7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
77.9%
Debian Security Advisory DSA-2135-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
December 21, 2010 http://www.debian.org/security/faq
Package : xpdf
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-3702 CVE-2010-3704
Joel Voss of Leviathan Security Group discovered two vulnerabilities
in xpdf rendering engine, which may lead to the execution of arbitrary
code if a malformed PDF file is opened.
For the stable distribution (lenny), these problems have been fixed in
version 3.02-1.4+lenny3.
For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems don't apply, since xpdf has been
patched to use the Poppler PDF library.
We recommend that you upgrade your poppler packages.
Upgrade instructions
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | mipsel | xpdf-utils | < 3.02-1.4+lenny3 | xpdf-utils_3.02-1.4+lenny3_mipsel.deb |
Debian | 5 | amd64 | xpdf-utils | < 3.02-1.4+lenny3 | xpdf-utils_3.02-1.4+lenny3_amd64.deb |
Debian | 5 | powerpc | xpdf-reader | < 3.02-1.4+lenny3 | xpdf-reader_3.02-1.4+lenny3_powerpc.deb |
Debian | 5 | s390 | xpdf-utils | < 3.02-1.4+lenny3 | xpdf-utils_3.02-1.4+lenny3_s390.deb |
Debian | 5 | hppa | xpdf-reader | < 3.02-1.4+lenny3 | xpdf-reader_3.02-1.4+lenny3_hppa.deb |
Debian | 5 | ia64 | xpdf-utils | < 3.02-1.4+lenny3 | xpdf-utils_3.02-1.4+lenny3_ia64.deb |
Debian | 5 | armel | xpdf-utils | < 3.02-1.4+lenny3 | xpdf-utils_3.02-1.4+lenny3_armel.deb |
Debian | 5 | hppa | xpdf-utils | < 3.02-1.4+lenny3 | xpdf-utils_3.02-1.4+lenny3_hppa.deb |
Debian | 5 | ia64 | xpdf-reader | < 3.02-1.4+lenny3 | xpdf-reader_3.02-1.4+lenny3_ia64.deb |
Debian | 5 | s390 | xpdf-reader | < 3.02-1.4+lenny3 | xpdf-reader_3.02-1.4+lenny3_s390.deb |