[SECURITY] [DSA 2357-1] evince security update

2011-12-04T10:54:47
ID DEBIAN:DSA-2357-1:710D7
Type debian
Reporter Debian
Modified 2011-12-04T10:54:47

Description


Debian Security Advisory DSA-2357-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 03, 2011 http://www.debian.org/security/faq


Package : evince Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-264320 Debian Bug : 609534

Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer:

CVE-2010-2640

Insuficient array bounds checks in the PK fonts parser could lead
to function pointer overwrite, causing arbitrary code execution.

CVE-2010-2641

Insuficient array bounds checks in the PK fonts parser could lead
to function pointer overwrite, causing arbitrary code execution.

CVE-2010-2642

Insuficient bounds checks in the AFM fonts parser when writing
data to a memory buffer allocated on heap could lead to arbitrary
memory overwrite and arbitrary code execution.

CVE-2010-2643

Insuficient check on an integer used as a size for memory
allocation can lead to arbitrary write outside the allocated range
and cause arbitrary code execution.

For the oldstable distribution (lenny), this problem has been fixed in version 2.22.2-4~lenny2.

For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641 and CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for CVE-2010-2642 was incomplete. The final fix is present in version 2.30.3-2+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 3.0.2.

For the unstable distribution (sid), this problem has been fixed in version 3.0.2.

We recommend that you upgrade your evince packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org