{"id": "OPENVAS:56022", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200512-08 (xpdf, gpdf, poppler,cups)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200512-08.", "published": "2008-09-24T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56022", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "lastseen": "2017-07-24T12:50:11", "viewCount": 0, "enchantments": {"score": {"value": 8.8, "vector": "NONE", "modified": "2017-07-24T12:50:11", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3192"]}, {"type": "nessus", "idList": ["FEDORA_2005-1142.NASL", "FEDORA_2005-1127.NASL", "FEDORA_2005-1126.NASL", "GENTOO_GLSA-200512-08.NASL", "REDHAT-RHSA-2005-867.NASL", "CENTOS_RHSA-2005-867.NASL", "FEDORA_2005-1141.NASL", "UBUNTU_USN-227-1.NASL", "CENTOS_RHSA-2005-878.NASL", "REDHAT-RHSA-2005-878.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200512-08", "GLSA-200601-02", "GLSA-200603-02"]}, {"type": "ubuntu", "idList": ["USN-227-1"]}, {"type": "redhat", "idList": ["RHSA-2005:840", "RHSA-2005:867", "RHSA-2006:0160", "RHSA-2005:878", "RHSA-2005:868"]}, {"type": "centos", "idList": ["CESA-2005:840-02", "CESA-2005:878", "CESA-2006:0160-01", "CESA-2005:868", "CESA-2005:867", "CESA-2006:0160", "CESA-2005:840-01", "CESA-2005:840"]}, {"type": "openvas", "idList": ["OPENVAS:56111", "OPENVAS:65302", "OPENVAS:56077", "OPENVAS:56146", "OPENVAS:136141256231056293", "OPENVAS:56221", "OPENVAS:136141256231056295", "OPENVAS:56211", "OPENVAS:56220", "OPENVAS:136141256231065302"]}, {"type": "osvdb", "idList": ["OSVDB:21463", "OSVDB:22236", "OSVDB:21462"]}, {"type": "debian", "idList": ["DEBIAN:DSA-931-1:51450", "DEBIAN:DSA-936-1:CC668", "DEBIAN:DSA-961-1:46885", "DEBIAN:DSA-932-1:4933B", "DEBIAN:DSA-950-1:9CD01", "DEBIAN:DSA-962-1:55BC9"]}, {"type": "suse", "idList": ["SUSE-SA:2006:001"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10554", "SECURITYVULNS:DOC:10557", "SECURITYVULNS:DOC:10913", "SECURITYVULNS:DOC:10556", "SECURITYVULNS:DOC:10555", "SECURITYVULNS:DOC:11258"]}, {"type": "slackware", "idList": ["SSA-2006-045-09", "SSA-2006-142-01", "SSA-2006-045-04"]}], "modified": "2017-07-24T12:50:11", "rev": 2}, "vulnersScore": 8.8}, "pluginID": "56022", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and\nPoppler potentially resulting in the execution of arbitrary code.\";\ntag_solution = \"All Xpdf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/xpdf-3.01-r2'\n\nAll GPdf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/gpdf-2.10.0-r2'\n\nAll Poppler users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose app-text/poppler\n\nAll CUPS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.1.23-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200512-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=114428\nhttp://bugs.gentoo.org/show_bug.cgi?id=115286\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200512-08.\";\n\n \n\nif(description)\n{\n script_id(56022);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200512-08 (xpdf, gpdf, poppler,cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-text/xpdf\", unaffected: make_list(\"ge 3.01-r2\"), vulnerable: make_list(\"lt 3.01-r2\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-text/gpdf\", unaffected: make_list(\"ge 2.10.0-r2\"), vulnerable: make_list(\"lt 2.10.0-r2\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-text/poppler\", unaffected: make_list(\"ge 0.4.2-r1\", \"rge 0.3.0-r1\"), vulnerable: make_list(\"lt 0.4.2-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-print/cups\", unaffected: make_list(\"ge 1.1.23-r3\"), vulnerable: make_list(\"lt 1.1.23-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:34:56", "description": "Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.", "edition": 3, "cvss3": {}, "published": "2005-12-08T01:03:00", "title": "CVE-2005-3192", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-3192"], "modified": "2018-10-19T15:35:00", "cpe": ["cpe:/a:xpdf:xpdf:3.0.1"], "id": "CVE-2005-3192", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3192", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:34:56", "description": "Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.", "edition": 3, "cvss3": {}, "published": "2005-12-07T01:03:00", "title": "CVE-2005-3191", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-3191"], "modified": "2018-10-19T15:34:00", "cpe": ["cpe:/a:xpdf:xpdf:2.0", "cpe:/a:xpdf:xpdf:1.0", "cpe:/a:xpdf:xpdf:1.0a", "cpe:/a:xpdf:xpdf:3.0_pl2", "cpe:/a:xpdf:xpdf:3.0", "cpe:/a:xpdf:xpdf:1.1", "cpe:/a:xpdf:xpdf:3.0.1", "cpe:/a:xpdf:xpdf:0.92", "cpe:/a:xpdf:xpdf:2.2", "cpe:/a:xpdf:xpdf:2.1", "cpe:/a:xpdf:xpdf:2.3", "cpe:/a:xpdf:xpdf:0.91", "cpe:/a:xpdf:xpdf:0.90", "cpe:/a:xpdf:xpdf:3.0_pl3", "cpe:/a:xpdf:xpdf:0.93"], "id": "CVE-2005-3191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3191", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:34:56", "description": "Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.", "edition": 3, "cvss3": {}, "published": "2005-12-07T00:03:00", "title": "CVE-2005-3193", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-3193"], "modified": "2018-10-19T15:35:00", "cpe": ["cpe:/a:xpdf:xpdf:2.0", "cpe:/a:xpdf:xpdf:1.0", "cpe:/a:xpdf:xpdf:1.0a", "cpe:/a:xpdf:xpdf:3.0_pl2", "cpe:/a:xpdf:xpdf:3.0", "cpe:/a:xpdf:xpdf:1.1", "cpe:/a:xpdf:xpdf:3.0.1", "cpe:/a:xpdf:xpdf:0.92", "cpe:/a:xpdf:xpdf:2.2", "cpe:/a:xpdf:xpdf:2.1", "cpe:/a:xpdf:xpdf:2.3", "cpe:/a:xpdf:xpdf:0.91", "cpe:/a:xpdf:xpdf:0.90", "cpe:/a:xpdf:xpdf:3.0_pl3", "cpe:/a:xpdf:xpdf:0.93"], "id": "CVE-2005-3193", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3193", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T19:41:40", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "description": "infamous41md discovered several integer overflows in the XPDF code, \nwhich is present in xpdf, the Poppler library, tetex-bin, KOffice, and \nkpdf. By tricking an user into opening a specially crafted PDF file, \nan attacker could exploit this to execute arbitrary code with the \nprivileges of the application that processes the document.\n\nThe CUPS printing system also uses XPDF code to convert PDF files to \nPostScript. By attempting to print such a crafted PDF file, a remote \nattacker could execute arbitrary code with the privileges of the \nprinter server (user 'cupsys').", "edition": 5, "modified": "2005-12-12T00:00:00", "published": "2005-12-12T00:00:00", "id": "USN-227-1", "href": "https://ubuntu.com/security/notices/USN-227-1", "title": "xpdf vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "edition": 1, "description": "### Background\n\nXpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System (CUPS) is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. \n\n### Description\n\ninfamous41md discovered that several Xpdf functions lack sufficient boundary checking, resulting in multiple exploitable buffer overflows. \n\n### Impact\n\nAn attacker could entice a user to open a specially-crafted PDF file which would trigger an overflow, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or Poppler. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Xpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/xpdf-3.01-r2\"\n\nAll GPdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gpdf-2.10.0-r2\"\n\nAll Poppler users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose app-text/poppler\n\nAll CUPS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.1.23-r3\"", "modified": "2005-12-17T00:00:00", "published": "2005-12-16T00:00:00", "id": "GLSA-200512-08", "href": "https://security.gentoo.org/glsa/200512-08", "type": "gentoo", "title": "Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "### Background\n\nKPdf is a KDE-based PDF viewer included in the kdegraphics package. KWord is a KDE-based word processor also included in the koffice package. \n\n### Description\n\nKPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans (CESA-2005-003). \n\n### Impact\n\nAn attacker could entice a user to open a specially crafted PDF file with Kpdf or KWord, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll kdegraphics users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdegraphics-3.4.3-r3\"\n\nAll Kpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kpdf-3.4.3-r3\"\n\nAll KOffice users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/koffice-1.4.2-r6\"\n\nAll KWord users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/kword-1.4.2-r6\"", "edition": 1, "modified": "2006-01-07T00:00:00", "published": "2006-01-04T00:00:00", "id": "GLSA-200601-02", "href": "https://security.gentoo.org/glsa/200601-02", "type": "gentoo", "title": "KPdf, KWord: Multiple overflows in included Xpdf code", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:56", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3193"], "description": "### Background\n\nteTex is a complete TeX distribution. It is used for creating and manipulating LaTeX documents. CSTeX is a TeX distribution with Czech and Slovak support. pTeX is and ASCII publishing TeX distribution. \n\n### Description\n\nCSTeX, teTex, and pTeX include XPdf code to handle PDF files. This XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans (CESA-2005-003). \n\n### Impact\n\nAn attacker could entice a user to open a specially crafted PDF file with teTeX, pTeX or CSTeX, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll teTex users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/tetex-2.0.2-r8\"\n\nAll CSTeX users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/cstetex-2.0.2-r2\"\n\nAll pTeX users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/ptex-3.1.5-r1\"", "edition": 1, "modified": "2006-03-04T00:00:00", "published": "2006-03-04T00:00:00", "id": "GLSA-200603-02", "href": "https://security.gentoo.org/glsa/200603-02", "type": "gentoo", "title": "teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T06:41:26", "description": "infamous41md discovered several integer overflows in the XPDF code,\nwhich is present in xpdf, the Poppler library, tetex-bin, KOffice, and\nkpdf. By tricking an user into opening a specially crafted PDF file,\nan attacker could exploit this to execute arbitrary code with the\nprivileges of the application that processes the document.\n\nThe CUPS printing system also uses XPDF code to convert PDF files to\nPostScript. By attempting to print such a crafted PDF file, a remote\nattacker could execute arbitrary code with the privileges of the\nprinter server (user 'cupsys').\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2006-01-21T00:00:00", "title": "Ubuntu 4.10 / 5.04 / 5.10 : xpdf/cupsys/tetex-bin/kdegraphics/koffice vulnerabilities (USN-227-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:xpdf", "p-cpe:/a:canonical:ubuntu_linux:kgamma", "p-cpe:/a:canonical:ubuntu_linux:kformula", "p-cpe:/a:canonical:ubuntu_linux:ksnapshot", "p-cpe:/a:canonical:ubuntu_linux:libpoppler0c2", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10", "p-cpe:/a:canonical:ubuntu_linux:libkscan-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler0c2-qt", "p-cpe:/a:canonical:ubuntu_linux:poppler-utils", "p-cpe:/a:canonical:ubuntu_linux:krita", "p-cpe:/a:canonical:ubuntu_linux:libpoppler0c2-glib", "p-cpe:/a:canonical:ubuntu_linux:kpresenter", "p-cpe:/a:canonical:ubuntu_linux:koffice-libs", "p-cpe:/a:canonical:ubuntu_linux:cupsys-client", "p-cpe:/a:canonical:ubuntu_linux:xpdf-common", "p-cpe:/a:canonical:ubuntu_linux:koffice", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev", "p-cpe:/a:canonical:ubuntu_linux:kghostview", "p-cpe:/a:canonical:ubuntu_linux:kdvi", "p-cpe:/a:canonical:ubuntu_linux:kpovmodeler", "p-cpe:/a:canonical:ubuntu_linux:libkpathsea-dev", "p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd", "p-cpe:/a:canonical:ubuntu_linux:kview", "p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev", "p-cpe:/a:canonical:ubuntu_linux:kugar", "p-cpe:/a:canonical:ubuntu_linux:kdegraphics", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:koffice-doc-html", "p-cpe:/a:canonical:ubuntu_linux:kamera", "p-cpe:/a:canonical:ubuntu_linux:libkscan1", "p-cpe:/a:canonical:ubuntu_linux:kcoloredit", "p-cpe:/a:canonical:ubuntu_linux:kmrml", "p-cpe:/a:canonical:ubuntu_linux:kdegraphics-kfile-plugins", "p-cpe:/a:canonical:ubuntu_linux:tetex-bin", "p-cpe:/a:canonical:ubuntu_linux:ksvg", "p-cpe:/a:canonical:ubuntu_linux:libkpathsea3", "p-cpe:/a:canonical:ubuntu_linux:kruler", "p-cpe:/a:canonical:ubuntu_linux:kolourpaint", "p-cpe:/a:canonical:ubuntu_linux:kpdf", "p-cpe:/a:canonical:ubuntu_linux:kspread", "p-cpe:/a:canonical:ubuntu_linux:xpdf-reader", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:kivio", "p-cpe:/a:canonical:ubuntu_linux:cupsys", "p-cpe:/a:canonical:ubuntu_linux:xpdf-utils", "p-cpe:/a:canonical:ubuntu_linux:kdegraphics-doc-html", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:kooka", "p-cpe:/a:canonical:ubuntu_linux:koshell", "p-cpe:/a:canonical:ubuntu_linux:kviewshell", "p-cpe:/a:canonical:ubuntu_linux:kthesaurus", "p-cpe:/a:canonical:ubuntu_linux:kiconedit", "p-cpe:/a:canonical:ubuntu_linux:kdegraphics-dev", "p-cpe:/a:canonical:ubuntu_linux:koffice-data", "p-cpe:/a:canonical:ubuntu_linux:kchart", "p-cpe:/a:canonical:ubuntu_linux:kfax", "p-cpe:/a:canonical:ubuntu_linux:libcupsimage2", "p-cpe:/a:canonical:ubuntu_linux:koffice-dev", "p-cpe:/a:canonical:ubuntu_linux:kuickshow", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev", "p-cpe:/a:canonical:ubuntu_linux:karbon", "p-cpe:/a:canonical:ubuntu_linux:kivio-data", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-dev", "p-cpe:/a:canonical:ubuntu_linux:kword", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt-dev"], "id": "UBUNTU_USN-227-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20770", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-227-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20770);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\");\n script_bugtraq_id(15721, 15725, 15726, 15727);\n script_xref(name:\"USN\", value:\"227-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : xpdf/cupsys/tetex-bin/kdegraphics/koffice vulnerabilities (USN-227-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"infamous41md discovered several integer overflows in the XPDF code,\nwhich is present in xpdf, the Poppler library, tetex-bin, KOffice, and\nkpdf. By tricking an user into opening a specially crafted PDF file,\nan attacker could exploit this to execute arbitrary code with the\nprivileges of the application that processes the document.\n\nThe CUPS printing system also uses XPDF code to convert PDF files to\nPostScript. By attempting to print such a crafted PDF file, a remote\nattacker could execute arbitrary code with the privileges of the\nprinter server (user 'cupsys').\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kamera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:karbon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kchart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kcoloredit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdegraphics-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdegraphics-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdegraphics-kfile-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kfax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kformula\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kgamma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kghostview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kiconedit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kivio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kivio-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kmrml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:koffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:koffice-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:koffice-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:koffice-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:koffice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kolourpaint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kooka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:koshell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kpovmodeler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kpresenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krita\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kruler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ksnapshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kspread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ksvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kthesaurus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kugar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kuickshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kviewshell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kword\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkpathsea-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkpathsea3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkscan-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkscan1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler0c2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler0c2-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler0c2-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tetex-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xpdf-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xpdf-reader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xpdf-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"cupsys\", pkgver:\"1.1.20final+cvs20040330-4ubuntu16.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"cupsys-bsd\", pkgver:\"1.1.20final+cvs20040330-4ubuntu16.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"cupsys-client\", pkgver:\"1.1.20final+cvs20040330-4ubuntu16.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libcupsimage2\", pkgver:\"1.1.20final+cvs20040330-4ubuntu16.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.1.20final+cvs20040330-4ubuntu16.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libcupsys2-dev\", pkgver:\"1.1.20final+cvs20040330-4ubuntu16.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libcupsys2-gnutls10\", pkgver:\"1.1.20final+cvs20040330-4ubuntu16.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkpathsea-dev\", pkgver:\"2.0.2-21ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkpathsea3\", pkgver:\"2.0.2-21ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"tetex-bin\", pkgver:\"2.0.2-21ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"xpdf\", pkgver:\"3.00-8ubuntu1.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"xpdf-common\", pkgver:\"3.00-8ubuntu1.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"xpdf-reader\", pkgver:\"3.00-8ubuntu1.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"xpdf-utils\", pkgver:\"3.00-8ubuntu1.9\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kamera\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"karbon\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kchart\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kcoloredit\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdegraphics\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdegraphics-dev\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdegraphics-kfile-plugins\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdvi\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kfax\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kformula\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kgamma\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kghostview\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kiconedit\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kivio\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kivio-data\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kmrml\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"koffice\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"koffice-data\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"koffice-dev\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"koffice-doc-html\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"koffice-libs\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kolourpaint\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kooka\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"koshell\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kpdf\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kpovmodeler\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kpresenter\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kruler\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ksnapshot\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kspread\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ksvg\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kugar\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kuickshow\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kview\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kviewshell\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kword\", pkgver:\"1.3.5-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkpathsea-dev\", pkgver:\"2.0.2-25ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkpathsea3\", pkgver:\"2.0.2-25ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkscan-dev\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkscan1\", pkgver:\"3.4.0-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"tetex-bin\", pkgver:\"2.0.2-25ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"xpdf\", pkgver:\"3.00-11ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"xpdf-common\", pkgver:\"3.00-11ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"xpdf-reader\", pkgver:\"3.00-11ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"xpdf-utils\", pkgver:\"3.00-11ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kamera\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"karbon\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kchart\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kcoloredit\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdegraphics\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdegraphics-dev\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdegraphics-doc-html\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdegraphics-kfile-plugins\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdvi\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kfax\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kformula\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kgamma\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kghostview\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kiconedit\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kivio\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kivio-data\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kmrml\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"koffice\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"koffice-data\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"koffice-dev\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"koffice-doc-html\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"koffice-libs\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kolourpaint\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kooka\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"koshell\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kpdf\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kpovmodeler\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kpresenter\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krita\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kruler\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"ksnapshot\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kspread\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"ksvg\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kthesaurus\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kugar\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kuickshow\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kview\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kviewshell\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kword\", pkgver:\"1.4.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkpathsea-dev\", pkgver:\"2.0.2-30ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkpathsea3\", pkgver:\"2.0.2-30ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkscan-dev\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkscan1\", pkgver:\"3.4.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpoppler-dev\", pkgver:\"0.4.2-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpoppler-glib-dev\", pkgver:\"0.4.2-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpoppler-qt-dev\", pkgver:\"0.4.2-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpoppler0c2\", pkgver:\"0.4.2-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpoppler0c2-glib\", pkgver:\"0.4.2-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpoppler0c2-qt\", pkgver:\"0.4.2-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"poppler-utils\", pkgver:\"0.4.2-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"tetex-bin\", pkgver:\"2.0.2-30ubuntu3.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cupsys / cupsys-bsd / cupsys-client / kamera / karbon / kchart / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:00", "description": "The remote host is affected by the vulnerability described in GLSA-200512-08\n(Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities)\n\n infamous41md discovered that several Xpdf functions lack sufficient\n boundary checking, resulting in multiple exploitable buffer overflows.\n \nImpact :\n\n An attacker could entice a user to open a specially crafted PDF file\n which would trigger an overflow, potentially resulting in execution of\n arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or\n Poppler.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2005-12-20T00:00:00", "title": "GLSA-200512-08 : Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "modified": "2005-12-20T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:cups", "p-cpe:/a:gentoo:linux:poppler", "p-cpe:/a:gentoo:linux:gpdf", "p-cpe:/a:gentoo:linux:xpdf"], "id": "GENTOO_GLSA-200512-08.NASL", "href": "https://www.tenable.com/plugins/nessus/20328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200512-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20328);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\");\n script_bugtraq_id(15721, 15725, 15726, 15727);\n script_xref(name:\"GLSA\", value:\"200512-08\");\n\n script_name(english:\"GLSA-200512-08 : Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200512-08\n(Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities)\n\n infamous41md discovered that several Xpdf functions lack sufficient\n boundary checking, resulting in multiple exploitable buffer overflows.\n \nImpact :\n\n An attacker could entice a user to open a specially crafted PDF file\n which would trigger an overflow, potentially resulting in execution of\n arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or\n Poppler.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200512-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Xpdf users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/xpdf-3.01-r2'\n All GPdf users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/gpdf-2.10.0-r2'\n All Poppler users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose app-text/poppler\n All CUPS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.1.23-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-text/gpdf\", unaffected:make_list(\"ge 2.10.0-r2\"), vulnerable:make_list(\"lt 2.10.0-r2\"))) flag++;\nif (qpkg_check(package:\"net-print/cups\", unaffected:make_list(\"ge 1.1.23-r3\"), vulnerable:make_list(\"lt 1.1.23-r3\"))) flag++;\nif (qpkg_check(package:\"app-text/poppler\", unaffected:make_list(\"ge 0.4.2-r1\", \"rge 0.3.0-r1\"), vulnerable:make_list(\"lt 0.4.2-r1\"))) flag++;\nif (qpkg_check(package:\"app-text/xpdf\", unaffected:make_list(\"ge 3.01-r2\"), vulnerable:make_list(\"lt 3.01-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xpdf / GPdf / CUPS / Poppler\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:48", "description": "Several flaws were discovered in Xpdf. An attacker could construct a\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\nexecute arbitrary code when opened. The teTeX package contains a copy\nof the Xpdf code used for parsing PDF files and is therefore affected\nby this bug.The Common Vulnerabilities and Exposures project assigned\nthe name CVE-2005-3193 to these issues.\n\nUsers of teTeX should upgrade to this updated package, which contains\na patch to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-12-08T00:00:00", "title": "Fedora Core 3 : tetex-2.0.2-21.5 (2005-1127)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "modified": "2005-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tetex-doc", "p-cpe:/a:fedoraproject:fedora:tetex-dvips", "p-cpe:/a:fedoraproject:fedora:tetex-fonts", "cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:tetex-debuginfo", "p-cpe:/a:fedoraproject:fedora:tetex-afm", "p-cpe:/a:fedoraproject:fedora:tetex-xdvi", "p-cpe:/a:fedoraproject:fedora:tetex", "p-cpe:/a:fedoraproject:fedora:tetex-latex"], "id": "FEDORA_2005-1127.NASL", "href": "https://www.tenable.com/plugins/nessus/20279", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1127.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20279);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\");\n script_xref(name:\"FEDORA\", value:\"2005-1127\");\n\n script_name(english:\"Fedora Core 3 : tetex-2.0.2-21.5 (2005-1127)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were discovered in Xpdf. An attacker could construct a\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\nexecute arbitrary code when opened. The teTeX package contains a copy\nof the Xpdf code used for parsing PDF files and is therefore affected\nby this bug.The Common Vulnerabilities and Exposures project assigned\nthe name CVE-2005-3193 to these issues.\n\nUsers of teTeX should upgrade to this updated package, which contains\na patch to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-December/001632.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?555ad56d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-afm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-dvips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-xdvi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"tetex-2.0.2-21.5\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"tetex-afm-2.0.2-21.5\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"tetex-debuginfo-2.0.2-21.5\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"tetex-doc-2.0.2-21.5\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"tetex-dvips-2.0.2-21.5\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"tetex-fonts-2.0.2-21.5\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"tetex-latex-2.0.2-21.5\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"tetex-xdvi-2.0.2-21.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tetex / tetex-afm / tetex-debuginfo / tetex-doc / tetex-dvips / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:48", "description": "This update fixes a security problem in the pdftops filter\n(CVE-2005-3191, CVE-2005-3192, CVE-2005-3193).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-12-15T00:00:00", "title": "Fedora Core 3 : cups-1.1.22-0.rc1.8.8 (2005-1141)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "modified": "2005-12-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cups-debuginfo", "cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:cups", "p-cpe:/a:fedoraproject:fedora:cups-libs", "p-cpe:/a:fedoraproject:fedora:cups-devel"], "id": "FEDORA_2005-1141.NASL", "href": "https://www.tenable.com/plugins/nessus/20307", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1141.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20307);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\");\n script_xref(name:\"FEDORA\", value:\"2005-1141\");\n\n script_name(english:\"Fedora Core 3 : cups-1.1.22-0.rc1.8.8 (2005-1141)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a security problem in the pdftops filter\n(CVE-2005-3191, CVE-2005-3192, CVE-2005-3193).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-December/001652.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?495965e7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"cups-1.1.22-0.rc1.8.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"cups-debuginfo-1.1.22-0.rc1.8.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"cups-devel-1.1.22-0.rc1.8.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"cups-libs-1.1.22-0.rc1.8.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-debuginfo / cups-devel / cups-libs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:48", "description": "This update fixes a security problem in the pdftops filter\n(CVE-2005-3191, CVE-2005-3192, CVE-2005-3193).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-12-15T00:00:00", "title": "Fedora Core 4 : cups-1.1.23-15.2 (2005-1142)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "modified": "2005-12-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cups-debuginfo", "p-cpe:/a:fedoraproject:fedora:cups-lpd", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:cups", "p-cpe:/a:fedoraproject:fedora:cups-libs", "p-cpe:/a:fedoraproject:fedora:cups-devel"], "id": "FEDORA_2005-1142.NASL", "href": "https://www.tenable.com/plugins/nessus/20308", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1142.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20308);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\");\n script_xref(name:\"FEDORA\", value:\"2005-1142\");\n\n script_name(english:\"Fedora Core 4 : cups-1.1.23-15.2 (2005-1142)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a security problem in the pdftops filter\n(CVE-2005-3191, CVE-2005-3192, CVE-2005-3193).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-December/001653.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5e19ac6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"cups-1.1.23-15.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"cups-debuginfo-1.1.23-15.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"cups-devel-1.1.23-15.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"cups-libs-1.1.23-15.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"cups-lpd-1.1.23-15.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:48", "description": "Several flaws were discovered in Xpdf. An attacker could construct a\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\nexecute arbitrary code when opened. The teTeX package contains a copy\nof the Xpdf code used for parsing PDF files and is therefore affected\nby this bug.The Common Vulnerabilities and Exposures project assigned\nthe name CVE-2005-3193 to these issues.\n\nUsers of teTeX should upgrade to this updated package, which contains\na patch to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-12-08T00:00:00", "title": "Fedora Core 4 : tetex-3.0-7.FC4 (2005-1126)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "modified": "2005-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tetex-doc", "p-cpe:/a:fedoraproject:fedora:tetex-dvips", "p-cpe:/a:fedoraproject:fedora:tetex-fonts", "p-cpe:/a:fedoraproject:fedora:tetex-debuginfo", "p-cpe:/a:fedoraproject:fedora:tetex-afm", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:tetex-xdvi", "p-cpe:/a:fedoraproject:fedora:tetex", "p-cpe:/a:fedoraproject:fedora:tetex-latex"], "id": "FEDORA_2005-1126.NASL", "href": "https://www.tenable.com/plugins/nessus/20278", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1126.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20278);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\");\n script_xref(name:\"FEDORA\", value:\"2005-1126\");\n\n script_name(english:\"Fedora Core 4 : tetex-3.0-7.FC4 (2005-1126)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were discovered in Xpdf. An attacker could construct a\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\nexecute arbitrary code when opened. The teTeX package contains a copy\nof the Xpdf code used for parsing PDF files and is therefore affected\nby this bug.The Common Vulnerabilities and Exposures project assigned\nthe name CVE-2005-3193 to these issues.\n\nUsers of teTeX should upgrade to this updated package, which contains\na patch to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-December/001631.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5d295f8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-afm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-dvips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tetex-xdvi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"tetex-3.0-7.FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"tetex-afm-3.0-7.FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"tetex-debuginfo-3.0-7.FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"tetex-doc-3.0-7.FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"tetex-dvips-3.0-7.FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"tetex-fonts-3.0-7.FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"tetex-latex-3.0-7.FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"tetex-xdvi-3.0-7.FC4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tetex / tetex-afm / tetex-debuginfo / tetex-doc / tetex-dvips / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:55:45", "description": "An updated gpdf package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe gpdf package is a GNOME based viewer for Portable Document Format\n(PDF) files.\n\nSeveral flaws were discovered in gpdf. An attacker could construct a\ncarefully crafted PDF file that could cause gpdf to crash or possibly\nexecute arbitrary code when opened. The Common Vulnerabilities and\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\nCVE-2005-3193 to these issues.\n\nUsers of gpdf should upgrade to this updated package, which contains a\nbackported patch to resolve these issues.", "edition": 26, "published": "2005-12-30T00:00:00", "title": "RHEL 4 : gpdf (RHSA-2005:867)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:gpdf"], "id": "REDHAT-RHSA-2005-867.NASL", "href": "https://www.tenable.com/plugins/nessus/20362", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:867. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20362);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3628\");\n script_bugtraq_id(15721, 15725, 15726, 15727);\n script_xref(name:\"RHSA\", value:\"2005:867\");\n\n script_name(english:\"RHEL 4 : gpdf (RHSA-2005:867)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gpdf package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe gpdf package is a GNOME based viewer for Portable Document Format\n(PDF) files.\n\nSeveral flaws were discovered in gpdf. An attacker could construct a\ncarefully crafted PDF file that could cause gpdf to crash or possibly\nexecute arbitrary code when opened. The Common Vulnerabilities and\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\nCVE-2005-3193 to these issues.\n\nUsers of gpdf should upgrade to this updated package, which contains a\nbackported patch to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:867\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:867\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"gpdf-2.8.2-7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpdf\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:24:54", "description": "An updated gpdf package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe gpdf package is a GNOME based viewer for Portable Document Format\n(PDF) files.\n\nSeveral flaws were discovered in gpdf. An attacker could construct a\ncarefully crafted PDF file that could cause gpdf to crash or possibly\nexecute arbitrary code when opened. The Common Vulnerabilities and\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\nCVE-2005-3193 to these issues.\n\nUsers of gpdf should upgrade to this updated package, which contains a\nbackported patch to resolve these issues.", "edition": 26, "published": "2006-07-05T00:00:00", "title": "CentOS 4 : gpdf (CESA-2005:867)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "modified": "2006-07-05T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:gpdf"], "id": "CENTOS_RHSA-2005-867.NASL", "href": "https://www.tenable.com/plugins/nessus/21971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:867 and \n# CentOS Errata and Security Advisory 2005:867 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21971);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3628\");\n script_bugtraq_id(15721, 15725, 15726, 15727);\n script_xref(name:\"RHSA\", value:\"2005:867\");\n\n script_name(english:\"CentOS 4 : gpdf (CESA-2005:867)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gpdf package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe gpdf package is a GNOME based viewer for Portable Document Format\n(PDF) files.\n\nSeveral flaws were discovered in gpdf. An attacker could construct a\ncarefully crafted PDF file that could cause gpdf to crash or possibly\nexecute arbitrary code when opened. The Common Vulnerabilities and\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\nCVE-2005-3193 to these issues.\n\nUsers of gpdf should upgrade to this updated package, which contains a\nbackported patch to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-December/012495.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9f79b29\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-December/012525.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0628fc71\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-December/012526.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3c17681\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"gpdf-2.8.2-7.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpdf\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:55:45", "description": "Updated CUPS packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nSeveral flaws were discovered in the way CUPS processes PDF files. An\nattacker could construct a carefully crafted PDF file that could cause\nCUPS to crash or possibly execute arbitrary code when opened. The\nCommon Vulnerabilities and Exposures project assigned the names\nCVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues.\n\nAll users of CUPS should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 26, "published": "2005-12-30T00:00:00", "title": "RHEL 3 / 4 : cups (RHSA-2005:878)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:cups-devel", "p-cpe:/a:redhat:enterprise_linux:cups", "p-cpe:/a:redhat:enterprise_linux:cups-libs"], "id": "REDHAT-RHSA-2005-878.NASL", "href": "https://www.tenable.com/plugins/nessus/20365", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:878. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20365);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3628\");\n script_bugtraq_id(15721, 15725, 15726, 15727);\n script_xref(name:\"RHSA\", value:\"2005:878\");\n\n script_name(english:\"RHEL 3 / 4 : cups (RHSA-2005:878)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated CUPS packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nSeveral flaws were discovered in the way CUPS processes PDF files. An\nattacker could construct a carefully crafted PDF file that could cause\nCUPS to crash or possibly execute arbitrary code when opened. The\nCommon Vulnerabilities and Exposures project assigned the names\nCVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues.\n\nAll users of CUPS should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:878\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cups, cups-devel and / or cups-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:878\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"cups-1.1.17-13.3.34\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"cups-devel-1.1.17-13.3.34\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"cups-libs-1.1.17-13.3.34\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"cups-1.1.22-0.rc1.9.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"cups-devel-1.1.22-0.rc1.9.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"cups-libs-1.1.22-0.rc1.9.9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:24:54", "description": "Updated CUPS packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nSeveral flaws were discovered in the way CUPS processes PDF files. An\nattacker could construct a carefully crafted PDF file that could cause\nCUPS to crash or possibly execute arbitrary code when opened. The\nCommon Vulnerabilities and Exposures project assigned the names\nCVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues.\n\nAll users of CUPS should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 26, "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : cups (CESA-2005:878)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "modified": "2006-07-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:cups-libs", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:cups", "p-cpe:/a:centos:centos:cups-devel", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-878.NASL", "href": "https://www.tenable.com/plugins/nessus/21876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:878 and \n# CentOS Errata and Security Advisory 2005:878 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21876);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3628\");\n script_bugtraq_id(15721, 15725, 15726, 15727);\n script_xref(name:\"RHSA\", value:\"2005:878\");\n\n script_name(english:\"CentOS 3 / 4 : cups (CESA-2005:878)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated CUPS packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nSeveral flaws were discovered in the way CUPS processes PDF files. An\nattacker could construct a carefully crafted PDF file that could cause\nCUPS to crash or possibly execute arbitrary code when opened. The\nCommon Vulnerabilities and Exposures project assigned the names\nCVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues.\n\nAll users of CUPS should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-December/012482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbfeb2fd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-December/012483.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c88bca3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-December/012488.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53cd0096\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-December/012492.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15d2d9ae\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-December/012531.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b603ac1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-December/012532.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ab95d61\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"cups-1.1.17-13.3.34\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"cups-devel-1.1.17-13.3.34\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"cups-libs-1.1.17-13.3.34\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"cups-1.1.22-0.rc1.9.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"cups-devel-1.1.22-0.rc1.9.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"cups-libs-1.1.22-0.rc1.9.9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:24:47", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "description": "**CentOS Errata and Security Advisory** CESA-2005:867\n\n\nThe gpdf package is a GNOME based viewer for Portable Document Format\r\n(PDF) files.\r\n\r\nSeveral flaws were discovered in gpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause gpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024533.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024540.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024553.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024563.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024564.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-867.html", "edition": 6, "modified": "2005-12-22T16:04:49", "published": "2005-12-21T02:51:50", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/024533.html", "id": "CESA-2005:867", "title": "gpdf security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-17T03:28:23", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "description": "**CentOS Errata and Security Advisory** CESA-2005:878\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nSeveral flaws were discovered in the way CUPS processes PDF files. An\r\nattacker could construct a carefully crafted PDF file that could cause CUPS\r\nto crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, and CVE-2005-3193 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024520.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024521.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024526.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024530.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024537.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024546.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024550.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024569.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024570.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-878.html", "edition": 8, "modified": "2005-12-22T16:16:48", "published": "2005-12-20T23:29:16", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/024520.html", "id": "CESA-2005:878", "title": "cups security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:40", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "**CentOS Errata and Security Advisory** CESA-2005:840-01\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024507.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 6, "modified": "2005-12-07T00:42:21", "published": "2005-12-07T00:42:21", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/024507.html", "id": "CESA-2005:840-01", "title": "xpdf security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:05", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "**CentOS Errata and Security Advisory** CESA-2005:840-02\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024545.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 6, "modified": "2005-12-22T00:12:57", "published": "2005-12-22T00:12:57", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/024545.html", "id": "CESA-2005:840-02", "title": "xpdf security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:07", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "**CentOS Errata and Security Advisory** CESA-2005:868\n\n\nThe kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a pdf file viewer.\r\n\r\nSeveral flaws were discovered in kpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause kpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024536.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024543.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024556.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024557.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024558.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-868.html", "edition": 6, "modified": "2005-12-22T15:53:55", "published": "2005-12-21T02:55:30", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/024536.html", "id": "CESA-2005:868", "title": "kdegraphics security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:48", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0160-01\n\n\nTeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024642.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvilj\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2006-01-30T00:51:00", "published": "2006-01-30T00:51:00", "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/024642.html", "id": "CESA-2006:0160-01", "title": "tetex security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:11", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0160\n\n\nTeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024623.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024624.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024629.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024630.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024632.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024633.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024636.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024638.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024640.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0160.html", "edition": 4, "modified": "2006-01-20T17:54:12", "published": "2006-01-19T21:19:14", "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/024623.html", "id": "CESA-2006:0160", "title": "tetex security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:33:20", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "**CentOS Errata and Security Advisory** CESA-2005:840\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024487.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024488.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024491.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024492.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024495.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024497.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024498.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024501.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024503.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024528.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024531.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024538.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024548.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024551.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024567.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/024568.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/036857.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/036858.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-840.html", "edition": 9, "modified": "2005-12-22T16:13:25", "published": "2005-12-06T16:19:16", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/024487.html", "id": "CESA-2005:840", "title": "xpdf security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-12-11T13:31:26", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3628"], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nSeveral flaws were discovered in the way CUPS processes PDF files. An\r\nattacker could construct a carefully crafted PDF file that could cause CUPS\r\nto crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, and CVE-2005-3193 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "modified": "2017-09-08T12:08:18", "published": "2005-12-20T05:00:00", "id": "RHSA-2005:878", "href": "https://access.redhat.com/errata/RHSA-2005:878", "type": "redhat", "title": "(RHSA-2005:878) cups security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:31:01", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3628"], "description": "The gpdf package is a GNOME based viewer for Portable Document Format\r\n(PDF) files.\r\n\r\nSeveral flaws were discovered in gpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause gpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.", "modified": "2017-09-08T12:18:27", "published": "2005-12-20T05:00:00", "id": "RHSA-2005:867", "href": "https://access.redhat.com/errata/RHSA-2005:867", "type": "redhat", "title": "(RHSA-2005:867) gpdf security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "description": "TeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "modified": "2019-03-22T23:42:40", "published": "2006-01-19T05:00:00", "id": "RHSA-2006:0160", "href": "https://access.redhat.com/errata/RHSA-2006:0160", "type": "redhat", "title": "(RHSA-2006:0160) tetex security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:57", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "description": "The xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.", "modified": "2018-03-14T19:26:40", "published": "2005-12-06T05:00:00", "id": "RHSA-2005:840", "href": "https://access.redhat.com/errata/RHSA-2005:840", "type": "redhat", "title": "(RHSA-2005:840) xpdf security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:34", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "description": "The kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a pdf file viewer.\r\n\r\nSeveral flaws were discovered in kpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause kpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve these issues.", "modified": "2017-09-08T12:10:48", "published": "2005-12-20T05:00:00", "id": "RHSA-2005:868", "href": "https://access.redhat.com/errata/RHSA-2005:868", "type": "redhat", "title": "(RHSA-2005:868) kdegraphics security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-26T08:56:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012225 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65302", "href": "http://plugins.openvas.org/nasl.php?oid=65302", "type": "openvas", "title": "SLES9: Security update for cups", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012225.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for cups\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012225 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65302);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for cups\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.31\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3192", "CVE-2005-3191"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012225 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065302", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065302", "type": "openvas", "title": "SLES9: Security update for cups", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012225.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for cups\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012225 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65302\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for cups\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.31\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200601-02.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:56077", "href": "http://plugins.openvas.org/nasl.php?oid=56077", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"KPdf and KWord both include vulnerable Xpdf code to handle PDF files,\nmaking them vulnerable to the execution of arbitrary code.\";\ntag_solution = \"All kdegraphics users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kdegraphics-3.4.3-r3'\n\nAll Kpdf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kpdf-3.4.3-r3'\n\nAll KOffice users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-office/koffice-1.4.2-r6'\n\nAll KWord users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-office/kword-1.4.2-r6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200601-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=114429\nhttp://bugs.gentoo.org/show_bug.cgi?id=115851\nhttp://www.gentoo.org/security/en/glsa/glsa-200512-08.xml\nhttp://www.kde.org/info/security/advisory-20051207-2.txt\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200601-02.\";\n\n \n\nif(description)\n{\n script_id(56077);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"kde-base/kdegraphics\", unaffected: make_list(\"ge 3.4.3-r3\"), vulnerable: make_list(\"lt 3.4.3-r3\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"kde-base/kpdf\", unaffected: make_list(\"ge 3.4.3-r3\"), vulnerable: make_list(\"lt 3.4.3-r3\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-office/koffice\", unaffected: make_list(\"ge 1.4.2-r6\"), vulnerable: make_list(\"lt 1.4.2-r6\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-office/kword\", unaffected: make_list(\"ge 1.4.2-r6\"), vulnerable: make_list(\"lt 1.4.2-r6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "The remote host is missing an update to pdfkit.framework\nannounced via advisory DSA 961-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdfkit.framework, the\nGNUstep framework for rendering PDF content, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdfkit.framework\npackages.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56220", "href": "http://plugins.openvas.org/nasl.php?oid=56220", "type": "openvas", "title": "Debian Security Advisory DSA 961-1 (pdfkit.framework)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_961_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 961-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.8-2sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdfkit.framework package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20961-1\";\ntag_summary = \"The remote host is missing an update to pdfkit.framework\nannounced via advisory DSA 961-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdfkit.framework, the\nGNUstep framework for rendering PDF content, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdfkit.framework\npackages.\";\n\n\nif(description)\n{\n script_id(56220);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 961-1 (pdfkit.framework)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pdfkit.framework\", ver:\"0.8-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "The remote host is missing an update to cupsys\nannounced via advisory DSA 950-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in CUPS, the Common UNIX\nPrinting System, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.1.14-5woody14.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56211", "href": "http://plugins.openvas.org/nasl.php?oid=56211", "type": "openvas", "title": "Debian Security Advisory DSA 950-1 (cupsys)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_950_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 950-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.1.23-10sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your CUPS packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20950-1\";\ntag_summary = \"The remote host is missing an update to cupsys\nannounced via advisory DSA 950-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in CUPS, the Common UNIX\nPrinting System, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.1.14-5woody14.\";\n\n\nif(description)\n{\n script_id(56211);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 950-1 (cupsys)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-pstoraster\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "The remote host is missing an update to pdftohtml\nannounced via advisory DSA 962-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdftohtml, a utility that\ntranslates PDF documents into HTML format, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56221", "href": "http://plugins.openvas.org/nasl.php?oid=56221", "type": "openvas", "title": "Debian Security Advisory DSA 962-1 (pdftohtml)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_962_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 962-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.36-11sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdftohtml package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20962-1\";\ntag_summary = \"The remote host is missing an update to pdftohtml\nannounced via advisory DSA 962-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdftohtml, a utility that\ntranslates PDF documents into HTML format, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.\";\n\n\nif(description)\n{\n script_id(56221);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 962-1 (pdftohtml)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pdftohtml\", ver:\"0.36-11sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 931-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.00-3.8.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56110", "href": "http://plugins.openvas.org/nasl.php?oid=56110", "type": "openvas", "title": "Debian Security Advisory DSA 931-1 (xpdf)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_931_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 931-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 3.00-13.4.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.01-4.\n\nWe recommend that you upgrade your xpdf package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20931-1\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory DSA 931-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.00-3.8.\";\n\n\nif(description)\n{\n script_id(56110);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 931-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"1.00-3.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf\", ver:\"1.00-3.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"1.00-3.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"1.00-3.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.00-13.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.00-13.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.00-13.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.00-13.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 932-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code. The same code is present in kpdf\nwhich is part of the kdegraphics package.\n\nThe old stable distribution (woody) does not contain kpdf packages.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56111", "href": "http://plugins.openvas.org/nasl.php?oid=56111", "type": "openvas", "title": "Debian Security Advisory DSA 932-1 (xpdf)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_932_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 932-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 3.3.2-2sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.5.0-3.\n\nWe recommend that you upgrade your kpdf package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20932-1\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory DSA 932-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code. The same code is present in kpdf\nwhich is part of the kdegraphics package.\n\nThe old stable distribution (woody) does not contain kpdf packages.\";\n\n\nif(description)\n{\n script_id(56111);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 932-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kdegraphics\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kamera\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kcoloredit\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dev\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-kfile-plugins\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdvi\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfax\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kgamma\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kghostview\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kiconedit\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kmrml\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kolourpaint\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kooka\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpdf\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpovmodeler\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kruler\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksnapshot\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksvg\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kuickshow\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kview\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kviewshell\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan-dev\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan1\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-18T11:13:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-045-09.", "modified": "2017-09-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:56293", "href": "http://plugins.openvas.org/nasl.php?oid=56293", "type": "openvas", "title": "Slackware Advisory SSA:2006-045-09 xpdf", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_045_09.nasl 7141 2017-09-15 09:58:49Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-045-09.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-045-09\";\n \nif(description)\n{\n script_id(56293);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-15 11:58:49 +0200 (Fri, 15 Sep 2017) $\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\", \"CVE-2006-0301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7141 $\");\n name = \"Slackware Advisory SSA:2006-045-09 xpdf \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i386-3\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3a\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-2097", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "The remote host is missing an update to libextractor\nannounced via advisory DSA 936-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in libextractor, a library to extract arbitrary meta-data\nfrom files, and which can lead to a denial of service by crashing the\napplication or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain libextractor\npackages.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56146", "href": "http://plugins.openvas.org/nasl.php?oid=56146", "type": "openvas", "title": "Debian Security Advisory DSA 936-1 (libextractor)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_936_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 936-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.4.2-2sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.5.8-1.\n\nWe recommend that you upgrade your libextractor packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20936-1\";\ntag_summary = \"The remote host is missing an update to libextractor\nannounced via advisory DSA 936-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in libextractor, a library to extract arbitrary meta-data\nfrom files, and which can lead to a denial of service by crashing the\napplication or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain libextractor\npackages.\";\n\n\nif(description)\n{\n script_id(56146);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-2097\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 936-1 (libextractor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"extract\", ver:\"0.4.2-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libextractor1\", ver:\"0.4.2-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libextractor1-dev\", ver:\"0.4.2-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "cvelist": ["CVE-2005-3192", "CVE-2005-3191"], "edition": 1, "description": "## Solution Description\nUpgrade to version 3.01pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.foolabs.com/xpdf/\nVendor URL: http://poppler.freedesktop.org/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342287\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292\nVendor Specific News/Changelog Entry: https://gnunet.org/svn/Extractor/ChangeLog\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342294\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-227-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-1.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\nSecurity Tracker: 1015309\nSecurity Tracker: 1015324\n[Secunia Advisory ID:17908](https://secuniaresearch.flexerasoftware.com/advisories/17908/)\n[Secunia Advisory ID:18061](https://secuniaresearch.flexerasoftware.com/advisories/18061/)\n[Secunia Advisory ID:18055](https://secuniaresearch.flexerasoftware.com/advisories/18055/)\n[Secunia Advisory ID:17976](https://secuniaresearch.flexerasoftware.com/advisories/17976/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:17912](https://secuniaresearch.flexerasoftware.com/advisories/17912/)\n[Secunia Advisory ID:17920](https://secuniaresearch.flexerasoftware.com/advisories/17920/)\n[Secunia Advisory ID:17916](https://secuniaresearch.flexerasoftware.com/advisories/17916/)\n[Secunia Advisory ID:17959](https://secuniaresearch.flexerasoftware.com/advisories/17959/)\n[Secunia Advisory ID:18336](https://secuniaresearch.flexerasoftware.com/advisories/18336/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18549](https://secuniaresearch.flexerasoftware.com/advisories/18549/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:17921](https://secuniaresearch.flexerasoftware.com/advisories/17921/)\n[Secunia Advisory ID:17956](https://secuniaresearch.flexerasoftware.com/advisories/17956/)\n[Secunia Advisory ID:18192](https://secuniaresearch.flexerasoftware.com/advisories/18192/)\n[Secunia Advisory ID:18189](https://secuniaresearch.flexerasoftware.com/advisories/18189/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:17897](https://secuniaresearch.flexerasoftware.com/advisories/17897/)\n[Secunia Advisory ID:17929](https://secuniaresearch.flexerasoftware.com/advisories/17929/)\n[Secunia Advisory ID:17940](https://secuniaresearch.flexerasoftware.com/advisories/17940/)\n[Secunia Advisory ID:18009](https://secuniaresearch.flexerasoftware.com/advisories/18009/)\n[Secunia Advisory ID:18191](https://secuniaresearch.flexerasoftware.com/advisories/18191/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18503](https://secuniaresearch.flexerasoftware.com/advisories/18503/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 21463](https://vulners.com/osvdb/OSVDB:21463)\nRedHat RHSA: RHSA-2005:840\nRedHat RHSA: RHSA-2005:867\nRedHat RHSA: RHSA-2005:868\nRedHat RHSA: RHSA-2006:0160\nRedHat RHSA: RHSA-2005:878\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-227-1/\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_01_sr.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.trustix.org/errata/2005/0072/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_02_sr.html\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200512-08.xml\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0221.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0224.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0075.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0225.html\n[CVE-2005-3191](https://vulners.com/cve/CVE-2005-3191)\n[CVE-2005-3192](https://vulners.com/cve/CVE-2005-3192)\n", "modified": "2005-12-05T06:19:13", "published": "2005-12-05T06:19:13", "href": "https://vulners.com/osvdb/OSVDB:21462", "id": "OSVDB:21462", "title": "Multiple Product Xpdf/kpdf StreamPredictor Function numComps Field Overflow DoS", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "cvelist": ["CVE-2005-3193"], "edition": 1, "description": "## Solution Description\nUpgrade to version 3.01pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.foolabs.com/xpdf/\nVendor URL: http://poppler.freedesktop.org/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342287\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292\nVendor Specific News/Changelog Entry: https://gnunet.org/svn/Extractor/ChangeLog\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342294\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-227-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-1.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\nSecurity Tracker: 1015309\nSecurity Tracker: 1015324\n[Secunia Advisory ID:17908](https://secuniaresearch.flexerasoftware.com/advisories/17908/)\n[Secunia Advisory ID:18061](https://secuniaresearch.flexerasoftware.com/advisories/18061/)\n[Secunia Advisory ID:18055](https://secuniaresearch.flexerasoftware.com/advisories/18055/)\n[Secunia Advisory ID:17976](https://secuniaresearch.flexerasoftware.com/advisories/17976/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:17926](https://secuniaresearch.flexerasoftware.com/advisories/17926/)\n[Secunia Advisory ID:17912](https://secuniaresearch.flexerasoftware.com/advisories/17912/)\n[Secunia Advisory ID:17920](https://secuniaresearch.flexerasoftware.com/advisories/17920/)\n[Secunia Advisory ID:17916](https://secuniaresearch.flexerasoftware.com/advisories/17916/)\n[Secunia Advisory ID:17959](https://secuniaresearch.flexerasoftware.com/advisories/17959/)\n[Secunia Advisory ID:18336](https://secuniaresearch.flexerasoftware.com/advisories/18336/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:17921](https://secuniaresearch.flexerasoftware.com/advisories/17921/)\n[Secunia Advisory ID:17956](https://secuniaresearch.flexerasoftware.com/advisories/17956/)\n[Secunia Advisory ID:17955](https://secuniaresearch.flexerasoftware.com/advisories/17955/)\n[Secunia Advisory ID:18192](https://secuniaresearch.flexerasoftware.com/advisories/18192/)\n[Secunia Advisory ID:18189](https://secuniaresearch.flexerasoftware.com/advisories/18189/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18520](https://secuniaresearch.flexerasoftware.com/advisories/18520/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:17897](https://secuniaresearch.flexerasoftware.com/advisories/17897/)\n[Secunia Advisory ID:17929](https://secuniaresearch.flexerasoftware.com/advisories/17929/)\n[Secunia Advisory ID:17940](https://secuniaresearch.flexerasoftware.com/advisories/17940/)\n[Secunia Advisory ID:18009](https://secuniaresearch.flexerasoftware.com/advisories/18009/)\n[Secunia Advisory ID:18191](https://secuniaresearch.flexerasoftware.com/advisories/18191/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:19125](https://secuniaresearch.flexerasoftware.com/advisories/19125/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 21462](https://vulners.com/osvdb/OSVDB:21462)\nRedHat RHSA: RHSA-2005:840\nRedHat RHSA: RHSA-2005:867\nRedHat RHSA: RHSA-2005:868\nRedHat RHSA: RHSA-2006:0160\nRedHat RHSA: RHSA-2005:878\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-227-1/\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.trustix.org/errata/2005/0072/\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200512-08.xml\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0220.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0075.html\n[CVE-2005-3193](https://vulners.com/cve/CVE-2005-3193)\n", "modified": "2005-12-05T06:19:13", "published": "2005-12-05T06:19:13", "href": "https://vulners.com/osvdb/OSVDB:21463", "id": "OSVDB:21463", "title": "Multiple Product Xpdf/kpdf JPXStream.cc JPXStream::readCodestream Function Overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2006:005\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : xpdf\r\n Date : January 5, 2006\r\n Affected: 2006.0, Corporate 2.1, Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Multiple heap-based buffer overflows in the\r\n DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions\r\n in the DCT stream parsing code &#40;Stream.cc&#41; in xpdf 3.01 and earlier,\r\n allow user-complicit attackers to cause a denial of service &#40;heap\r\n corruption&#41; and possibly execute arbitrary code via a crafted PDF file\r\n with an out-of-range number of components &#40;numComps&#41;, which is used as\r\n an array index. &#40;CVE-2005-3191&#41;\r\n \r\n Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01\r\n allows remote attackers to execute arbitrary code via a PDF file with\r\n an out-of-range numComps &#40;number of components&#41; field. &#40;CVE-2005-3192&#41;\r\n \r\n Heap-based buffer overflow in the JPXStream::readCodestream function\r\n in the JPX stream parsing code &#40;JPXStream.c&#41; for xpdf 3.01 and earlier\r\n allows user-complicit attackers to cause a denial of service &#40;heap\r\n corruption&#41; and possibly execute arbitrary code via a crafted PDF file\r\n with large size values that cause insufficient memory to be allocated.\r\n &#40;CVE-2005-3193&#41;\r\n \r\n An additional patch re-addresses memory allocation routines in\r\n goo/gmem.c &#40;Martin Pitt/Canonical, Dirk Mueller/KDE&#41;. \r\n \r\n In addition, Chris Evans discovered several other vulnerbilities in\r\n the xpdf code base:\r\n \r\n Out-of-bounds heap accesses with large or negative parameters to \r\n &quot;FlateDecode&quot; stream. &#40;CVE-2005-3192&#41;\r\n \r\n Out-of-bounds heap accesses with large or negative parameters to\r\n &quot;CCITTFaxDecode&quot; stream. &#40;CVE-2005-3624&#41;\r\n \r\n Infinite CPU spins in various places when stream ends unexpectedly.\r\n &#40;CVE-2005-3625&#41; \r\n \r\n NULL pointer crash in the &quot;FlateDecode&quot; stream. &#40;CVE-2005-3626&#41;\r\n \r\n Overflows of compInfo array in &quot;DCTDecode&quot; stream. &#40;CVE-2005-3627&#41;\r\n \r\n Possible to use index past end of array in &quot;DCTDecode&quot; stream.\r\n &#40;CVE-2005-3627&#41;\r\n \r\n Possible out-of-bounds indexing trouble in &quot;DCTDecode&quot; stream.\r\n &#40;CVE-2005-3627&#41;\r\n \r\n The updated packages have been patched to correct these problems.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n 9f0d2d83c61f4cab871138ac2866dd30 2006.0/RPMS/xpdf-3.01-1.1.20060mdk.i586.rpm\r\n 51daa161fb5581aba221d4be39c5acbc 2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n c0eb562149fe7025798ce38ef361d9c7 x86_64/2006.0/RPMS/xpdf-3.01-1.1.20060mdk.x86_64.rpm\r\n 51daa161fb5581aba221d4be39c5acbc x86_64/2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm\r\n\r\n Corporate Server 2.1:\r\n d35b8a8e201185bff3b6acfa9c3b9186 corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.i586.rpm\r\n 1f5f85d3bc3577b1141d3ea54015b63a corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm\r\n\r\n Corporate Server 2.1/X86_64:\r\n f1a715d6a7fe797d09cde9dff6db4800 x86_64/corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.x86_64.rpm\r\n 1f5f85d3bc3577b1141d3ea54015b63a x86_64/corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm\r\n\r\n Corporate 3.0:\r\n bfb96e34ea12293b22cd766b61da64fe corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.i586.rpm\r\n 1e4153bea0ed2092819aa88dbc67ade4 corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 0eb5eba5d264041cd67931add3d6e841 x86_64/corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.x86_64.rpm\r\n 1e4153bea0ed2092819aa88dbc67ade4 x86_64/corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFDvaFkmqjQ0CJFipgRAk6mAJoDurXI2mjmzo+9721J+hFNREosUQCgo8tO\r\nke9lBlrFo2PfLgCfaOGWijo=\r\n=fq3D\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2006-01-07T00:00:00", "published": "2006-01-07T00:00:00", "id": "SECURITYVULNS:DOC:10913", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10913", "title": "MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 961-1 security@debian.org\r\nhttp://www.debian.org/security/ Martin Schulze\r\nFebruary 1st, 2006 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : pdfkit.framework\r\nVulnerability : buffer overflows\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624\r\n CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628\r\n\r\n&quot;infamous41md&quot; and Chris Evans discovered several heap based buffer\r\noverflows in xpdf which are also present in pdfkit.framework, the\r\nGNUstep framework for rendering PDF content, and which can lead to a\r\ndenial of service by crashing the application or possibly to the\r\nexecution of arbitrary code.\r\n\r\nThe old stable distribution &#40;woody&#41; does not contain pdfkit.framework\r\npackages.\r\n\r\nFor the stable distribution &#40;sarge&#41; these problems have been fixed in\r\nversion 0.8-2sarge1.\r\n\r\nFor the unstable distribution &#40;sid&#41; these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your pdfkit.framework package.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 3.1 alias sarge\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.dsc\r\n Size/MD5 checksum: 725 67fb49e4f05a6eef25396d23ca0baacd\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.diff.gz\r\n Size/MD5 checksum: 5699 61578e6e26adf73639b464210830896b\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz\r\n Size/MD5 checksum: 1780533 7676643ff78a0602c10bfb97fe0bd448\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_alpha.deb\r\n Size/MD5 checksum: 1821874 8fe74b91409115b4547ba273501e8f79\r\n\r\n AMD64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_amd64.deb\r\n Size/MD5 checksum: 1796698 c6f96adecd322a60d77379d1513b26dc\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_arm.deb\r\n Size/MD5 checksum: 1756056 8632f1ef914df5fcc3b6c3f6dc9ce459\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_i386.deb\r\n Size/MD5 checksum: 1750384 f000dee97e83dbe85941c1305e689ef2\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_ia64.deb\r\n Size/MD5 checksum: 1980936 dce8ad12b1ce0e5e097c51243c68f749\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_hppa.deb\r\n Size/MD5 checksum: 1862404 b4b0d1a421d02987330502e4a653e6a9\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_m68k.deb\r\n Size/MD5 checksum: 1785734 1c14679aba2cd8cd8bf7aabd42db1cf6\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mips.deb\r\n Size/MD5 checksum: 1769138 6600cf166ba6ced0b6c067338f9565c1\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mipsel.deb\r\n Size/MD5 checksum: 1754778 0539c52303cf950f3ea66f78eb875449\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_powerpc.deb\r\n Size/MD5 checksum: 1770876 a8098242afc68c1dfd0c2141f95d88f5\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_s390.deb\r\n Size/MD5 checksum: 1804716 88af5f5ab641839eac628f9dd36e4509\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_sparc.deb\r\n Size/MD5 checksum: 1779964 c07986d5367f97f1598d7e2d592fdc40\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFD4GGxW5ql+IAeqTIRAvQiAJ4xOAQr4GcVkPcKAGIlXuLVh+cDOgCdHp19\r\nWLOiQcmij8udAgyvS0Y7Jw4=\r\n=Fs3s\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "modified": "2006-02-01T00:00:00", "published": "2006-02-01T00:00:00", "id": "SECURITYVULNS:DOC:11258", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11258", "title": "[Full-disclosure] [SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-3193"], "description": "Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability\r\n\r\niDefense Security Advisory 12.05.05\r\nwww.idefense.com/application/poi/display?id=345&amp;type=vulnerabilities\r\nDecember 5, 2005\r\n\r\nI. BACKGROUND\r\n\r\nXpdf is an open-source viewer for Portable Document Format &#40;PDF&#41; files.\r\n\r\nII. DESCRIPTION\r\n\r\nLocal exploitation of a heap-based buffer overflow vulnerability in \r\nxpdf, as included by multiple vendor&#39;s software distributions, could \r\nallow attackers to cause a denial of service &#40;DoS&#41; condition, \r\npotentially resulting in arbitrary code execution. \r\n\r\nThe vulnerability specifically exists due to insufficient input \r\nvalidation in the JPX Stream parsing code for decoding embedded JPEG \r\n2000 images. The JPXStream::readCodestream function from \r\nxpdf/JPXStream.cc takes the value of nXTiles and nYTiles from user-\r\ncontrollable data from within the PDF file. The nXTiles and nYTiles \r\nvalues are then used in a gmallocn&#40;&#41; call as shown below.\r\n\r\nGBool JPXStream::readCodestream&#40;Guint len&#41; {\r\n....\r\n switch &#40;segType&#41; {\r\n case 0x4f: // SOC - start of codestream\r\n // marker only\r\n break;\r\n case 0x51: // SIZ - image and tile size\r\n if &#40;!readUWord&#40;&amp;capabilities&#41; ||\r\n !readULong&#40;&amp;img.xSize&#41; ||\r\n !readULong&#40;&amp;img.ySize&#41; ||\r\n !readULong&#40;&amp;img.xOffset&#41; ||\r\n !readULong&#40;&amp;img.yOffset&#41; ||\r\n !readULong&#40;&amp;img.xTileSize&#41; ||\r\n !readULong&#40;&amp;img.yTileSize&#41; ||\r\n !readULong&#40;&amp;img.xTileOffset&#41; ||\r\n !readULong&#40;&amp;img.yTileOffset&#41; ||\r\n !readUWord&#40;&amp;img.nComps&#41;&#41; {\r\n error&#40;getPos&#40;&#41;, &quot;Error in JPX SIZ marker segment&quot;&#41;;\r\n return gFalse;\r\n }\r\n....\r\n img.nXTiles = &#40;img.xSize - img.xTileOffset + img.xTileSize - 1&#41; /\r\n img.xTileSize;\r\n img.nYTiles = &#40;img.ySize - img.yTileOffset + img.yTileSize - 1&#41; /\r\n img.yTileSize;\r\n \r\n img.tiles = &#40;JPXTile *&#41;gmallocn&#40;img.nXTiles * img.nYTiles,\r\n sizeof&#40;JPXTile&#41;&#41;;\r\n\r\nThe values are used again later in JPEG format parsing code to copy \r\ndata from the file into a pre-allocated buffer in the heap. Overly \r\nlarge values supplied to nXTiles and nYTiles result in corruption of \r\nheap memory, which results in a DoS condition. This could result in \r\narbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation could result in arbitrary code execution with privileges \r\nof the xpdf process. Currently, exploitation resulting in code \r\nexecution is theoretical and dependant on the process memory layout. A \r\ntypical exploitation attempt would require an attacker to supply a \r\nmalicious pdf to the victim. The victim would need to open the corrupt \r\npdf file in xpdf. Only then would the vulnerability be triggered.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in xpdf \r\n3.01. All earlier versions of xpdf are suspected vulnerable.\r\n\r\nThe following vendors include susceptible xpdf packages within their \r\noperating system distributions:\r\n\r\n . The Debian Project: Linux 3.0 and 3.1 \r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any effective workarounds for this \r\nvulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nA patch for this vulnerability is available at:\r\n \r\n ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch\r\n\r\nUpdated binaries &#40;version 3.01pl1&#41; are available at:\r\n\r\n http://www.foolabs.com/xpdf/download.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CAN-2005-3193 to this issue. This is a candidate for inclusion in\r\nthe CVE list &#40;http://cve.mitre.org&#41;, which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/13/2005 Initial vendor notification\r\n10/19/2005 Initial vendor response\r\n12/05/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDefense credits infamous41md@hotpop.com with the discovery of this \r\nvulnerability.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.iDefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.iDefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright C 2005 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@iDefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "modified": "2005-12-06T00:00:00", "published": "2005-12-06T00:00:00", "id": "SECURITYVULNS:DOC:10555", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10555", "title": "iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-3192"], "description": "Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability\r\n\r\niDefense Security Advisory 12.05.05\r\nwww.idefense.com/application/poi/display?id=344&amp;type=vulnerabilities\r\nDecember 5, 2005\r\n\r\nI. BACKGROUND\r\n\r\nXpdf is an open-source viewer for Portable Document Format &#40;PDF&#41; files.\r\n\r\nII. DESCRIPTION\r\n\r\nLocal exploitation of a heap-based buffer overflow vulnerability in \r\nxpdf, as included by various vendor&#39;s software distributions, could \r\nallow attackers to cause a denial of service &#40;DoS&#41; condition, \r\npotentially resulting in arbitrary code execution. \r\n\r\nThe vulnerability specifically exists due to insufficient input \r\nvalidation in the Predictor stream parsing code. The \r\nStreamPredictor::StreamPredictor function from xpdf/Stream.cc takes the \r\nvalue of numComps from user-controllable data from within the PDF file. \r\nThe numComps value is used in a series of calcualations within the \r\nStreamPredictor function. Using specially crafted values, a call to \r\ngmalloc can be forced to allocate the minimum number of bytes, which \r\nmay later be overrun with user-supplied data from the PDF file leading \r\nto corruption of heap memory that might result in a DoS condition or \r\narbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation could result in arbitrary code execution with privileges \r\nof the xpdf process. Currently, exploitation resulting in code \r\nexecution is theoretical and dependant on the process memory layout. A \r\ntypical exploitation attempt would require an attacker to supply a \r\nmalicious pdf to the victim. The victim would need to open the corrupt \r\npdf file in xpdf. Only then would the vulnerability be triggered. \r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in xpdf \r\n3.01. All earlier versions of xpdf are suspected vulnerable.\r\n\r\nThe following vendors include susceptible xpdf packages within their \r\noperating system distributions:\r\n\r\n . The Debian Project: Linux 3.0 and 3.1 \r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any effective workarounds for this \r\nvulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nA patch for this vulnerability is available at:\r\n \r\n ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch\r\n\r\nUpdated binaries &#40;version 3.01pl1&#41; are available at:\r\n\r\n http://www.foolabs.com/xpdf/download.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CAN-2005-3192 to this issue. This is a candidate for inclusion in\r\nthe CVE list &#40;http://cve.mitre.org&#41;, which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/13/2005 Initial vendor notification\r\n10/19/2005 Initial vendor response\r\n12/05/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDefense credits infamous41md@hotpop.com with the discovery of this \r\nvulnerability.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.iDefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.iDefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright C 2005 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@iDefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "modified": "2005-12-06T00:00:00", "published": "2005-12-06T00:00:00", "id": "SECURITYVULNS:DOC:10557", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10557", "title": "iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-3191"], "description": "Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability\r\n\r\niDefense Security Advisory 12.05.05\r\nwww.idefense.com/application/poi/display?id=342&amp;type=vulnerabilities\r\nDecember 5, 2005\r\n\r\nI. BACKGROUND\r\n\r\nXpdf is an open-source viewer for Portable Document Format &#40;PDF&#41; files.\r\n\r\nII. DESCRIPTION\r\n\r\nLocal exploitation of a heap-based buffer overflow vulnerability in \r\nxpdf, as included in various vendors&#39; operating system distributions, \r\ncould allow attackers to cause a denial of service condition, \r\npotentially resulting in arbitrary code execution. \r\n\r\nThe vulnerability specifically exists due to insufficient input \r\nvalidation in the DCT stream parsing code. The \r\nDCTStream::readBaselineSOF function from xpdf/Stream.cc takes the value \r\nof numComps from user-controllable data from within the PDF file. The \r\nnumComps value is used in a loop to copy data from the file into a pre-\r\nallocated buffer in the heap, shown as follows:\r\n\r\nGBool DCTStream::readBaselineSOF&#40;&#41; {\r\n....\r\n numComps = str-&gt;getChar&#40;&#41;;\r\n....\r\n for &#40;i = 0; i &lt; numComps; ++i&#41; {\r\n compInfo[i].id = str-&gt;getChar&#40;&#41;;\r\n c = str-&gt;getChar&#40;&#41;;\r\n compInfo[i].hSample = &#40;c &gt;&gt; 4&#41; &amp; 0x0f;\r\n compInfo[i].vSample = c &amp; 0x0f;\r\n compInfo[i].quantTable = str-&gt;getChar&#40;&#41;;\r\n }\r\n....\r\n\r\nOverly large values supplied to numComps will result in corruption of \r\nheap memory resulting in a DoS condition, potentially resulting in \r\narbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation of this vulnerability can result in arbitrary \r\ncode execution with privileges of the xpdf process. Currently, \r\nexploitation resulting in code execution is theoretical and dependant \r\non the process memory layout. A typical exploitation attempt would \r\nrequire an attacker to supply a malicious .pdf to the victim. The \r\nvictim would need to open the corrupt .pdf file in xpdf, triggering the \r\nvulnerability. \r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in xpdf \r\n3.01. All earlier versions of xpdf are suspected vulnerable.\r\n\r\nThe following vendors include susceptible xpdf packages within their \r\noperating system distributions:\r\n\r\n . The Debian Project: Linux 3.0 and 3.1 \r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any effective workarounds for this \r\nvulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nA patch for this vulnerability is available at:\r\n \r\n ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch\r\n\r\nUpdated binaries &#40;version 3.01pl1&#41; are available at:\r\n\r\n http://www.foolabs.com/xpdf/download.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CAN-2005-3191 to this issue. This is a candidate for inclusion in\r\nthe CVE list &#40;http://cve.mitre.org&#41;, which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/13/2005 Initial vendor notification\r\n10/19/2005 Initial vendor response\r\n12/05/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDefense credits infamous41md@hotpop.com with the discovery of this \r\nvulnerability.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.iDefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.iDefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright C 2005 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@iDefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "modified": "2005-12-06T00:00:00", "published": "2005-12-06T00:00:00", "id": "SECURITYVULNS:DOC:10554", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10554", "title": "iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-3191"], "description": "Multiple Vendor xpdf DCTStream Progressive Heap Overflow\r\n\r\niDefense Security Advisory 12.05.05\r\nwww.idefense.com/application/poi/display?id=343&amp;type=vulnerabilities\r\nDecember 5, 2005\r\n\r\nI. BACKGROUND\r\n\r\nXpdf is an open-source viewer for Portable Document Format &#40;PDF&#41; files.\r\n\r\nII. DESCRIPTION\r\n\r\nLocal exploitation of a heap-based buffer overflow vulnerability in \r\nxpdf, as included by multiple vendor&#39;s software distributions, could \r\nallow attackers to cause a denial of service &#40;DoS&#41; condition, \r\npotentially resulting in arbitrary code execution. \r\n\r\nThe vulnerability specifically exists due to insufficient input \r\nvalidation in the DCT stream parsing code. The \r\nDCTStream::readProgressiveSOF function from xpdf/Stream.cc takes the \r\nvalue of numComps from user-controllable data from within the PDF file. \r\nThe numComps value is used in a loop to copy data from the file into a \r\npre-allocated buffer in the heap as shown below.\r\n\r\nGBool DCTStream::readProgressiveSOF&#40;&#41; {\r\n....\r\n numComps = str-&gt;getChar&#40;&#41;;\r\n....\r\n for &#40;i = 0; i &lt; numComps; ++i&#41; {\r\n compInfo[i].id = str-&gt;getChar&#40;&#41;;\r\n c = str-&gt;getChar&#40;&#41;;\r\n compInfo[i].hSample = &#40;c &gt;&gt; 4&#41; &amp; 0x0f;\r\n compInfo[i].vSample = c &amp; 0x0f;\r\n compInfo[i].quantTable = str-&gt;getChar&#40;&#41;;\r\n }\r\n....\r\n\r\nOverly large values supplied to numComps result in corruption of heap \r\nmemory, resulting in a DoS condition, potentially resulting in \r\narbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation could result in arbitrary code execution with privileges \r\nof the xpdf process. Currently, exploitation resulting in code \r\nexecution is theoretical and dependant on the process memory layout. A \r\ntypical exploitation attempt would require an attacker to supply a \r\nmalicious pdf to the victim. The victim would need to open the corrupt \r\npdf file in xpdf, and at this point the vulnerability would be \r\ntriggered. \r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in xpdf \r\n3.01. All earlier versions of xpdf are suspected vulnerable.\r\n\r\nThe following vendors include susceptible xpdf packages within their \r\noperating system distributions:\r\n\r\n . The Debian Project: Linux 3.0 and 3.1 \r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any effective workarounds for this \r\nvulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nA patch for this vulnerability is available at:\r\n \r\n ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch\r\n\r\nUpdated binaries &#40;version 3.01pl1&#41; are available at:\r\n\r\n http://www.foolabs.com/xpdf/download.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CAN-2005-3191 to this issue. This is a candidate for inclusion in\r\nthe CVE list &#40;http://cve.mitre.org&#41;, which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/13/2005 Initial vendor notification\r\n10/19/2005 Initial vendor response\r\n12/05/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDefense credits infamous41md@hotpop.com with the discovery of this \r\nvulnerability.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.iDefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.iDefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright C 2005 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@iDefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "modified": "2005-12-06T00:00:00", "published": "2005-12-06T00:00:00", "id": "SECURITYVULNS:DOC:10556", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10556", "title": "iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:40:16", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "\"infamous41md\", Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to executing arbitrary code. Copies of xpdf code are also contained in cups, kpdf, kword, gpdf, libextractor, pdf2html, poppler and tetex. Updates for those are in the works.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-01-11T12:03:37", "published": "2006-01-11T12:03:37", "id": "SUSE-SA:2006:001", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-01/msg00007.html", "title": "remote code execution in xpdf,kpdf,gpdf,kword", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:48", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 962-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nFebruary 1st, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : pdftohtml\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624\n CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628\n\n&quot;infamous41md&quot; and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdftohtml, a utility that\ntranslates PDF documents into HTML format, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.36-11sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdftohtml package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.dsc\n Size/MD5 checksum: 602 c7095f7045d69bcebca90ade3f62a9a4\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.diff.gz\n Size/MD5 checksum: 11388 17672ff97722b502d4d5b3ab804401e3\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36.orig.tar.gz\n Size/MD5 checksum: 300922 75ad095bb51e1f66c9f7691e6af12f44\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_alpha.deb\n Size/MD5 checksum: 313926 ec897e4a81702159e516e823317e8652\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_amd64.deb\n Size/MD5 checksum: 259576 de188540a99fb893584e2c9a2f1c0e41\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_arm.deb\n Size/MD5 checksum: 266372 93821a971df9623124f68216c541f307\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_i386.deb\n Size/MD5 checksum: 253790 45b7b46b375e72507ebdf83b609b9bd3\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_ia64.deb\n Size/MD5 checksum: 374010 a64d9a344341b8ff8f88ceba02a2481e\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_hppa.deb\n Size/MD5 checksum: 330128 4ccc9307617411979efbca1d594f463b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_m68k.deb\n Size/MD5 checksum: 234598 e14153061b6f573e619f9dbd76bfbda8\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mips.deb\n Size/MD5 checksum: 311310 067a76c99fd6f144f7c75613b37493c7\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mipsel.deb\n Size/MD5 checksum: 307086 9890b5cec47e5e8e8ae4a9442c326253\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_powerpc.deb\n Size/MD5 checksum: 269364 9f345aa5ef3480b3d4591eeb4071bfa7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_s390.deb\n Size/MD5 checksum: 242284 4eb6779646c115bfe6ca7e7baaaaaec8\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_sparc.deb\n Size/MD5 checksum: 245330 7dbf6432f1cc0a2e6d9b42ffa80b588f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 2, "modified": "2006-02-01T00:00:00", "published": "2006-02-01T00:00:00", "id": "DEBIAN:DSA-962-1:55BC9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00039.html", "title": "[SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:46", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 961-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nFebruary 1st, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : pdfkit.framework\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624\n CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628\n\n&quot;infamous41md&quot; and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdfkit.framework, the\nGNUstep framework for rendering PDF content, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdfkit.framework\npackages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.8-2sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdfkit.framework package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.dsc\n Size/MD5 checksum: 725 67fb49e4f05a6eef25396d23ca0baacd\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.diff.gz\n Size/MD5 checksum: 5699 61578e6e26adf73639b464210830896b\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz\n Size/MD5 checksum: 1780533 7676643ff78a0602c10bfb97fe0bd448\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_alpha.deb\n Size/MD5 checksum: 1821874 8fe74b91409115b4547ba273501e8f79\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_amd64.deb\n Size/MD5 checksum: 1796698 c6f96adecd322a60d77379d1513b26dc\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_arm.deb\n Size/MD5 checksum: 1756056 8632f1ef914df5fcc3b6c3f6dc9ce459\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_i386.deb\n Size/MD5 checksum: 1750384 f000dee97e83dbe85941c1305e689ef2\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_ia64.deb\n Size/MD5 checksum: 1980936 dce8ad12b1ce0e5e097c51243c68f749\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_hppa.deb\n Size/MD5 checksum: 1862404 b4b0d1a421d02987330502e4a653e6a9\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_m68k.deb\n Size/MD5 checksum: 1785734 1c14679aba2cd8cd8bf7aabd42db1cf6\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mips.deb\n Size/MD5 checksum: 1769138 6600cf166ba6ced0b6c067338f9565c1\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mipsel.deb\n Size/MD5 checksum: 1754778 0539c52303cf950f3ea66f78eb875449\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_powerpc.deb\n Size/MD5 checksum: 1770876 a8098242afc68c1dfd0c2141f95d88f5\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_s390.deb\n Size/MD5 checksum: 1804716 88af5f5ab641839eac628f9dd36e4509\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_sparc.deb\n Size/MD5 checksum: 1779964 c07986d5367f97f1598d7e2d592fdc40\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 2, "modified": "2006-02-01T00:00:00", "published": "2006-02-01T00:00:00", "id": "DEBIAN:DSA-961-1:46885", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00038.html", "title": "[SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:13:02", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 932-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 9th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xpdf\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624\n CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628\nDebian Bug : 342281\n\n&quot;infamous41md&quot; and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code. The same code is present in kpdf\nwhich is part of the kdegraphics package.\n\nThe old stable distribution (woody) does not contain kpdf packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 3.3.2-2sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.5.0-3.\n\nWe recommend that you upgrade your kpdf package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge3.dsc\n Size/MD5 checksum: 1317 883261a391a85afb038bb7ea2150ecd7\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge3.diff.gz\n Size/MD5 checksum: 159106 1169ddf001b77319f2859c87ce482bc4\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2.orig.tar.gz\n Size/MD5 checksum: 7661488 6d0bb2c6e2e2f666d123778fbc520317\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge3_all.deb\n Size/MD5 checksum: 17620 9c3f491df5dcb49a81b26062df50ea98\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 92500 5a48e6e37e72346756b6153dea64cb03\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 109094 2c0eef65ec4eeb3ed658efdbfb8783e8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 64974 7eb446cb432616cc6caa48b3eef3e6b1\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 276194 7f1b3ceabb2e6bfbd3bf6286833e69a8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 497566 9a2bb4bb6e4bc14a4e37d38791d7eb21\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 149330 5ee25f6cbc684023ed30bf965d86ada8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 92958 4170a1ba0e59a2af45780bb4f45b5763\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 245964 8377a72e9f7739c74cdcb22326d48e0f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 159532 0edc3bcc04d6f54be88002bbb713931a\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 244546 c2095b637627385e2630892c60b0fbb9\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 831188 c9c211bd627e7466a9ac9601b3adbfa6\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 774074 77de1419dadbe632654580ba685bf0f8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 534432 f5986e5949252346fcc57e5f0732b3c5\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 2317542 fb2095e8e363d4d79953a899fafa6296\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 63414 0a3e195e572178fc40f0d1fd0e54077d\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 103090 acfc3b3d030f748a5b7e1e8247d90938\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 1357640 bba569d594464e09d8389f53580a562c\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 483788 bf0e57bf80bafa78ece4734d16e5c720\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 695424 47141779a11b3ed4d52373d21f3d0199\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 183880 85eaebeedbb011b5ba8d237c9a773363\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 33092 294ab0b1581c856d3a05dfb4d771772d\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_alpha.deb\n Size/MD5 checksum: 148226 51ca1b3297696bbe103b34c1e692f10e\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 87972 60ca2731887c79514aad0535af7ce5a6\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 100302 afa754568e0f5e3b1b08208c070ea80b\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 64970 13ead70c497d1abe4d8e0b64054673e0\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 252140 4d3a0b70d7a21e29b598a8fdfa078e1f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 485710 ec9300643ce00f9c6194f35d5935b7d0\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 144900 a98182043ec1e0ddf008a94f8e9f6b39\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 87874 459b38e1e638dcd1a402f677b0d72ddb\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 234010 d591becbe09936e1d6ca04c2afc91fce\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 143496 ffd0abcf446a1a5df52ff1d3034525a0\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 233908 374d3456398f6c282c2e1f038d180872\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 767986 448ef8aa521118792792f0f7c9743497\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 759638 ba8104609502f55782e5b1e88a177c93\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 485858 7cebf4d6a0c863aee628c0a13ca57435\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 2233414 a4d0efeb95af95c396eecf9d34645c42\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 63094 c14bc4abc51418dd6a43c4925b7ab8ff\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 99826 e6b6c796dc699297438449788f1385bd\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 1223444 7b995aadba63947f3c16c26d60af7c04\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 477640 99e831229b3434c714bfbfe3b06d67c6\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 678640 ed56083f0c5d480e6b030bbe46cf39c5\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 173234 ea854daab244c805f22fab1ef00c4501\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 33092 8a0f5e5ccdec0da1715a228d6e918be7\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_amd64.deb\n Size/MD5 checksum: 140160 943f60daa34a3022cdf1e61a74be6727\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 82404 7cde7db938cb953a501d3042a1533859\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 88398 02d60aceb08f53faf77f10ae59aa170f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 64994 8039a436f88742aaef37358b86a2522b\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 222994 b8e5d381f364876dd65d7f90eeb432f6\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 471280 676d721e8731aa075dcb33411fe39e15\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 137266 c27349004cbc42a68a0e62f622ee6f75\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 84972 260016c06dde14b7e4e6c4dc9da6b1c7\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 217514 91a5acde5bb21adc9e197f78f30c1bbd\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 127548 ee8f84522aa0ea8fe92653901d40f3ab\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 210264 4f63ea87da3f3a63d6fed1935593348f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 712230 d58a0fcd3ea98346d14bc9845f3ad9bd\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 739682 97d75f7b75ff91a8332d59045de83dc1\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 424114 1152a75238667a9593905bbd40038be1\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 2095184 7ac33f99bea7667b03ab3c1c86870c67\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 59256 deed7c4085f53831f63191526d5390e6\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 93348 40f906de514a2593d7dad7ba7f13210a\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 1310486 d97b0bb5e736350a506f0a64dd57e75d\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 465466 3f9d7de13c7aeeb827aef0c7bfb994cc\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 641312 480c12a4a3d0ca2195bb9ae374d3e582\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 155152 8798f061114f9a6fb019d20fcdcae533\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 33094 b2469fd24237631256b1d5e5efe8f733\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_arm.deb\n Size/MD5 checksum: 124204 0073a82d7a0ada3716163d082a99a18a\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 85920 1f8dccfa7b64c34f08cfab3d6c88a2d5\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 95446 fc147588e733eb66d6a2614b3da77560\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 64968 95f5c54d6b0d7205ee7580abd066f37d\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 222032 d91de9dd780ff410d01627b8062fd23f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 483864 df6ef6393a0aa1694e0767a425da1c57\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 140482 0ee2d3187a06af8e7e1f43ea90886c01\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 85876 6deee36ae927df2b9c43075946d0c363\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 227452 7a03c8c5ae46d8776538555b67ebddd8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 135884 52eb8e5cbccf5952cacffab1ab8bb6ee\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 221742 f994714fee52570758cca71a04099870\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 748352 aff6500c8e7b6347cb2cfce12e761318\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 750644 8c662c18ac1d5234e99b7ac304570fa6\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 452124 ea5f910e36dd17810d01e0ede44187f1\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 2205646 62e1fd98168e576ae78986e7cf88fadf\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 62548 0866b72eb70749a328304996b5da6245\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 97222 f4e1290335928e9b76b2715135a23516\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 1220820 c86f6657d183e99e8a69a11c741543c7\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 472032 7558051b7f3432ae2b5088c79afbc906\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 643484 3d7111575de51a703afefc6de1b64d59\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 166918 bf6a7f7b5018c5e9d3fbf8c0804bc4a0\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 33098 693fd2750e0678a95ab13df3d443c320\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_i386.deb\n Size/MD5 checksum: 134532 09327e3fa166ffd9e4606338b936ee86\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 102406 51fdcb159c85449f909f7d74c20f0aa1\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 117808 017a9c64eaff071bbe3e91d0c8bdc91f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 64968 2bfd3bf06bf9a4ef822a7289fbd7cc43\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 322930 3997e095f2530c1bbcd229ecb9836f24\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 540612 5258387412c170df5f9fa19fcd8dfaaf\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 160086 d15976032f48a9e120c6b56776f8342f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 103936 21d42fecd9a1fceac1cbef91cbb68c96\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 280826 d8242161f03e63ba52162775e62ad101\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 176204 21237877e70bc93a8371ab0aa5faf220\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 277288 8ca48ad52ffae22c953b88d44abfdd1f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 888426 edce61c7a9a65ef65c9dd08d2ea83fd7\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 799002 9abe5f38e0781adbf404ec1105c0e9df\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 629398 801d1509b6dccd250d5dc3757ecadee8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 2537880 4e7c3dba6e19729547b22a8c7dcfa0b7\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 67780 686786077def8ae34c3132188521993e\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 108160 2a09dbbe80ea1624d9a1a2b1b261ab7a\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 1417144 cc3cfe3e709d5862283e580a0820f283\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 501596 2a80a9c5248498a866672d85eca0a0f5\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 730722 1b0750ba641b4ccbb1926e1446bbc9eb\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 205764 56d117733da1be89fd8525d491c95a16\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 33084 d31c892ef95d30f0f8359df61b0481f4\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_ia64.deb\n Size/MD5 checksum: 170504 4a0acca19f8752621874046503a3f9df\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 93242 1679b3c9cf120b5b56d883cead2f544f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 101232 7e5c1f2c3885fea8f87f9fec1028b888\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 64986 55bd18e636b2485314120388d3ed4a73\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 270922 e7f5050518729caa3ae6925227f023ab\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 505386 84e47f0d34928923f2c2e0ae1ccf5487\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 146200 ebb3cd2ddf9afcfa113d1b0d60dd256e\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 93228 6a20a730277fa505d4e27495fd4b3424\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 250216 f42a8d0d6d594a601a362ea0f738b185\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 146362 b3529d2098e96ed4f19d31d17865c2e2\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 246034 32b469be4a18a7cfe1c9a65aead8a533\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 796926 8c3f9a89fc543ec69a12a659c7dcfbe3\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 757492 478d712e3bade83d527140c8fa2821e8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 535250 f726eb1a2a2705c84c48bbf1abd268ab\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 2371576 8ac6f9581c28c9252eac55ed6c09385a\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 61422 8d6b0374dea1c1efb042fc5e5edcf0c7\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 99192 2aad4f1b8942ade1bb889a2ee10746b0\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 1563008 a8203d54a3f59af2739fb75d6cd90049\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 485056 918c0d745609e787bc58de530c6abaff\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 700886 4c84103b7cea6763a57fa608e094c69e\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 183850 a03abfea16b0a0946221d473ddd796ae\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 33092 7ba9eb3e7b707decced38a098b067e26\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_hppa.deb\n Size/MD5 checksum: 148004 90d49f8cef0520eb1c022918dd429a99\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 85370 03208de88212ee8e3c433c6c69673877\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 91096 b75db8b3d6a30dd952ae78758510b296\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 65010 82d5536cd79f3bac8a4b483e5571eb23\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 229546 7b682eb8db73e63407bff2b29f6ffb4c\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 476952 fe27e5395f5ea231f77dd1abbb74c7e5\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 138540 acfa677ff78e256cd8e085cf75d16d97\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 85196 988a2fdd5de86648a524b8dec7173ea9\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 229420 9c328ece393d69c84db7304c8260fdb5\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 128626 7e1f68605fc327a146fc851894004ead\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 223556 941a4f007761da9124029e68431fff9f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 705084 2439ec0bc20dd2c60022ead6b118ab5e\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 743170 832c8961b239bcf874a90c5ac3fd14f1\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 447448 c38dcc1879650cd3bcdae5484631c281\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 2148768 0148565136745e0309b056cfdc77874e\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 61280 cd7c09ba73c52e33d77a277833c28c24\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 96636 a1d244a87142ca153826f09623196b4b\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 1315968 b3dbc843325ecc8b4f23dfbdbd04da35\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 475814 5adbdb5ea44cc6e774d06269f0123014\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 682572 22deaf8ff281062b43f45a50e8e52c53\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 166284 c772a82c000c4faed889bc1572907198\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 33100 117362ae11ee0926fe62d4251e45b9c8\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_m68k.deb\n Size/MD5 checksum: 133970 cc9320ce6077055fbef7f357baccb36b\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 79726 8ef8a7f51e426bab0c79c893b17b44e8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 102528 96063761ffb299e8663aabdc1dc830dc\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 64974 8632642c61fd3e514d79c53c440b0157\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 217900 9f068d5736f65a59d58843ef3719914a\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 461010 44d402c815ef59102a9d1f6a1922e5c7\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 140512 5dede51b9875eb9627fe84508f3ff4cc\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 81838 109efab6c00ef662a00ea4f41e7a0069\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 215748 ad22b37ce1d1ffef16c7cefde0ffd7d5\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 146198 b9c2cba23d25f1bf3bdbbdbeaffeadbd\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 204014 83a4764d81ef5ee7fd7fe890e23c9939\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 787984 c020ab67521dcaca8e49c0bae8216b28\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 756170 a1d1e3e06e5eed39f29d03ce572d5771\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 455814 8b5479eb17b3ea84f56d35f3d1992b43\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 2057362 71d2689d1981f83a6f8ff468d69cc0ce\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 59274 1cf3d865852bbb4965229a95c78a52b1\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 97718 1e697e2bf6d19eb71efe3350e63a8ddc\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 1127026 0bc2eab83b2cc242ecaebba694289235\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 463634 9bee129653701a27a392f118c2e2fc28\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 649718 dfa1146d95d54eab9f51301b5f4a28eb\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 156802 9126d5152c28c24889e5269a9adde39f\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 33094 9875a23d1590f9016f8a8bb450bf3a6d\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_mips.deb\n Size/MD5 checksum: 124558 eb55d58484f5ecdc59b2c6eb3c47a805\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 79070 ea21445ae1aef174831e9534db959308\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 101596 ed6adfa04d7c4c2c4d002cb5a278583f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 64972 434438d23e8b0ccc9c38dcc699164e53\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 215850 82f87ff8b5520823f839092cef2356b0\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 459624 e577a100b76fe42784b6dcc35f5046b6\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 139548 4e829465b219a4d56b86b687b33d5df0\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 81370 937ce8392adf141a1f79af0dfc80e499\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 213272 bf8c38a0afb9c9f966cd00bc42a4d4c0\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 144554 ca97a5ce320d502c908580bf0bcc4033\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 201638 45e29afdb0ab123d149a739520f1c32c\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 785228 9902604485b4e9633f3e36f01fc8f920\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 754276 b1be56ab0f23c02f6aa29b1276a3d917\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 446852 99ac862679028515f5f715c047719e2f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 2046016 8c9919a529a79538629221bf98e37b61\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 59068 5c2aad04a5f5265034faca5d8fd82c64\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 97168 498f72e93b50faefb22a9ca9335193a1\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 1101768 8cb8b46c5207d06911d77d3178f9a4f8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 461868 4792dcccbb8fcda14f2eb601692e2c01\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 647264 9a340b39b3b2ce04d2ed0cfe240bca8b\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 154678 79ac08fbe101be7efe6e3471d5fb787d\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 33100 3c5ab7cfcd4fce969cd6066c9a9b31d9\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_mipsel.deb\n Size/MD5 checksum: 122404 3d2878bbacb4862c25b73d6c71a6f649\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 84678 c40175b83c13941983dd07e2ec17bdda\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 94604 720a71fb1d61f0f16a919926a996ebb8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 64990 6b4a44cd20244525cf7ed61ef63da641\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 249552 78b554c699af127b69b39b49ac4c180b\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 474624 b38b81bf2974e7d72095eb84b00de64d\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 140692 cfb9009df7900bfbfdbc39f7523fc587\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 85162 130665aee67bc16e9be3ca54a3762862\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 224802 60d742b0d2303bc63b1849dae1397581\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 132544 6f6bd6ab29fcbf3311f1015a35aec78f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 222198 993f41bfbccf6481ca327f2e8dc3c20d\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 725370 0f9836476933dbe813ea538c5d052cd8\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 744166 608091d9c9b27dde512ac47b6947d626\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 467524 46073d588f362de378386698c39c95c7\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 2142348 9e3bfa19052e85058e4fa31a6298f0a0\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 61046 b4d834e88473d8776d305e0448ebe476\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 95544 977ad02f98bcf9731dc2fca1ad1eebc5\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 1191074 8fb34b60f7d2fb4484da19634fb83ca2\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 470198 4b8539d72cc39d7e1939f526c765c8b7\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 676288 94b7d619e9eb8ecd0cfb0bb3be8ae4ba\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 161756 d59119ba3140c9e41aaafc0c16af7c63\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 33098 980dc1cabb51360efe73cb00e37b3ae1\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_powerpc.deb\n Size/MD5 checksum: 132262 66496d5de6353b80c647b32f4c18ef8b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 89880 99dff2d06524836ab720abd471999d66\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 98316 893cdc7754cae8a00ee116fcdbf9fb73\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 64972 bd908c097ca775f368b3b87db83ada06\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 236504 603bbb604f6cf907a31b29e8c0438351\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 484950 957eae05f1920388664d5db6b42ae80f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 145404 061c37b7acbe75a09bc6a983e24eca22\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 87136 4c9745eccb44c21a609b5ffaf768a26a\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 244122 9b7d68631bccc0af9b79214ec7d3e8d5\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 140834 3230bfe76d926783b336e0b424685896\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 239688 42a8e7956bfd756ffba9e7bcd5314e8c\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 765928 3a38ceb3563211404e5534bc691b887c\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 755596 40d810e17c05d8ff21d76550c0e5cc3a\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 496480 0a48f1beb7a4e03425783a909bc88ef0\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 2195656 c26f4c732fe8393766eccff6a845e938\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 63070 ea7b94304194ffa4d0bbd708f84737db\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 100742 b5f3558b9d1e30038dabbf0f4b0ba36f\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 1192548 db812a33636b9a681083895da654d9ac\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 481678 93c6f759b0cc1965dbb93536dc255dac\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 682752 519c3b25389f72155e005e12a6989972\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 176666 194c2424523d195373e0d4177b2c1ded\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 33090 8882749212a6e977b9eec3e9fb595f50\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_s390.deb\n Size/MD5 checksum: 142212 c95e8e7fe4365be445daead6d366c5ac\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 82296 25f2b504c0cc096508d2565f38db6f28\n http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 90720 d8a9ee57d67676bdd2637a40b941b8cb\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 64980 967f32d4dc6fc6f5d9ff4ef838bae770\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 219164 141a05361d233b94f81be5a802de14d9\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 477510 e71886db4ca53b2c23f421857844dc35\n http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 137938 22442ddae2f20c3663c270541e9ba9c1\n http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 83210 abfc0612516de6079f6552f0dae1743f\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 223774 3b242e3415e216278bd5922d09cafa73\n http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 130520 171569986b9d5f75037fac7216f51014\n http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 213588 25bdfc45123cbcac842c5c01882c9551\n http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 714158 a4ba5b48aec9eaf736315dee410a53bc\n http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 744042 5894e3e97fc45d024219a9ff7e115854\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 451392 de85d22d0d458866bdffba846d4accc2\n http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 2142550 732f1d703ab5d8bba7345e50db66283c\n http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 60184 012973b512f9bdfbf15830812fc2b863\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 95092 766c1952f778a25f2aab9bd20964a676\n http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 1175232 7398855b8444740ce27001c427544406\n http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 469204 b2e9d809bfc831938f3d080990b7efae\n http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 639718 6054b8e3f4c9142551a7fd114cb71bb6\n http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 160294 c47394d5c4923c4a921fd400a8f107a0\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 33090 84d007d379333f73de214d1af530ea8d\n http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_sparc.deb\n Size/MD5 checksum: 128730 ef6ffca3dd504cd20953e7b5c0775014\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 7, "modified": "2006-01-09T00:00:00", "published": "2006-01-09T00:00:00", "id": "DEBIAN:DSA-932-1:4933B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00003.html", "title": "[SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:30:52", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 931-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 9th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xpdf\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE IDs : CAN-2005-3191 CAN-2005-3192 CAN-2005-3193 CVE-2005-3624\n CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628\nDebian Bug : 342281\n\n&quot;infamous41md&quot; and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.00-3.8.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 3.00-13.4.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.01-4.\n\nWe recommend that you upgrade your xpdf package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.dsc\n Size/MD5 checksum: 706 f8091cb4e0b0c7baa8ccc4ee75a50699\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.diff.gz\n Size/MD5 checksum: 11832 ab0665a0fa767785037ceff313cbc1b3\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz\n Size/MD5 checksum: 397750 81f3c381cef729e4b6f4ce21cf5bbf3c\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.8_all.deb\n Size/MD5 checksum: 38826 43072ed4680dab2c7d68eec7b3f7c45a\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8_all.deb\n Size/MD5 checksum: 1286 7bd55048fc7aab6c9c35f65d472932da\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_alpha.deb\n Size/MD5 checksum: 571434 7be66f32548c87a66c2353d976a99c36\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_alpha.deb\n Size/MD5 checksum: 1046964 c83387b2ce2c92faa2cbbc86f2d9a9a8\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_arm.deb\n Size/MD5 checksum: 487502 655007df84b968ec59de01638b77f0b8\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_arm.deb\n Size/MD5 checksum: 887368 a2d7e4052bf2a5c4a495c4e45dedf89b\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_i386.deb\n Size/MD5 checksum: 449748 0ae0c17cc4624b254b2aeac09c995d6f\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_i386.deb\n Size/MD5 checksum: 828498 530637087a864c6def87e31283bdeceb\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_ia64.deb\n Size/MD5 checksum: 683068 19ecb0905f8636e67bf7238c10f59ad5\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_ia64.deb\n Size/MD5 checksum: 1230046 ed52eb1ba803c65bed5b9b82ec551eef\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_hppa.deb\n Size/MD5 checksum: 564570 e375463f1a090ee04616a2a28d074792\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_hppa.deb\n Size/MD5 checksum: 1034076 c7baa8decb624ae001b8325c426c3e83\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_m68k.deb\n Size/MD5 checksum: 427756 e516e992cf634de082e9261fec596417\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_m68k.deb\n Size/MD5 checksum: 795168 5315ec1734af63b31df537992fd575d7\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mips.deb\n Size/MD5 checksum: 555626 38b3797dc8685b374bfa4d5b8310e002\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mips.deb\n Size/MD5 checksum: 1017302 f1420c53961b3574c404e3dcee80e633\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mipsel.deb\n Size/MD5 checksum: 546712 be27f108ed722e04bee9473fb463a749\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mipsel.deb\n Size/MD5 checksum: 999554 d8983b16cb67d5b5da734e8a166079b1\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_powerpc.deb\n Size/MD5 checksum: 470466 c90999ac3ffef0f1ca9907ec0c52e8ca\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_powerpc.deb\n Size/MD5 checksum: 860678 1b79e9b04f6b86cee3365c27c99b8c8a\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_s390.deb\n Size/MD5 checksum: 430408 09493b1bae3177137a922adbaee7af25\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_s390.deb\n Size/MD5 checksum: 786644 98062cef2cfd5f78eba94f92f7ffc7ec\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_sparc.deb\n Size/MD5 checksum: 444146 9bb3e73108672a45c87eb172b30b645e\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_sparc.deb\n Size/MD5 checksum: 810204 53735cf450d1ff09449dd4e744e31f4a\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.dsc\n Size/MD5 checksum: 781 df2be00a261c47ed25cbf00bdcefcc32\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.diff.gz\n Size/MD5 checksum: 50734 3018a9155bbcf704f47132bbefddd5b5\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz\n Size/MD5 checksum: 534697 95294cef3031dd68e65f331e8750b2c2\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.4_all.deb\n Size/MD5 checksum: 56504 333976022e4bd6b1a241844231f2db30\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4_all.deb\n Size/MD5 checksum: 1284 1b077a992654b8df5727d844deb84e0c\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_alpha.deb\n Size/MD5 checksum: 802112 93e96a4213f4966d8c0bb2c1e34b572d\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_alpha.deb\n Size/MD5 checksum: 1528190 5db2e3cd7ab5f2865d5303163c3d08a7\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_amd64.deb\n Size/MD5 checksum: 667754 df5e85b58bcb2f7b86837e7a79b745f9\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_amd64.deb\n Size/MD5 checksum: 1273734 5554c8f473a892cc8478f50bc1dd96dd\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_arm.deb\n Size/MD5 checksum: 674458 b419a39cb5b1bbaefe52c51f163913d5\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_arm.deb\n Size/MD5 checksum: 1279040 fe5af7d7209bb14e865404ea695a6df3\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_i386.deb\n Size/MD5 checksum: 656804 e319b835c10f76ad7946b74da24ba1bf\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_i386.deb\n Size/MD5 checksum: 1242164 731e556748f3f84465bd6537462fde03\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_ia64.deb\n Size/MD5 checksum: 950974 fe4f3be5aa05772806309faaa3847db3\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_ia64.deb\n Size/MD5 checksum: 1801950 27c19b5813e7d2aa34aca9847c277b40\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_hppa.deb\n Size/MD5 checksum: 832646 a2504b353573d384d443e923782775f1\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_hppa.deb\n Size/MD5 checksum: 1580478 72266677b36f9ec9ab2c2bcac1dfe7ac\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_m68k.deb\n Size/MD5 checksum: 585736 e1331547251b0d5eba96c68e6665abf2\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_m68k.deb\n Size/MD5 checksum: 1116746 46d969a98302c1b49b5e9a355047adfc\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mips.deb\n Size/MD5 checksum: 807800 d1acd349bc0a932ea3467db9796919f5\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mips.deb\n Size/MD5 checksum: 1524848 685d65d2a07676b55fa3abd8505018a9\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mipsel.deb\n Size/MD5 checksum: 798090 18503fbab79be783005bed35d4cdb02d\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mipsel.deb\n Size/MD5 checksum: 1503796 aaa4b1de4370d52cc2b3e595542f82c3\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_powerpc.deb\n Size/MD5 checksum: 694126 08e64354f30b1bd573092925b894c77f\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_powerpc.deb\n Size/MD5 checksum: 1313048 5f39d0ffe44186db884a7c1115704666\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_s390.deb\n Size/MD5 checksum: 630774 8b48412164ae96066c61399a5c7b3cd7\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_s390.deb\n Size/MD5 checksum: 1198670 6b837427a05f0b19630197183c9c50f1\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_sparc.deb\n Size/MD5 checksum: 626394 0bbb59b11b9d11f9129fbd475e3ab186\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_sparc.deb\n Size/MD5 checksum: 1181726 a523c04a7ae1c3b8fc24c29f46d3c589\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 3, "modified": "2006-01-09T00:00:00", "published": "2006-01-09T00:00:00", "id": "DEBIAN:DSA-931-1:51450", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00002.html", "title": "[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:19:06", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 950-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 23rd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : cupsys\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624\n CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628\n\n&quot;infamous41md&quot; and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in CUPS, the Common UNIX\nPrinting System, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.1.14-5woody14.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.1.23-10sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your CUPS packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14.dsc\n Size/MD5 checksum: 712 87055bd9647d440b8ce56afc1c53c062\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14.diff.gz\n Size/MD5 checksum: 41961 2d996ab8926c30dda9b4b1da5db2dcf5\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz\n Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_alpha.deb\n Size/MD5 checksum: 1901460 d9c2716ed4e3eb17551e93bd09ef3cb1\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_alpha.deb\n Size/MD5 checksum: 74640 ecc0016c60f37d7b99c4d8848588a4d1\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_alpha.deb\n Size/MD5 checksum: 93286 9f018be9b70c2dc86ee7d022b92ff102\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_alpha.deb\n Size/MD5 checksum: 2446114 c097158954ffc328f578dea763337440\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_alpha.deb\n Size/MD5 checksum: 138306 3d938cc09f9b17c65c79a4b7c4c7474a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_alpha.deb\n Size/MD5 checksum: 181258 db9cc1c0273d516386ccf2be873166a0\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_arm.deb\n Size/MD5 checksum: 1822154 a6c2a7bc9ed9a2daf492474dfbfee387\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_arm.deb\n Size/MD5 checksum: 68790 a6504ee333ddb3bea747835678a025f3\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_arm.deb\n Size/MD5 checksum: 85976 20b1bc34eee904186892e47522024266\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_arm.deb\n Size/MD5 checksum: 2346140 ed23313e05032089bb5cee70cd914711\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_arm.deb\n Size/MD5 checksum: 113304 9ffcce59eb3f9b306dbd661fe9b28760\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_arm.deb\n Size/MD5 checksum: 150704 be20a14dfa2fb2251d9a046159a4ac9e\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_i386.deb\n Size/MD5 checksum: 1788452 f920699db4f6756a27ef73c00d41cb1c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_i386.deb\n Size/MD5 checksum: 68280 728e5ab852df891dbb094c877d5d26f2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_i386.deb\n Size/MD5 checksum: 84416 352934f7cabf8e8835cbe685e136ab69\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_i386.deb\n Size/MD5 checksum: 2312294 656e02e4f86107449f528789393bf3d4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_i386.deb\n Size/MD5 checksum: 111268 cdd8f173a676c42e1e6f800757777e44\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_i386.deb\n Size/MD5 checksum: 136824 3762ca0a2e9f04e82c69de42bee5c6d1\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_ia64.deb\n Size/MD5 checksum: 2009046 515a82e65816d7306a0eed23eb81eca7\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_ia64.deb\n Size/MD5 checksum: 77740 1934f438e856d54966bd86d1e575185c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_ia64.deb\n Size/MD5 checksum: 97452 b74539e18af4838477d91c604d8a92ed\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_ia64.deb\n Size/MD5 checksum: 2657094 64e4f7fef054d690c03ca3753742a762\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_ia64.deb\n Size/MD5 checksum: 156328 82d9922dc92754c43bf39e8f4cc77928\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_ia64.deb\n Size/MD5 checksum: 183270 6a90afecd9464585d98e294ff73929c7\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_hppa.deb\n Size/MD5 checksum: 1882286 4ec8f0298dc7249fa9ca70017b324de2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_hppa.deb\n Size/MD5 checksum: 71102 4fe9e3556038e7ad2a5f98b93293a37a\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_hppa.deb\n Size/MD5 checksum: 90130 eeb463655e9c4d920e9bd9bf6f59fc2e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_hppa.deb\n Size/MD5 checksum: 2456368 06cd1008318bbb3508f78208360c25dd\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_hppa.deb\n Size/MD5 checksum: 126830 9438fad24f29a082acf3af12f1b78ba2\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_hppa.deb\n Size/MD5 checksum: 159848 992335895e6d5f9507cd5f261bab3083\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_m68k.deb\n Size/MD5 checksum: 1756060 ab11910eddafa259de3bd745b44bf3da\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_m68k.deb\n Size/MD5 checksum: 66570 e2c198da29470435c7728c04ec1dddcd\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_m68k.deb\n Size/MD5 checksum: 81710 aba951dcf7e9b48289d66d28b52a8fe1\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_m68k.deb\n Size/MD5 checksum: 2261686 aba414903aed1f525daddefc42d9cb0f\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_m68k.deb\n Size/MD5 checksum: 106548 52dd393183f425b3cfd7dfb424a83df8\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_m68k.deb\n Size/MD5 checksum: 129094 4348111e8d1be636745d7871e8891948\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_mips.deb\n Size/MD5 checksum: 1812104 dd3a152cc6f60aee92caf1b1d48be116\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_mips.deb\n Size/MD5 checksum: 68192 471231e45b6758318b09593584561492\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_mips.deb\n Size/MD5 checksum: 81620 20a54b310accf0c618ae17b1939928d6\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_mips.deb\n Size/MD5 checksum: 2404894 e5448e7a68d1b9b2faffe6250e293504\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_mips.deb\n Size/MD5 checksum: 113064 bef1f42d86e8f491fc3c01eab9d1978d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_mips.deb\n Size/MD5 checksum: 151504 bea406cc6863a488054206378e8fb04c\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_mipsel.deb\n Size/MD5 checksum: 1812764 83e4dac89074dcb5adeeadc94e1b77fc\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_mipsel.deb\n Size/MD5 checksum: 68190 8a5f9228fd00e1f2010b4ecc3192043f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_mipsel.deb\n Size/MD5 checksum: 81664 c7329620731adcafa54c76956c7570fa\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_mipsel.deb\n Size/MD5 checksum: 2407286 597914ee83c1d95f071f3f9cc2a712c4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_mipsel.deb\n Size/MD5 checksum: 112850 b0ba6a07c9ae3dd1265428e591c46e97\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_mipsel.deb\n Size/MD5 checksum: 151320 08f9b0bd3e63b83e4486a736f4183c80\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_powerpc.deb\n Size/MD5 checksum: 1801230 7ae9ff1ad1a2b39bcac9caf0a1ea84bf\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_powerpc.deb\n Size/MD5 checksum: 68216 c4a5278ee7b0decab415799498ec4c0e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_powerpc.deb\n Size/MD5 checksum: 83804 1f0e2917e7bbfa3c41b42a8706aa4dbc\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_powerpc.deb\n Size/MD5 checksum: 2360122 0205d9a7e7294b1c5df64b7b5aeef414\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_powerpc.deb\n Size/MD5 checksum: 117102 75a66b72bc9f3de5db50bab7c0fd877d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_powerpc.deb\n Size/MD5 checksum: 145562 d77e1f716df37e1e1f4fa0408adaa2d7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_s390.deb\n Size/MD5 checksum: 1796146 6fa046122e3b7f1c3d8d4b5d74ab4f44\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_s390.deb\n Size/MD5 checksum: 69592 f2f9bf8682b4cb7fc45daddff2643bf2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_s390.deb\n Size/MD5 checksum: 86316 b48887446a27a55d25ac400c1aac22ce\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_s390.deb\n Size/MD5 checksum: 2337954 7a17b6c38961912f5c8ac1d3a93df115\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_s390.deb\n Size/MD5 checksum: 115630 c441bc67529c0ca9d65b2ecf7ae77a22\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_s390.deb\n Size/MD5 checksum: 141154 6c1045dab37cd0c2de8ea9521fb15ce5\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_sparc.deb\n Size/MD5 checksum: 1845976 02c8158a514550f09e71440b57bbe091\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_sparc.deb\n Size/MD5 checksum: 71162 e80f373008dae5e4c53f573cb8211742\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_sparc.deb\n Size/MD5 checksum: 84582 9a972b8f43a72a85b83deaca3fd33dd9\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_sparc.deb\n Size/MD5 checksum: 2354982 984c7d23e08833f26d1cd63e54292a41\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_sparc.deb\n Size/MD5 checksum: 120776 704f789385683f359cc6ed1328892516\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_sparc.deb\n Size/MD5 checksum: 147072 e9aabfc1246767e35667aeed061f0184\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1.dsc\n Size/MD5 checksum: 843 149c91767477b75a0cf7db28c6129b30\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1.diff.gz\n Size/MD5 checksum: 1273227 8e6fbc6b8ca8d4588d90312a3a7c2199\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23.orig.tar.gz\n Size/MD5 checksum: 10071818 d6995f493129e9637581f3a717c8345e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.23-10sarge1_all.deb\n Size/MD5 checksum: 972 0f85b73fa4d13914cf8f50dc2dc1910f\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_alpha.deb\n Size/MD5 checksum: 8998558 547b44162becac3729e55a1efa9bf526\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_alpha.deb\n Size/MD5 checksum: 51964 4961aed776b96ad6201d56a9d2405a2f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_alpha.deb\n Size/MD5 checksum: 116824 732753a8cfbd0eeb5f52b8686948f6b6\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_alpha.deb\n Size/MD5 checksum: 61186 e6dab465c327d8b5769a406130e47216\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_alpha.deb\n Size/MD5 checksum: 61054 d6261652e2a0cbb4d396411f224a0322\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_alpha.deb\n Size/MD5 checksum: 112100 28f6458e3a69ee997b3dee07b7c2b616\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_alpha.deb\n Size/MD5 checksum: 83694 433ccca31f21ee3d1b726acc36fe3350\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_amd64.deb\n Size/MD5 checksum: 8965490 0ed3172129be9fac870f3c27c16d9b6b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_amd64.deb\n Size/MD5 checksum: 48912 481fb3ff53dcea0ab7675e2935d0c4b5\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_amd64.deb\n Size/MD5 checksum: 111480 0d29c73380d005759e830a560765115b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_amd64.deb\n Size/MD5 checksum: 54140 7aa240c5363d73169f72ced83b9418f9\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_amd64.deb\n Size/MD5 checksum: 45302 4bf1056c7dbfb8f8ca5418b2bd0da446\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_amd64.deb\n Size/MD5 checksum: 88114 31b7feb9363003f66f67f957e4933e9a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_amd64.deb\n Size/MD5 checksum: 76420 b550d92e77c52790bf5a58031f605c8d\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_arm.deb\n Size/MD5 checksum: 8957012 915fdb81401cd63d854e5cf40605a797\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_arm.deb\n Size/MD5 checksum: 47944 7464b760910c7eec6450fb3608a54845\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_arm.deb\n Size/MD5 checksum: 108064 f6f2d9a1dbefa5bb4adfeec4592df8af\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_arm.deb\n Size/MD5 checksum: 52704 67a5ae9c5dcdf9a5a86f7d64292bf967\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_arm.deb\n Size/MD5 checksum: 47096 9fa5503ff99ecfb041243039362b3a2a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_arm.deb\n Size/MD5 checksum: 88946 ecdf555d38255fd39a08ee1387013f1b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_arm.deb\n Size/MD5 checksum: 70916 10e8a947858a4707236de9e2006e3907\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_i386.deb\n Size/MD5 checksum: 8956128 da71b0801cba48f1cb692d93297abc2b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_i386.deb\n Size/MD5 checksum: 48344 41ebb63f63a0f2dae4312cb0618114fa\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_i386.deb\n Size/MD5 checksum: 109956 fbc4c77291e86a1ef4cbba36cfa54b7d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_i386.deb\n Size/MD5 checksum: 54588 140f3a9b6f693b7d5cfc5666b1ca9811\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_i386.deb\n Size/MD5 checksum: 45896 45916eeaf110d91dfffd39ce25f0b36a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_i386.deb\n Size/MD5 checksum: 86752 04ef904ec3d610eca55a8c4c27126dc5\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_i386.deb\n Size/MD5 checksum: 75220 f5dcffc2f6f71ccc85c939001d84a3b7\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_ia64.deb\n Size/MD5 checksum: 9097650 7833e9cdda700ca59e4ca74c68c8c94f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_ia64.deb\n Size/MD5 checksum: 57190 05e645e5af8ea79fffe60985668f4d1a\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_ia64.deb\n Size/MD5 checksum: 131422 72e92715d0f7c044313dce896e32327d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_ia64.deb\n Size/MD5 checksum: 68416 744165acbbe1ab96f53d8e4d91346367\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_ia64.deb\n Size/MD5 checksum: 59894 1d3e91c509a4e0f790b7abbbf379d623\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_ia64.deb\n Size/MD5 checksum: 112768 96f6ecd302463e5a401f52c3e060b498\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_ia64.deb\n Size/MD5 checksum: 97514 612eb7ff11d4f89e9c03224917586fa3\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_hppa.deb\n Size/MD5 checksum: 9010754 0c11b272d05a6f65c3665ac8b15b8947\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_hppa.deb\n Size/MD5 checksum: 52902 84620c8436668790219d44c1cf7373b4\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_hppa.deb\n Size/MD5 checksum: 117598 4c4500d88ed256ef352e59849cf8a286\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_hppa.deb\n Size/MD5 checksum: 59694 7917b68267148a9f0c82e55e4a759783\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_hppa.deb\n Size/MD5 checksum: 51240 2c078aa79136b3ace1c2d28b94da9256\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_hppa.deb\n Size/MD5 checksum: 95354 203442791f4f1d2ecd1e70e3279dbfd5\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_hppa.deb\n Size/MD5 checksum: 82904 bd10a9918c341f9614f68a3ee81683db\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_m68k.deb\n Size/MD5 checksum: 8925186 a926ab8492abf60434ffdadfb307b9e8\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_m68k.deb\n Size/MD5 checksum: 46966 6562751ea50409726f36af2016408821\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_m68k.deb\n Size/MD5 checksum: 104484 0318d6db604c936380a4fdfb3482eac8\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_m68k.deb\n Size/MD5 checksum: 49714 272c0080ae763db015e2199c39c72220\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_m68k.deb\n Size/MD5 checksum: 37408 3179193900762362145cd7b45e91cbf2\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_m68k.deb\n Size/MD5 checksum: 75744 f898ee020d7f540eafdabf95decc768f\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_m68k.deb\n Size/MD5 checksum: 70676 8882d7075c9cb16ee51ba2051c6e801c\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_mips.deb\n Size/MD5 checksum: 8994246 e0b394ae2fe5dd1bd72750cfad52de53\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_mips.deb\n Size/MD5 checksum: 54694 a3a93dad227e79d81be0f9db867afc6d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_mips.deb\n Size/MD5 checksum: 121500 e41d68c6950a41cf7ce208a6ac0bc3de\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_mips.deb\n Size/MD5 checksum: 53986 b511a7cb6c46058ea49a621dcc3c4988\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_mips.deb\n Size/MD5 checksum: 48646 e54608c8ff507c59f73d6bf47f4f5b7e\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_mips.deb\n Size/MD5 checksum: 88824 3f494a70d277f0f7340860d9e9898fe6\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_mips.deb\n Size/MD5 checksum: 72820 67af0adb3c1e2ce71c4f3810c80c6338\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_mipsel.deb\n Size/MD5 checksum: 8995140 195358c1b1afbde4fc6c8335efaa4181\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_mipsel.deb\n Size/MD5 checksum: 54840 959fc8269f565b6a60b90ac6216da171\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_mipsel.deb\n Size/MD5 checksum: 121638 8102c77355666f900144bbbf06a6e737\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_mipsel.deb\n Size/MD5 checksum: 54148 31231eb300e28dd7b27acd92b6118e81\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_mipsel.deb\n Size/MD5 checksum: 48762 45222e32a7a0ae9de9882a73d6008342\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_mipsel.deb\n Size/MD5 checksum: 88954 41584ce383f4282195d63c627eaa724a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_mipsel.deb\n Size/MD5 checksum: 72696 5d14ee7a81b0a0e083210b82ddca20c7\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_powerpc.deb\n Size/MD5 checksum: 8969934 4e344b217f6ef0a9c8e60358023b31ee\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_powerpc.deb\n Size/MD5 checksum: 53294 d37e799234391a7d8a7aea39feb77e17\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_powerpc.deb\n Size/MD5 checksum: 119228 77809235fdf58d3f061514fc0cd8a6d1\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_powerpc.deb\n Size/MD5 checksum: 56414 27ca9a1284d4d61c61d1f3cd8ec8ac2b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_powerpc.deb\n Size/MD5 checksum: 44490 28e399b1d223a87154c0121b7d03d611\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_powerpc.deb\n Size/MD5 checksum: 87470 2568624e044d49e0941b8ad30871eb3b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_powerpc.deb\n Size/MD5 checksum: 76432 56bf5eca39b58eaf2ed3979b30a327f0\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_s390.deb\n Size/MD5 checksum: 8970048 9cc28b376bc998fcb677d07560578af5\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_s390.deb\n Size/MD5 checksum: 49436 551d0048566181bac7df0649d07d5612\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_s390.deb\n Size/MD5 checksum: 110080 2e8273c064ed8274fcbefb76ba7e658d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_s390.deb\n Size/MD5 checksum: 55788 92ca368281195401f5df2b49e739804d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_s390.deb\n Size/MD5 checksum: 44886 5391354597b49101acd2c6a30dd3ab4b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_s390.deb\n Size/MD5 checksum: 90062 222e90ed6137450d20d2cdd6b22987a4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_s390.deb\n Size/MD5 checksum: 78542 c6da804896bc9fb88c39b0bb1c53ce26\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_sparc.deb\n Size/MD5 checksum: 8972432 c4ecce3bcfadaeda1503afe260d84b7f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_sparc.deb\n Size/MD5 checksum: 47664 6d5c126bdc8ba8581b8e197468577934\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_sparc.deb\n Size/MD5 checksum: 108100 c0b006f4a79340275585150450e91f0b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_sparc.deb\n Size/MD5 checksum: 54544 4e81501aee3e095dc6c0dcb44c1d15ce\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_sparc.deb\n Size/MD5 checksum: 46028 5ceccb76a01d1a1b0fba31d4d80539aa\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_sparc.deb\n Size/MD5 checksum: 86606 7444f4cf093195c09db2e53fe8f45636\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_sparc.deb\n Size/MD5 checksum: 74404 d30b3e52cb5948f869332d91eb89c850\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 9, "modified": "2006-01-23T00:00:00", "published": "2006-01-23T00:00:00", "id": "DEBIAN:DSA-950-1:9CD01", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00023.html", "title": "[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:15:54", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-2097", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 936-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 11th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : libextractor\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-2097\n CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627\n CVE-2005-3628\n\n&quot;infamous41md&quot; and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in libextractor, a library to extract arbitrary meta-data\nfrom files, and which can lead to a denial of service by crashing the\napplication or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain libextractor\npackages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.4.2-2sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.5.8-1.\n\nWe recommend that you upgrade your libextractor packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.dsc\n Size/MD5 checksum: 778 6906857074772199e2a8a892feb3aae2\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.diff.gz\n Size/MD5 checksum: 6345 c214699bde0bfad501cede35488b4f09\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz\n Size/MD5 checksum: 5887095 d99e1b13a017d39700e376a0edbf7ba2\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_alpha.deb\n Size/MD5 checksum: 19424 59bb8cddd5c80fb1cba57796b9445dab\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_alpha.deb\n Size/MD5 checksum: 5804676 9942575a95cb97dfcae26b156dca7a58\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_alpha.deb\n Size/MD5 checksum: 19204 fed48ebb930e6a7d3484bd75c8263a81\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_amd64.deb\n Size/MD5 checksum: 18098 7d4a40679062c4d2d70f9c08dc785559\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_amd64.deb\n Size/MD5 checksum: 5641300 ff1bac0e15d1a6ff630a6ced168e284f\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_amd64.deb\n Size/MD5 checksum: 17364 54dd55236286550d6cadc8dbb3df9ccd\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_arm.deb\n Size/MD5 checksum: 17480 aa541fc867f51588b676aa23d34e25a8\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_arm.deb\n Size/MD5 checksum: 5710616 ed153d5e88e899f4e27ae5a67c5e45d0\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_arm.deb\n Size/MD5 checksum: 16784 7a7f73139e8c0c62187179e993734932\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_i386.deb\n Size/MD5 checksum: 17624 5419b495e3df96a658e1323c83f7faf9\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_i386.deb\n Size/MD5 checksum: 5713300 1bc2a3ab8b321b543a1ae92590e76f8b\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_i386.deb\n Size/MD5 checksum: 16546 71e4044ff8d923cd56d4bb046be1b37f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_ia64.deb\n Size/MD5 checksum: 20404 cdea8cf2f6cd2b8a761ccca2a2d85421\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_ia64.deb\n Size/MD5 checksum: 5905266 98f5de1716817b660791a92d5ee7c6a6\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_ia64.deb\n Size/MD5 checksum: 19140 d780e22f3cd6c6204de3db711f068dcd\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_hppa.deb\n Size/MD5 checksum: 18560 70ae8b43a0cd581a36a8097fc94c2172\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_hppa.deb\n Size/MD5 checksum: 5687318 a241f7e800ac5cbd7f45fdafeae267ac\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_hppa.deb\n Size/MD5 checksum: 17710 c1848801758081872515d88f86938537\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_m68k.deb\n Size/MD5 checksum: 17184 d64fcc89500919e03805e47dbb9eca52\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_m68k.deb\n Size/MD5 checksum: 5708190 0d20df48cd437a99544bf748a1c89ea9\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_m68k.deb\n Size/MD5 checksum: 16404 0e47447d4b7007d4016c32a81f2b66f4\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mips.deb\n Size/MD5 checksum: 18416 38f460cbf16a6c2a3c735c5a6545013a\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mips.deb\n Size/MD5 checksum: 5729074 76787645b83e4438fc79325410114c99\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mips.deb\n Size/MD5 checksum: 17700 8cbf4e1556b59d982589d27e5af1211e\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mipsel.deb\n Size/MD5 checksum: 18460 dfaad60fd479b74c72c46680d92c5920\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mipsel.deb\n Size/MD5 checksum: 5726846 0d9ad0d53eddd3503cdc2fce6b118595\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mipsel.deb\n Size/MD5 checksum: 17734 a74a4df56930cd6e1ec289a714fe2225\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_powerpc.deb\n Size/MD5 checksum: 19600 0fbb4093db271d5924d8e1fb81d0c5c3\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_powerpc.deb\n Size/MD5 checksum: 5677812 543192c6a5b6b89fdc0cc0c5b3f2befe\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_powerpc.deb\n Size/MD5 checksum: 17556 bd868a198744609509201e7af0e33ab9\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_s390.deb\n Size/MD5 checksum: 17974 f16109dd971b139abc8a2194731e33c8\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_s390.deb\n Size/MD5 checksum: 5768028 dfda84e8d1a0e53794418a77a09d801f\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_s390.deb\n Size/MD5 checksum: 17918 da3bb3df7f86443b1f36ed4b5bcc0113\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_sparc.deb\n Size/MD5 checksum: 17480 1ef23c92384723ab64b315b7d8d51089\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_sparc.deb\n Size/MD5 checksum: 5752164 91a3ad11d2f029e99955b2c54088e034\n http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_sparc.deb\n Size/MD5 checksum: 16696 87e4150b6738d9921728a1e594bc4904\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 3, "modified": "2006-01-11T00:00:00", "published": "2006-01-11T00:00:00", "id": "DEBIAN:DSA-936-1:CC668", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00008.html", "title": "[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:21", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628", "CVE-2006-0301"], "description": "New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2,\nand -current to fix security issues with kpdf.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n\nAdditional information is also available from the KDE website:\n\n http://www.kde.org/info/security/advisory-20051207-2.txt\n http://www.kde.org/info/security/advisory-20060202-1.txt\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/kdegraphics-3.4.2-i486-2.tgz: Patched integer and\n heap overflows in kpdf to fix possible security bugs with malformed\n PDF files.\n For more information, see:\n http://www.kde.org/info/security/advisory-20051207-2.txt\n http://www.kde.org/info/security/advisory-20060202-1.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdegraphics-3.2.3-i486-2.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/kdegraphics-3.3.2-i486-4.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/kdegraphics-3.4.2-i486-2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdegraphics-3.5.1-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.0 package:\nda13535a269210c3e8aff65ef17e2442 kdegraphics-3.2.3-i486-2.tgz\n\nSlackware 10.1 package:\n1499ba1755da9e69a6b69031b2919eb2 kdegraphics-3.3.2-i486-4.tgz\n\nSlackware 10.2 package:\n5bb6d9647f5d48d00cbd698e9aa5821e kdegraphics-3.4.2-i486-2.tgz\n\nSlackware -current package:\na3dc06eee3e19500f39ee1ecbac977e1 kdegraphics-3.5.1-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg kdegraphics-3.4.2-i486-2.tgz", "modified": "2006-02-15T00:27:14", "published": "2006-02-15T00:27:14", "id": "SSA-2006-045-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "type": "slackware", "title": "[slackware-security] kdegraphics", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-25T16:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628", "CVE-2006-0301"], "description": "New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix security issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/xpdf-3.01-i486-3.tgz: Recompiled with xpdf-3.01pl2.patch to\n fix integer and heap overflows in xpdf triggered by malformed PDF files.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/xpdf-3.01-i386-3.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xpdf-3.01-i486-3a.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-3.01-i486-3.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 package:\nfebda74afb06e94f745ef2d02867b505 xpdf-3.01-i386-3.tgz\n\nSlackware 9.1 package:\n1dd5847ecf094359fe712850391e7b37 xpdf-3.01-i486-3.tgz\n\nSlackware 10.0 package:\nabd65f71b8484579aa4b1ce081b4d61e xpdf-3.01-i486-3.tgz\n\nSlackware 10.1 package:\n9270fb578380221d9e642c7d80fac931 xpdf-3.01-i486-3a.tgz\n\nSlackware 10.2 package:\n8c85579182d43d56920e5a79063b447e xpdf-3.01-i486-3.tgz\n\nSlackware -current package:\n172d66fd19dbf8ceca0a25a6c17e75c2 xpdf-3.01-i486-3.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xpdf-3.01-i486-3.tgz", "modified": "2006-02-15T00:28:51", "published": "2006-02-15T00:28:51", "id": "SSA-2006-045-09", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "type": "slackware", "title": "[slackware-security] xpdf", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-25T16:36:13", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3193"], "description": "New tetex packages are available for Slackware 10.2 and -current to\nfix a possible security issue. teTeX-3.0 incorporates some code from \nthe xpdf program which has been shown to have various overflows that\ncould result in program crashes or possibly the execution of arbitrary\ncode as the teTeX user. This is especially important to consider if\nteTeX is being used as part of a printer filter.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/tetex-3.0-i486-2_10.2.tgz: Regenerated the etex.fmt files\n with etex, not pdfetex. This is more appropriate since etex is a binary,\n not a link to pdfetex. Thanks to John Breckenridge for reporting the issue.\n Added --disable-a4, and fixed the texconfig for US paper default in the\n build script. Thanks to Marc Benstein and Jingmin Zhou for reporting this.\n Improved /tmp use security.\n Patched a possible security issue in library code borrowed from xpdf that's\n used in pdfetex.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/tetex-3.0-i486-2_10.2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/t/tetex-3.0-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/t/tetex-doc-3.0-i486-2.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\ncdf43c3573e8235aa15bea3a6960a4e8 tetex-3.0-i486-2_10.2.tgz\n\nSlackware -current packages:\nbaae094f336ffc8a553328cc6d41d81a tetex-3.0-i486-2.tgz\nbf14a46df01c748b088b4b54010ddb98 tetex-doc-3.0-i486-2.tgz\n\n\nInstallation instructions:\n\nUpgrade the package(s) as root:\n > upgradepkg tetex-3.0-i486-2_10.2.tgz", "modified": "2006-05-22T22:14:23", "published": "2006-05-22T22:14:23", "id": "SSA-2006-142-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.399813", "type": "slackware", "title": "[slackware-security] tetex PDF security", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}]}