安全研究
安全漏洞
Xpdf嵌入字体处理代码执行漏洞
发布日期:2008-04-17
更新日期:2008-04-21
受影响系统:
Xpdf Xpdf 3.x描述:
BUGTRAQ ID: 28830
CVE(CAN) ID: CVE-2008-1693
Xpdf是便携文档格式(PDF)文件的开放源码查看器。
Xpdf显示PDF文件中所嵌入的畸形字体的方式存在漏洞,攻击者可以创建恶意的PDF文件,如果打开了该文件就会导致Xpdf崩溃或执行任意指令。
<*来源:Kees Cook (kees@ubuntu.com)
链接:http://secunia.com/advisories/29816/
https://rhn.redhat.com/errata/RHSA-2008-0238.html
https://www.redhat.com/support/errata/RHSA-2008-0240.html
https://www.redhat.com/support/errata/RHSA-2008-0239.html
http://www.debian.org/security/2008/dsa-1548
http://www.debian.org/security/2008/dsa-1606
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1606-1)以及相应补丁:
DSA-1606-1:poppler packages fix execution of arbitrary code
链接:http://www.debian.org/security/2008/dsa-1606
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.dsc
Size/MD5 checksum: 757 1560882fd2916cf690dfab5b36caf393
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.diff.gz
Size/MD5 checksum: 484328 8f9c696fb31d332b65515d263b9b29da
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
Size/MD5 checksum: 783752 2bb1c75aa3f9c42f0ba48b5492e6d32c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 30352 3a20e8e3a5f60e0c8a676a290e858a61
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 43058 9bb013f968577d9320de44b82e7fd1f1
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 772710 d2b3b2490771162ac139f5246e85b231
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 86580 c396dba838001d108bf56d477f08cd4b
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 34056 5f12b52c57a11f9881e433bb9710acaa
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 55052 fd976b4ba5a06387095fd5ab0eb1ddd3
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 504476 19e19093f81f966f0e8e2da723f8e07b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 613694 30e519a2a6a52073527556f7be56e368
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 30656 879a9f7b40b84395dec8667fbaed7a30
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 46070 3fca3fa3a27cd8591e3b654e0063d818
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 41768 0e876f9dde8c94548fb5a5f973d4d1fb
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 456526 1aa5b6834c6605b9c0c89d76c527b085
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 29706 252693ce004ebe4da029cb8cac60c8ad
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 83614 4f3e6d766e655a6a6e48ce379853e720
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 40176 c220cbc637a1898a24f3d6facf2334b5
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 81782 513ca3c03a1d48caa5ab2ddd4ada7aed
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 438142 f4b166156f43a8715d2cc8b27c621e53
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 44736 ae0bddb8502ebb76a4f9624dcac81604
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 29436 d43e6939e318a65c9c8e0c16cb02bd38
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 30426 0967f5e7fa741c8cf026ffb763ff014e
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 594928 dac70571d0ad3f9a909198b26a28faa4
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 540242 df8ce9c4c3a169f9be4e3926d994eee6
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 45668 74f74bfe2617742ead80785c9e11cbad
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 87808 41b1e8124adc89510682a7583c76923c
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 50304 a811b4590c717572d0e531b1c818f5a4
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 31084 357259aca7b21fa7971c9f884fb43726
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 713728 a90e1e548048facb915ce56eccada131
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 31838 38bdf2ce3f6f7f5131d15d4b8a609630
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_i386.deb
Size/MD5 checksum: 41398 6e9efb137e66dfd94845df3317e21fd1
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_i386.deb
Size/MD5 checksum: 577624 0fdd4127669e2a47670cb4047f9cd21d
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_i386.deb
Size/MD5 checksum: 30342 681d77159be64f8285d2292fa718ccc2
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_i386.deb
Size/MD5 checksum: 29758 790a89e5646fcaf5ffa5209fa17540d2
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_i386.deb
Size/MD5 checksum: 44856 09726e0b4b94ac65ad12d70ea485469f
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_i386.deb
Size/MD5 checksum: 80810 8b155f09a771e3ed179a973a7a7d06e4
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_i386.deb
Size/MD5 checksum: 443684 817175329a0cfead2f00c128ad8f55f8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_ia64.deb
Size/MD5 checksum: 613198 31d755b29e5623ee0ece5795bee720cc
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_ia64.deb
Size/MD5 checksum: 32206 aa89439c77d7ef337971944ee621b064
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_ia64.deb
Size/MD5 checksum: 54842 36132f7b438eac1b793cc7ba7c1a740a
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_ia64.deb
Size/MD5 checksum: 33788 0603447588cfbffd6969596a06f7ad57
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_ia64.deb
Size/MD5 checksum: 105274 679fe2ab7f9cc54b7e86b7b02c1f6eb7
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_ia64.deb
Size/MD5 checksum: 808860 774cbfee74f2b356689996d27c79bcb3
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_ia64.deb
Size/MD5 checksum: 47804 a1e68d3e0dc53644c5441fb7c1b03a64
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_mips.deb
Size/MD5 checksum: 50294 8598301860f891c34b5028950926e23c
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_mips.deb
Size/MD5 checksum: 457928 b27722d07d500b168c8ac57e84c24d7c
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_mips.deb
Size/MD5 checksum: 41816 dd3ce7ee3f109ea7b391bebe67631708
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_mips.deb
Size/MD5 checksum: 674736 3d4f077c3a79d1b1adb6ad5a2c79c8fc
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_mips.deb
Size/MD5 checksum: 31980 f170e8066e739f995a6bc7af43f22fde
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_mips.deb
Size/MD5 checksum: 86668 d8d6c0f593dbcf10984a171a77f36c77
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_mips.deb
Size/MD5 checksum: 29582 97643d32f0109d0a692b13942f48e413
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_powerpc.deb
Size/MD5 checksum: 89292 cd9cf091a64c2e3f98b07fcb82d8f850
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_powerpc.deb
Size/MD5 checksum: 472336 2b6b5805523bda347c3a01473b068327
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_powerpc.deb
Size/MD5 checksum: 48130 eacfcf656af6fbc9c16cff979b37e75e
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_powerpc.deb
Size/MD5 checksum: 31438 b132335b02f73e42de78e173cbcbbfb6
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_powerpc.deb
Size/MD5 checksum: 31406 a091098584a0686afc4b28ae1fbf83c5
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_powerpc.deb
Size/MD5 checksum: 651942 78df9e2410257f45d1eeb22da2ae805c
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_powerpc.deb
Size/MD5 checksum: 43162 4455826b656b6e8d5f966c470ca6ca03
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_s390.deb
Size/MD5 checksum: 453844 9018dafb416a5fbb7cf6e67a98b7ca16
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_s390.deb
Size/MD5 checksum: 29504 e6d1179ace04c734f919a53c4ed20c85
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_s390.deb
Size/MD5 checksum: 46820 1e299394d64f0bf5a17dd340a41e55a0
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_s390.deb
Size/MD5 checksum: 80750 a61100d27837dc60ef1857b8d786fada
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_s390.deb
Size/MD5 checksum: 30596 8153c10261795e578b27c2ede5cc5528
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_s390.deb
Size/MD5 checksum: 41692 26f0d2342e4386061533faa2a55f5de3
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_s390.deb
Size/MD5 checksum: 621930 27d8f7cc1cd2c307285eafddc3efb70b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_sparc.deb
Size/MD5 checksum: 583994 e2d0fbcc107d82d95a774ad7b24dbd43
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_sparc.deb
Size/MD5 checksum: 78276 e75355488b436d46872686c50397ef04
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_sparc.deb
Size/MD5 checksum: 40438 d7b939665ce01d3773e76456a310d3bc
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_sparc.deb
Size/MD5 checksum: 30616 96c7b850564ce3c51e75e0e0241ac6a1
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_sparc.deb
Size/MD5 checksum: 29272 aed8c46365fd59e786288d4e55298792
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_sparc.deb
Size/MD5 checksum: 444346 2e2b0a2a3bd75ed2d534f48ef4a1b275
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_sparc.deb
Size/MD5 checksum: 44546 7dcf884f27b08f31306b332e817f4571
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2008:0239-01)以及相应补丁:
RHSA-2008:0239-01:Important: poppler security update
链接:https://www.redhat.com/support/errata/RHSA-2008-0239.html
浏览次数:2994
严重程度:0(网友投票)
绿盟科技给您安全的保障