Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2006-045-04
HistoryFeb 15, 2006 - 12:27 a.m.

[slackware-security] kdegraphics

2006-02-1500:27:14
Slackware Linux Project
www.slackware.com
37

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.184 Low

EPSS

Percentile

96.2%

JSON

New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2,
and -current to fix security issues with kpdf.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

https://vulners.com/cve/CVE-2005-3191
https://vulners.com/cve/CVE-2005-3192
https://vulners.com/cve/CVE-2005-3193
https://vulners.com/cve/CVE-2005-3624
https://vulners.com/cve/CVE-2005-3625
https://vulners.com/cve/CVE-2005-3626
https://vulners.com/cve/CVE-2005-3627
https://vulners.com/cve/CVE-2005-3628
https://vulners.com/cve/CVE-2006-0301

Additional information is also available from the KDE website:

http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.kde.org/info/security/advisory-20060202-1.txt

Here are the details from the Slackware 10.2 ChangeLog:

patches/packages/kdegraphics-3.4.2-i486-2.tgz: Patched integer and
heap overflows in kpdf to fix possible security bugs with malformed
PDF files.
For more information, see:
http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.kde.org/info/security/advisory-20060202-1.txt
https://vulners.com/cve/CVE-2005-3191
https://vulners.com/cve/CVE-2005-3192
https://vulners.com/cve/CVE-2005-3193
https://vulners.com/cve/CVE-2005-3624
https://vulners.com/cve/CVE-2005-3625
https://vulners.com/cve/CVE-2005-3626
https://vulners.com/cve/CVE-2005-3627
https://vulners.com/cve/CVE-2005-3628
https://vulners.com/cve/CVE-2006-0301
(* Security fix *)

Where to find the new packages:

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdegraphics-3.2.3-i486-2.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/kdegraphics-3.3.2-i486-4.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/kdegraphics-3.4.2-i486-2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdegraphics-3.5.1-i486-1.tgz

MD5 signatures:

Slackware 10.0 package:
da13535a269210c3e8aff65ef17e2442 kdegraphics-3.2.3-i486-2.tgz

Slackware 10.1 package:
1499ba1755da9e69a6b69031b2919eb2 kdegraphics-3.3.2-i486-4.tgz

Slackware 10.2 package:
5bb6d9647f5d48d00cbd698e9aa5821e kdegraphics-3.4.2-i486-2.tgz

Slackware -current package:
a3dc06eee3e19500f39ee1ecbac977e1 kdegraphics-3.5.1-i486-1.tgz

Installation instructions:

Upgrade the package as root:
> upgradepkg kdegraphics-3.4.2-i486-2.tgz

Related

openvas 50
debian 23
nessus 68
centos 12
slackware 1
suse 1
securityvulns 3
osv 6
gentoo 5
redhat 9
ubuntu 3
prion 2
ubuntucve 4
cve 5
debiancve 4
altlinux 2
freebsd 1
openvas
openvas
Slackware Advisory SSA:2006-045-09 xpdf
2012-09-11 00:00:00
Debian: Security Advisory (DSA-961-1)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-931-1)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution
2006-02-01 09:57:27
[SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution
2006-02-01 07:22:26
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution
2006-01-23 08:11:03
nessus
nessus
Debian DSA-950-1 : cupsys - buffer overflows
2006-10-14 00:00:00
Mandrake Linux Security Advisory : tetex (MDKSA-2006:011)
2006-01-15 00:00:00
RHEL 2.1 / 3 / 4 : xpdf (RHSA-2005:840)
2005-12-07 00:00:00
centos
centos
tetex security update
2006-01-30 00:51:00
tetex security update
2006-01-19 21:19:14
xpdf security update
2005-12-06 16:19:16
slackware
slackware
[slackware-security] xpdf
2006-02-15 00:28:51
suse
suse
remote code execution in xpdf,kpdf,gpdf,kword
2006-01-11 12:03:37
securityvulns
securityvulns
[Full-disclosure] [SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution
2006-02-01 00:00:00
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities
2006-01-07 00:00:00
[ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
2006-02-01 00:00:00
osv
osv
xpdf - buffer overflows
2006-01-09 00:00:00
kdegraphics - buffer overflows
2006-01-09 00:00:00
pdftohtml - buffer overflows
2006-02-01 00:00:00
gentoo
gentoo
KPdf, KWord: Multiple overflows in included Xpdf code
2006-01-04 00:00:00
Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
2006-01-30 00:00:00
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
2005-12-16 00:00:00
redhat
redhat
(RHSA-2005:868) kdegraphics security update
2005-12-20 00:00:00
(RHSA-2005:840) xpdf security update
2005-12-06 00:00:00
(RHSA-2006:0160) tetex security update
2006-01-19 00:00:00
ubuntu
ubuntu
xpdf vulnerabilities in kword, kpdf
2006-01-09 00:00:00
xpdf vulnerabilities
2006-01-06 00:00:00
xpdf vulnerabilities
2005-12-12 00:00:00
prion
prion
Design/Logic Flaw
2006-03-15 19:06:00
Heap overflow
2006-01-30 22:03:00
ubuntucve
ubuntucve
CVE-2006-1244
2006-03-15 00:00:00
CVE-2006-0301
2006-01-30 00:00:00
CVE-2005-3626
2005-12-31 00:00:00
cve
cve
CVE-2006-1244
2006-03-15 19:06:00
CVE-2005-3624
2005-12-31 05:00:00
CVE-2005-3626
2005-12-31 05:00:00
debiancve
debiancve
CVE-2006-1244
2006-03-15 19:06:00
CVE-2005-3624
2005-12-31 05:00:00
CVE-2005-3626
2005-12-31 05:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package xpdf version 3.01-alt4
2006-02-18 00:00:00
Security fix for the ALT Linux 5 package xpdf version 3.01-alt2pl1
2005-12-07 00:00:00
freebsd
freebsd
kpdf -- heap based buffer overflow
2006-02-02 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.184 Low

EPSS

Percentile

96.2%

JSON
Related for SSA-2006-045-04
openvas50debian23nessus68centos12slackware1suse1securityvulns3osv6gentoo5redhat9ubuntu3prion2ubuntucve4cve5debiancve4altlinux2freebsd1