From joey@infodrom.org Mon Feb 27 11:45:00 2006 From: Martin Schulze Resent-From: list@murphy.debian.org (Mailing List Manager) To: Debian Security Announcements Date: Mon, 27 Feb 2006 17:37:20 +0100 (CET) Reply-To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] [SECURITY] [DSA 982-1] New gpdf packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 982-1 security@debian.org http://www.debian.org/security/ Martin Schulze February 27th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : gpdf Vulnerability : several Problem type : local (remote) Debian-specific: no Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in gpdf, the Portable Document Format (PDF) viewer with Gtk bindings. The old stable distribution (woody) does not contain gpdf packages. For the stable distribution (sarge) these problems have been fixed in version 2.8.2-1.2sarge4. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your gpdf package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4.dsc Size/MD5 checksum: 1663 c8dce7a7e56fd3c6c3152261fb7d8473 http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4.diff.gz Size/MD5 checksum: 36661 78a2014c938cc560c4ab18a2d76a45a7 http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz Size/MD5 checksum: 1245535 5ceb66aa95e51c4e1d6e10cb29560ff9 Alpha architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_alpha.deb Size/MD5 checksum: 868068 976e80d151a24e904276be7935dbe66c AMD64 architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_amd64.deb Size/MD5 checksum: 795664 fd0ea82ed95818c814a61e360c1ffca4 ARM architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_arm.deb Size/MD5 checksum: 781500 67fa5d07642c3cc2a8ed73800929261b Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_i386.deb Size/MD5 checksum: 781880 70e32bc11652d9b5e96ea67652d899ff Intel IA-64 architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_ia64.deb Size/MD5 checksum: 958172 7ed29406f4eb3fdbff9557a56efcc105 HP Precision architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_hppa.deb Size/MD5 checksum: 859604 4f0a0f85cc3da4bfb6f7824028bf216a Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_m68k.deb Size/MD5 checksum: 745860 28de87c193a903165593af8a6daa4e5a Big endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_mips.deb Size/MD5 checksum: 818496 65e9278872e225a471784aed49661825 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_mipsel.deb Size/MD5 checksum: 811016 83903092b986bd6277907bc551543bb0 PowerPC architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_powerpc.deb Size/MD5 checksum: 799718 90d14fde4fb004ee67aaaf64a1be0a4d IBM S/390 architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_s390.deb Size/MD5 checksum: 776020 d92b72bf49062fa7a3d36205b364d564 Sun Sparc architecture: http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_sparc.deb Size/MD5 checksum: 763828 455d1333396950f63a809aba4b6a6865 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEAyq+W5ql+IAeqTIRAhxuAKCFUMxW4gxdTRbyVgQtqcbI/LMREACfe+1/ /BI1kO2W46bRVtkbsMW3LiU= =uF+9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/