First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 187139
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 187139 depends on: Show dependency tree
Bug 187139 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-07-30 15:10 0000 
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause a stack based buffer overflow
via a PDF file that exploits an integer overflow in
StreamPredictor::StreamPredictor(). We'd like to thank
Derek Noonburg for bringing this issue to our attention.


Remotely supplied pdf files can be used to disrupt the kpdf
viewer on the client machine and possibly execute arbitrary code.


The upstream advisory will be out in a couple of hours. I'm taking care of the
patches. Is there a restricted bug for xpdf, poppler, etc. yet?

------- Comment #1 From Pierre-Yves Rofes 2007-07-30 15:30:15 0000 ------- 
for xpdf, it's bug 185225

------- Comment #2 From Carsten Lohrke 2007-07-30 16:08:03 0000 ------- 
So why weren't bugs created for the maintainers of the usual suspects of
packages to be affected as well? From looking at the GLSA list aside KDE there
are gpdf, libextractor, pdftohtml and possibly others to have a look at.

------- Comment #3 From Carsten Lohrke 2007-07-30 18:04:50 0000 ------- 
kword-1.6.3-r1 and koffice-1.6.3-r1 can go stable, kpdf-3.5.7-r1 and
kdegraphics-3.5.7-r1 will be taken care of with the stabilization of KDE 3.5.7.

------- Comment #4 From Carsten Lohrke 2007-08-01 13:01:54 0000 ------- 
Security team, please change visibility, it's public.

------- Comment #5 From Carsten Lohrke 2007-08-01 13:05:07 0000 ------- 
*** Bug 187310 has been marked as a duplicate of this bug. ***

------- Comment #6 From Pierre-Yves Rofes 2007-08-01 13:14:38 0000 ------- 
thanks for the info carlo.
Arches, please test and mark stable:
kword-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
koffice-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86"

------- Comment #7 From Ferris McCormick 2007-08-01 15:00:17 0000 ------- 
Sparc done for both.  koffice-1.6.3-r1 builds and installs as expected;
utilities seem to work.  kword-1.6.3-r1 (same source) builds as expected and
passes with FEATURES=test.

------- Comment #8 From Jeroen Roovers 2007-08-01 18:16:25 0000 ------- 
Marked stable for HPPA:
  app-office/koffice-1.6.3-r1
  app-office/kword-1.6.3-r1

------- Comment #9 From Markus Rothe 2007-08-01 19:39:41 0000 ------- 
ppc64 stable

------- Comment #10 From Raúl Porcel 2007-08-01 19:46:54 0000 ------- 
alpha/ia64/x86 stable

------- Comment #11 From Tobias Scherbaum 2007-08-03 05:45:39 0000 ------- 
ppc stable

------- Comment #12 From Robert Buchholz 2007-08-04 13:34:59 0000 ------- 
"poppler includes a copy of the xpdf code and required an update as well."

------- Comment #13 From Carsten Lohrke 2007-08-04 14:47:32 0000 ------- 
(In reply to comment #12)
> "poppler includes a copy of the xpdf code and required an update as well."
> 

Pointed that out in comment 2 already (well, didn't mention poppler being
affected as it is what you'd expect).


Can the security team please unrestrict bug 185225 as well!? The xpdf vuln.
really isn't news anymore. Also, are there (restricted) bugs for the other
packages, yet?

------- Comment #14 From Steve Dibb 2007-08-12 14:42:45 0000 ------- 
amd64 stable

------- Comment #15 From Christian Faulhammer 2007-09-08 22:08:44 0000 ------- 
Changing status to [glsa], security please do your magic.

------- Comment #16 From Pierre-Yves Rofes 2007-10-09 22:27:55 0000 ------- 
GLSA 200710-08, sorry for the delay
First Last Prev Next    No search results available      Search page      Enter new bug