|
Family: Ubuntu Local Security Checks --> Category: infos
USN48-1 : xpdf, tetex-bin vulnerabilities Vulnerability Scan
Vulnerability Scan Summary xpdf, tetex-bin vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libkpathsea-dev
- libkpathsea3
- tetex-bin
- xpdf
- xpdf-common
- xpdf-reader
- xpdf-utils
Description :
A potential buffer overflow has been found in the xpdf viewer. An
insufficient input validation could be exploited by a possible hacker
providing a specially crafted PDF file which, when processed by xpdf,
could result in abnormal program termination or the execution of
attacker supplied program code with the user's rights.
The tetex-bin package contains the affected xpdf code to generate PDF
output and process included PDF files, thus is vulnerable as well.
Solution :
Upgrade to :
- libkpathsea-dev-2.0.2-21ubuntu0.3 (Ubuntu 4.10)
- libkpathsea3-2.0.2-21ubuntu0.3 (Ubuntu 4.10)
- tetex-bin-2.0.2-21ubuntu0.3 (Ubuntu 4.10)
- xpdf-3.00-8ubuntu1.3 (Ubuntu 4.10)
- xpdf-common-3.00-8ubuntu1.3 (Ubuntu 4.10)
- xpdf-reader-3.00-8ubuntu1.3 (Ubuntu 4.10)
- xpdf-utils-3.00-8ubuntu1.3 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|