[16747] in bugtraq
Conectiva Linux Security Announcement - xpdf
daemon@ATHENA.MIT.EDU (secure@CONECTIVA.COM.BR)
Wed Sep 13 13:04:26 2000
Message-Id: <200009131214.JAA20521@distro.conectiva.com.br>
Date: Wed, 13 Sep 2000 09:14:23 -0300
Reply-To: secure@CONECTIVA.COM.BR
From: secure@CONECTIVA.COM.BR
X-To: lwn@lwn.net, security-alert@linuxsecurity.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
-----------------------------------------------------------------------
PACKAGE : xpdf
SUMMARY : Shell commands in URLs and insecure use of /tmp
DATE : 2000-09-12 15:31:00
RELEVANT
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg graficos, ecommerce, 5.1
----------------------------------------------------------------------
DESCRIPTION
Versions prior to 0.91 of xpdf have some security problems:
1) Insecure file creation in /tmp which could be exploited via
symlink attacks;
2) Shell commands inserted in URLs would be expanded and executed by
the shell when the user opened such an URL from within xpdf.
Please note that xpdf is not SUID and therefore any attack which uses
these vulnerabilities will only have the privileges of the user
running xpdf.
SOLUTION
All xpdf users should upgrade.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/xpdf-0.91-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/xpdf-0.91-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/xpdf-0.91-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/xpdf-0.91-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/xpdf-0.91-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/xpdf-0.91-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/xpdf-0.91-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/xpdf-0.91-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/xpdf-0.91-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/xpdf-0.91-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/xpdf-0.91-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/xpdf-0.91-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/xpdf-0.91-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/xpdf-0.91-1cl.i386.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
