The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow


<< Previous INDEX Search src / Print Next >> 
From: Dirk Mueller <mueller@kde.org.>
To: [email protected]
Subject: [KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow
Date: Fri, 10 Mar 2006 15:12:12 +0100
User-Agent: KMail/1.9.1
Cc: [email protected], [email protected], [email protected]
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart2273118.JjfxEjHicK";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200603101512.15931.mueller@kde.org.>
X-Virus-Scanned: antivirus-gw at tyumen.ru

--nextPart2273118.JjfxEjHicK
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline


KDE Security Advisory: kpdf/xpdf heap based buffer overflow
Original Release Date: 2006-03-10
URL: http://www.kde.org/info/security/advisory-20060202-1.txt

0. References
        CVE-2006-0746


1. Systems affected:

        KDE 3.3.2 with patch from CVE-2005-3627 applied. Please
        note that the patch for KDE 3.4.x and newer was correct and
        is unaffected.


2. Overview:

        kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
        multiple vulnerabilities, one of them being CVE-2005-3627,
        that was patched in the KDE security advisory 20051207-2.
        However, the patch published for KDE 3.3.x was faulty and
        only partially fixed the vulnerability. We'd like to thank
        Marcelo Ricardo Leitner for bringing this error to our attention.
        The Common Vulnerabilities and Exposures project has assigned
        CVE-2006-0746 to this issue.


3. Impact:

        Remotely supplied pdf files can be used to execute arbitrary
        code on the client machine.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KDE 3.3.2 and newer is available from=20
        ftp://ftp.kde.org/pub/kde/security_patches :

        ea346b89a3b39915abbfd56841b9df23  post-3.3.2-kdegraphics-CVE-2006-0746.diff


=2D-=20
Dirk//\

--nextPart2273118.JjfxEjHicK
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBEEYk/vsXr+iuy1UoRApcSAKCp8tSRzja9XlXgFjqrnhOFG2d+aACdFeOX
aAjpOeuOJEbb5BVEeg2O6Q4=
=Zd0t
-----END PGP SIGNATURE-----

--nextPart2273118.JjfxEjHicK--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру