Gentoo Archives: gentoo-commits

From: "Sergey Popov (pinkbyte)" <pinkbyte@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201311-20.xml
Date: Thu, 28 Nov 2013 08:20:36
Message-Id: 20131128082033.12C9B2004B@flycatcher.gentoo.org
1 pinkbyte 13/11/28 08:20:33
2
3 Added: glsa-201311-20.xml
4 Log:
5 GLSA 201311-20
6
7 Revision Changes Path
8 1.1 xml/htdocs/security/en/glsa/glsa-201311-20.xml
9
10 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201311-20.xml?rev=1.1&view=markup
11 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201311-20.xml?rev=1.1&content-type=text/plain
12
13 Index: glsa-201311-20.xml
14 ===================================================================
15 <?xml version="1.0" encoding="UTF-8"?>
16 <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19 <glsa id="201311-20">
20 <title>Okular: Arbitrary code execution </title>
21 <synopsis>A heap-based buffer overflow in Okular might allow a remote
22 attacker to execute arbitrary code or cause a Denial of Service condition.
23 </synopsis>
24 <product type="ebuild">okular</product>
25 <announced>November 28, 2013</announced>
26 <revised>November 28, 2013: 1</revised>
27 <bug>334469</bug>
28 <access>remote</access>
29 <affected>
30 <package name="kde-base/okular" auto="yes" arch="*">
31 <unaffected range="ge">4.4.5-r2</unaffected>
32 <vulnerable range="lt">4.4.5-r2</vulnerable>
33 </package>
34 </affected>
35 <background>
36 <p>Okular is a universal document viewer based on KPDF for KDE 4.</p>
37 </background>
38 <description>
39 <p>Okular contains a heap-based buffer overflow in the RLE decompression
40 functionality in the TranscribePalmImageToJPEG function in
41 generators/plucker/inplug/image.cpp.
42 </p>
43 </description>
44 <impact type="normal">
45 <p>A remote attacker could entice a user to open a specially crafted PBD
46 file using Okular, possibly resulting in execution of arbitrary code with
47 the privileges of the process, or a Denial of Service condition.
48 </p>
49 </impact>
50 <workaround>
51 <p>There is no known workaround at this time.</p>
52 </workaround>
53 <resolution>
54 <p>All Okular users should upgrade to the latest version:</p>
55
56 <code>
57 # emerge --sync
58 # emerge --ask --oneshot --verbose "&gt;=kde-base/okular-4.4.5-r2"
59 </code>
60
61 </resolution>
62 <references>
63 <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2575">
64 CVE-2010-2575
65 </uri>
66 </references>
67 <metadata tag="requester" timestamp="Fri, 07 Oct 2011 23:37:53 +0000">
68 underling
69 </metadata>
70 <metadata tag="submitter" timestamp="Thu, 28 Nov 2013 08:19:02 +0000">Zlogene</metadata>
71 </glsa>