This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: Security advisory: xpdf (CVE-2005-3624/25/26/27)
- From: "Yaakov S (Cygwin Ports)" <yselkowitz at users dot sourceforge dot net>
- To: cygwin-apps at cygwin dot com
- Date: Mon, 13 Feb 2006 20:46:57 -0600
- Subject: Re: Security advisory: xpdf (CVE-2005-3624/25/26/27)
- References: <43DED3A5.4050009@users.sourceforge.net>
Yaakov S (Cygwin Ports) wrote:
Xpdf is vulnerable to integer overflows that may be exploited to execute
arbitrary code.
Solution: apply this patch to xpdf-3.01:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-text/xpdf/files/xpdf-3.01-sec-rollup.patch
More information:
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
Now, in addition to the above, there's another heap overflow
vulnerability. Isn't maintaining xpdf a lot of fun? :-)
Solution: apply this patch (IN ADDITION to the others):
https://bugzilla.novell.com/attachment.cgi?id=66287
More information:
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
Yaakov