Gentoo Archives: gentoo-announce

From: Alex Legler <a3li@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200909-12 ] HTMLDOC: User-assisted execution of arbitrary code
Date: Sat, 12 Sep 2009 16:32:01
Message-Id: 20090912182836.7c526195@neon
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200909-12
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: HTMLDOC: User-assisted execution of arbitrary code
9 Date: September 12, 2009
10 Bugs: #278186
11 ID: 200909-12
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple insecure calls to the sscanf() function in HTMLDOC might
19 result in the execution of arbitrary code.
20
21 Background
22 ==========
23
24 HTMLDOC is a HTML indexer and HTML to PS and PDF converter.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-text/htmldoc < 1.8.27-r1 >= 1.8.27-r1
33
34 Description
35 ===========
36
37 ANTHRAX666 reported an insecure call to the sscanf() function in the
38 set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian
39 Security Team found two more insecure calls in the write_type1()
40 function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in
41 htmldoc/htmllib.cxx.
42
43 Impact
44 ======
45
46 A remote attacker could entice a user to process a specially crafted
47 HTML file using htmldoc, possibly resulting in the execution of
48 arbitrary code with the privileges of the user running the application.
49 NOTE: Additional vectors via specially crafted AFM font metric files do
50 not cross trust boundaries, as the files can only be modified by
51 privileged users.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All HTMLDOC users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose =app-text/htmldoc-1.8.27-r1
65
66 References
67 ==========
68
69 [ 1 ] CVE-2009-3050
70 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3050
71
72 Availability
73 ============
74
75 This GLSA and any updates to it are available for viewing at
76 the Gentoo Security Website:
77
78 http://security.gentoo.org/glsa/glsa-200909-12.xml
79
80 Concerns?
81 =========
82
83 Security is a primary focus of Gentoo Linux and ensuring the
84 confidentiality and security of our users machines is of utmost
85 importance to us. Any security concerns should be addressed to
86 security@g.o or alternatively, you may file a bug at
87 https://bugs.gentoo.org.
88
89 License
90 =======
91
92 Copyright 2009 Gentoo Foundation, Inc; referenced text
93 belongs to its owner(s).
94
95 The contents of this document are licensed under the
96 Creative Commons - Attribution / Share Alike license.
97
98 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature