|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200512-08] Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200512-08
(Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities)
infamous41md discovered that several Xpdf functions lack sufficient
boundary checking, resulting in multiple exploitable buffer overflows.
Impact
A possible hacker could entice a user to open a specially-crafted PDF file
which would trigger an overflow, potentially resulting in execution of
arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or
Poppler.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
Solution:
All Xpdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r2"
All GPdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r2"
All Poppler users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose app-text/poppler
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|