[Secure-testing-team] Re: xpdf vulnerability?
Micah Anderson
micah at debian.org
Fri Mar 18 05:56:11 UTC 2005
On Wed, 16 Mar 2005, Frank Küster wrote:
> Frank Küster <frank at debian.org> wrote:
>
> > Micah Anderson <micah at debian.org> wrote:
> >
> >> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
> >
> > This also needs to be checked for pdftex (in tetex-bin) and pdftohtml,
> > and perhaps others that include xpdf code.
>
> Can anybody point me to a place where I can find the patch for the
> 64-bit-specific issue? The CVE only lists the RedHat and Mandrake
> security announcements, but I don't know how to get those source-rpm's.
> I found ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if that's the
> right one, tetex-bin in sarge/unstable is vulnerable. In woody the code
> looks very different.
Unfortunately, it takes some deep digging sometimes. I've had to email
the security announce mailing address to find specific patches before.
Surprisingly, they responded...
I searched Redhat's Bugzilla, and found this:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
Apparantly this patch:
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=110599
plus the following missing hunk:
@@ -186,6 +192,11 @@
}
if (start >= pagesSize) {
pagesSize += 32;
+ if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize ||
+ pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) {
+ error(-1, "Invalid 'pagesSize' parameter.");
+ goto err3;
+ }
Can you determine if tetex-bin, pdftohtml and xpdf have this in Sarge?
Micah
More information about the Secure-testing-team
mailing list