[gentoo-announce] [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows - gentoo-announce

From:	Thierry Carrez <koon@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows
Date:	Thu, 21 Oct 2004 14:43:20
Message-Id:	`4177CA48.8070109@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200410-20

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Xpdf, CUPS: Multiple integer overflows

9

      Date: October 21, 2004

10

        ID: 200410-20

11

12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

13

14

Synopsis

15

========

16

17

Multiple integer overflows were discovered in Xpdf, potentially

18

resulting in execution of arbitrary code upon viewing a malicious PDF

19

file. CUPS includes Xpdf code and therefore is vulnerable to the same

20

issues.

21

22

Background

23

==========

24

25

Xpdf is an open source viewer for Portable Document Format (PDF) files.

26

The Common UNIX Printing System (CUPS) is a cross-platform print

27

spooler that includes some Xpdf code.

28

29

Affected packages

30

=================

31

32

    -------------------------------------------------------------------

33

     Package         /   Vulnerable   /                     Unaffected

34

    -------------------------------------------------------------------

35

  1  app-text/xpdf       <= 3.00-r2                         >= 3.00-r3

36

  2  net-print/cups     <= 1.1.20-r3                      >= 1.1.20-r4

37

    -------------------------------------------------------------------

38

     2 affected packages on all of their supported architectures.

39

    -------------------------------------------------------------------

40

41

Description

42

===========

43

44

Chris Evans discovered multiple integer overflow issues in Xpdf.

45

46

Impact

47

======

48

49

An attacker could entice an user to open a specially-crafted PDF file,

50

potentially resulting in execution of arbitrary code with the rights of

51

the user running Xpdf. By enticing an user to directly print the PDF

52

file to a CUPS printer, an attacker could also crash the CUPS spooler

53

or execute arbitrary code with the rights of the CUPS spooler, which is

54

usually the "lp" user.

55

56

Workaround

57

==========

58

59

There is no known workaround at this time.

60

61

Resolution

62

==========

63

64

All Xpdf users should upgrade to the latest version:

65

66

    # emerge sync

67

68

    # emerge -pv ">=app-text/xpdf-3.00-r3"

69

    # emerge ">=app-text/xpdf-3.00-r3"

70

71

All CUPS users should also upgrade to the latest version:

72

73

    # emerge sync

74

75

    # emerge -pv ">=net-print/cups-1.1.20-r4"

76

    # emerge ">=net-print/cups-1.1.20-r4"

77

78

References

79

==========

80

81

  [ 1 ] CAN-2004-0888

82

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888

83

  [ 2 ] CAN-2004-0889

84

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889

85

86

Availability

87

============

88

89

This GLSA and any updates to it are available for viewing at

90

the Gentoo Security Website:

91

92

  http://security.gentoo.org/glsa/glsa-200410-20.xml

93

94

Concerns?

95

=========

96

97

Security is a primary focus of Gentoo Linux and ensuring the

98

confidentiality and security of our users machines is of utmost

99

importance to us. Any security concerns should be addressed to

100

security@g.o or alternatively, you may file a bug at

101

http://bugs.gentoo.org.

102

103

License

104

=======

105

106

Copyright 2004 Gentoo Foundation, Inc; referenced text

107

belongs to its owner(s).

108

109

The contents of this document are licensed under the

110

Creative Commons - Attribution / Share Alike license.

111

112

http://creativecommons.org/licenses/by-sa/1.0

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200410-20
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Xpdf, CUPS: Multiple integer overflows
9	Date: October 21, 2004
10	ID: 200410-20
11
12	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
13
14	Synopsis
15	========
16
17	Multiple integer overflows were discovered in Xpdf, potentially
18	resulting in execution of arbitrary code upon viewing a malicious PDF
19	file. CUPS includes Xpdf code and therefore is vulnerable to the same
20	issues.
21
22	Background
23	==========
24
25	Xpdf is an open source viewer for Portable Document Format (PDF) files.
26	The Common UNIX Printing System (CUPS) is a cross-platform print
27	spooler that includes some Xpdf code.
28
29	Affected packages
30	=================
31
32	-------------------------------------------------------------------
33	Package / Vulnerable / Unaffected
34	-------------------------------------------------------------------
35	1 app-text/xpdf <= 3.00-r2 >= 3.00-r3
36	2 net-print/cups <= 1.1.20-r3 >= 1.1.20-r4
37	-------------------------------------------------------------------
38	2 affected packages on all of their supported architectures.
39	-------------------------------------------------------------------
40
41	Description
42	===========
43
44	Chris Evans discovered multiple integer overflow issues in Xpdf.
45
46	Impact
47	======
48
49	An attacker could entice an user to open a specially-crafted PDF file,
50	potentially resulting in execution of arbitrary code with the rights of
51	the user running Xpdf. By enticing an user to directly print the PDF
52	file to a CUPS printer, an attacker could also crash the CUPS spooler
53	or execute arbitrary code with the rights of the CUPS spooler, which is
54	usually the "lp" user.
55
56	Workaround
57	==========
58
59	There is no known workaround at this time.
60
61	Resolution
62	==========
63
64	All Xpdf users should upgrade to the latest version:
65
66	# emerge sync
67
68	# emerge -pv ">=app-text/xpdf-3.00-r3"
69	# emerge ">=app-text/xpdf-3.00-r3"
70
71	All CUPS users should also upgrade to the latest version:
72
73	# emerge sync
74
75	# emerge -pv ">=net-print/cups-1.1.20-r4"
76	# emerge ">=net-print/cups-1.1.20-r4"
77
78	References
79	==========
80
81	[ 1 ] CAN-2004-0888
82	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
83	[ 2 ] CAN-2004-0889
84	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889
85
86	Availability
87	============
88
89	This GLSA and any updates to it are available for viewing at
90	the Gentoo Security Website:
91
92	http://security.gentoo.org/glsa/glsa-200410-20.xml
93
94	Concerns?
95	=========
96
97	Security is a primary focus of Gentoo Linux and ensuring the
98	confidentiality and security of our users machines is of utmost
99	importance to us. Any security concerns should be addressed to
100	security@g.o or alternatively, you may file a bug at
101	http://bugs.gentoo.org.
102
103	License
104	=======
105
106	Copyright 2004 Gentoo Foundation, Inc; referenced text
107	belongs to its owner(s).
108
109	The contents of this document are licensed under the
110	Creative Commons - Attribution / Share Alike license.
111
112	http://creativecommons.org/licenses/by-sa/1.0