3.4.0-0ubuntu3.1
(kpdf for Ubuntu 5.04).  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

xpdf and kpdf did not sufficiently verify the validity of the "loca"
table in PDF files, a table that contains glyph description
information for embedded TrueType fonts. After detecting the broken
table, xpdf attempted to reconstruct the information in it, which
caused the generation of a huge temporary file that quickly filled up
available disk space and rendered the application unresponsive.

The CUPS printing system in Ubuntu 5.04 uses the xpdf-utils package to
convert PDF files to PostScript. By attempting to print such a crafted
PDF file, a remote attacker could cause a Denial of Service in a print
server. The CUPS system in Ubuntu 4.10 is not vulnerable against this
attack.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-11ubuntu3.1.diff.gz
      Size/MD5:    49233 4cd029c1e95456692b26dcfdb6d53ce8
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-11ubuntu3.1.dsc
      Size/MD5:      798 bcb68e7e2d6af0bc9e67f87124ac8bda
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5:   534697 95294cef3031dd68e65f331e8750b2c2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-11ubuntu3.1_all.deb
      Size/MD5:    56848 14aa94843443c88cb173285fad7f22e0
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-11ubuntu3.1_all.deb
      Size/MD5:     1278 7cb9919819da78b2fd00dcae61bb8c46

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-11ubuntu3.1_amd64.deb
      Size/MD5:   667122 d63c5a97a615fc4f6996eb1c0e0db8d4
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-11ubuntu3.1_amd64.deb
      Size/MD5:  1271460 ba0726cc5834f5c2484241ba3a708a18

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-11ubuntu3.1_i386.deb
      Size/MD5:   631952 4b765c67380a65b3495411cfae390a76
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-11ubuntu3.1_i386.deb
      Size/MD5:  1193432 1c81c58d022a9fc295121d7e3015bda3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-11ubuntu3.1_powerpc.deb
      Size/MD5:   693470 7b484b13228992748cc7005fd6aba632
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-11ubuntu3.1_powerpc.deb
      Size/MD5:  1311586 8f8dcd99c4de8d58985caa4e3c0e7f8f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.5.diff.gz
      Size/MD5:    48457 66dae2ebe77d6c534341081053de0ad4
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.5.dsc
      Size/MD5:      788 416e2f1981d1ee9ee840fea169647dd5
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5:   534697 95294cef3031dd68e65f331e8750b2c2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.4.0-0ubuntu3.1.diff.gz
      Size/MD5:   154890 bc6483123ff12803fffe3aa2bda692d3
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.4.0-0ubuntu3.1.dsc
      Size/MD5:     1373 7a956fb702674a455d412820e0451495
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.4.0.orig.tar.gz
      Size/MD5:  8099991 c60ab0a0d727701144b5342dcbee201a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.5_all.deb
      Size/MD5:    56544 3d224afc953de8a9b435442e660605ee
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.5_all.deb
      Size/MD5:     1276 9005b58cff86bb092a9517f5f23922a4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.4.0-0ubuntu3.1_all.deb
      Size/MD5:    10300 ec94e5f36fb820b7d4bac5cd2ac33534

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.5_amd64.deb
      Size/MD5:   666982 fac1e20d36a73d5ce7fd9ab14687e334
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.5_amd64.deb
      Size/MD5:  1271400 7a81fc269ab824bbd33a229c77dceaad
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kamera_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:    81916 ba96be6d955eea5a25f243099b96fc98
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kcoloredit_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:    93520 af0a0643f8e6239dca5ebfabb7542279
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdegraphics-dev_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:    58796 56d634ffdf6a30b2b1f6befe87284c7b
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   264398 a76e455377a8186876e92b637ba4d812
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdvi_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   504812 39329ab1c8c37c7e20fc3586ca34dc1e
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kfax_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   142990 f5f4425b604a830058e0e1dc858a8f1d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kgamma_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:    76088 7cacd1083ecc2af8bbd8c74bfd4e6e0f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kghostview_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   231168 d5e0053c78445904724f39dd577f5053
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kiconedit_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   137534 bb441cb229f3fbdd86da8784d7c6c75f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kmrml_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   227596 0b0bc954f8723130a145bf1ee70168f5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kolourpaint_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   798720 831c2bfa32699f271a0fed894f271c0f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kooka_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   753156 278e9b51ac65ee737692d49ca65fb5e0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpdf_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   657458 50e033dc500e0186702419239dd9536c
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kpovmodeler_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:  2239588 1db84a1b3b77b69b50b2902746411fb1
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kruler_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:    56308 209b274d36be561c22705578e1bc7656
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksnapshot_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   132142 3762b1853a272edce602dddf68d57a7c
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksvg_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:  1216632 899ceb59f17a0163b78bd8d5cf48eca3
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kuickshow_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   471318 39e2e4c6a32ecdf4021e7e0a9ad9530a
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kview_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   685498 a16981238b4a1d0041fa43a3b743424f
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kviewshell_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   255776 e3a8bde867881d5de2403aee14722597
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/libkscan-dev_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:     9700 fb007ba8f7cb7a94e77eb2daa20348f0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan1_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:   133834 ffc81571e412551c39b1cad094d0b9a3

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.5_i386.deb
      Size/MD5:   631920 01510acbcd8381c6606e6e1c00b0ea0e
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.5_i386.deb
      Size/MD5:  1193890 b757f37d5108f0aa597490dc399c33ff
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kamera_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:    78352 311f0453459518f68031a60b4633643a
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kcoloredit_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:    86298 5ef24892b3707c4e3992275da924a4a0
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdegraphics-dev_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:    58798 2d4eeecf709b0d0c08924710158ccfe2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   221794 9a6304ce578d798d86abbb324bcda58c
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdvi_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   495944 2304daead52107020e668044373d794e
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kfax_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   135958 9892ecb3e9f604b2327113ad2b9dfa5a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kgamma_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:    73232 50089e6ec7b1acfac746d492cda20beb
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kghostview_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   220250 f47201168e9c6e2cd3ff618b3577c2fe
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kiconedit_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   126060 ef39bd9a675e8e7201f42c06ad224f59
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kmrml_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   210146 d95c29cd7b0b33d3bc1ff3538f0989d4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kolourpaint_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   766914 cade32ee0e0832ecbf2d358baa04dade
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kooka_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   738262 107240bf57ce6d381305094289616124
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpdf_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   611796 9c2cce47121d9ac7f456e92024fc1d5a
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kpovmodeler_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:  2168772 8fee82a345bea676764cd9373c60d802
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kruler_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:    54816 4de21ab1116d2fe44b3063284742a542
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksnapshot_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   128778 f40d74f86c84c3c02dc032133f022b69
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksvg_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:  1195566 018488d1d644a30a4eab558b36ab58db
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kuickshow_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   463408 b1f830fcfae3200986b32dd6088abad7
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kview_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   648282 dc4d632c41f0f49f183c9e1388b8354a
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kviewshell_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   237694 7747872b0920530b186ca884208566c7
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/libkscan-dev_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:     9696 00a5c7cd8fe7c6c42ad4bf961c25d9b8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan1_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:   125086 c55fe18ca690db7e8583b25ed87570c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.5_powerpc.deb
      Size/MD5:   693162 60c5ad23ed7ca7915f4e11aae250db82
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.5_powerpc.deb
      Size/MD5:  1311540 2b8690e3044f7b88760c5acef63bbcee
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kamera_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:    79062 6ebe3fd2395a6da4347aab787f9bb33e
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kcoloredit_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:    88208 3d4c5c33a7fbde54525fec264ac0599f
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdegraphics-dev_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:    58808 85c91edda625847e6eeccdb0d2a01e11
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   260346 2ac7795f52efc1c821041284b1e9cf00
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdvi_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   493320 a6cfdea42e87d5c57c231134288e96de
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kfax_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   138464 0e1b165ae8abe63c431ed5e050720b52
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kgamma_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:    73874 6b20857f99469b77a539049fcc0c33a4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kghostview_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   222482 081566f7c026eb2447faec407dfb86d6
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kiconedit_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   127262 5d17635f5447882bd3a69338135f2746
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kmrml_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   215724 a8f03074461cd1cb7029104be0f6f536
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kolourpaint_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   756880 b7e2c36791baad6b8d95b0a421ea720f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kooka_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   738244 d7d81cbf500bcdbc5ea7513da4aba3c7
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpdf_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   628970 b4bd7761e217af8b727257a42ec7bc58
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kpovmodeler_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:  2151892 9c15e838f10940a000d82cfcb690ea60
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kruler_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:    54402 530562c13d720afadca85773f9c8936e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksnapshot_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   128500 29bf768d0f438d74e2d4ce8e3cc3e026
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksvg_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:  1178820 5c42d32c9e9bd1d32d314473e1e2be8e
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kuickshow_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   465182 2fcd8f23d26ae6c1955fe61c4ce2763b
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kview_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   682210 3c3c96dbdd52a9fc202b8efb16c4efee
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kviewshell_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   238610 c2ead499fb239970ec1f04b92e743af2
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/libkscan-dev_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:     9696 2d68e1ebd7b569a7b99398699ec85f5f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan1_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:   126898 15908f0ef707a5d6dd7421f9108871b5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20050809/7a3af12f/attachment.pgp


More information about the ubuntu-security-announce mailing list