Bug 175404 - CAN-2005-3191,3192,3193,3624,3625,3626,3627,3628,CAN-2006-0301 XPDF various issues
CAN-2005-3191,3192,3193,3624,3625,3626,3627,3628,CAN-2006-0301 XPDF various i...
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: xpdf (Show other bugs)
unspecified
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://www.securityfocus.com/bid/15727
LEGACY, rh73, rh90, 1, 2, 3
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-09 15:47 EST by John Dalbec
Modified: 2007-04-18 13:35 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-16 19:49:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 173888 None None None Never

  None (edit)
Description John Dalbec 2005-12-09 15:47:25 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4

Description of problem:
05.49.8 CVE: CAN-2005-3191
Platform: Linux
Title: XPDF DCTStream Baseline Remote Heap Buffer Overflow
Description: XPDF is an open source PDF viewer. It is reported prone
to a remote buffer overflow vulnerability in the
"CTStream::readBaselineSOF" function residing in the "xpdf/Stream.cc"
file. This issue is reported to affect XPDF version 3.01. Applications
using embedded XPDF code may be vulnerable to this issue as well.
Ref: http://www.securityfocus.com/bid/15727 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 John Dalbec 2005-12-09 15:55:17 EST
05.49.19 CVE: CAN-2005-3193
Platform: Cross Platform
Title: XPDF Remote Heap Buffer Overflow
Description: XPDF is an open source PDF viewer. It is vulnerable to a
remote buffer overflow issue due to insufficient boundary check with
the "JPXStream::readCodestream" function. XPDF versions 3.01 and
earlier are vulnerable.
Ref: http://rhn.redhat.com/errata/RHSA-2005-840.html 

05.49.20 CVE: CAN-2005-3192
Platform: Cross Platform
Title: XPDF StreamPredictor Remote Heap Buffer Overflow
Description: XPDF is an open source PDF viewer. It is reported prone
to a remote buffer overflow vulnerability due to improper boundary
checks before copying user-supplied data into process buffers. It is
reported that this issue presents itself in the
"StreamPredictor::StreamPredictor" function residing in the
"xpdf/Stream.cc" file. This issue is reported to affect XPDF versions
3.01-pl3 and earlier.
Ref: http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities 
Comment 2 David Eisenstein 2006-01-01 01:50:18 EST
On 12/20/2005, Red Hat (re)issued advisory RHSA-2005:840 for this issue.

http://rhn.redhat.com/errata/RHSA-2005-840.html

"This update has been rated as having important security impact by the Red
Hat Security Response Team."

According to Josh Bressers in Bug #173888, these issues affect xpdf,
kdegraphics, cups, gpdf, tetex and poppler.
Comment 3 Marc Deslauriers 2006-02-19 11:10:25 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated xpdf packages to QA.

rh7.3:
CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628

rh9:
CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628

fc1:
CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628

fc2:
CVE-2005-2097, CVE-2005-3191, CVE-2005-3192, CVE-2005-3193
CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627
CVE-2005-3628, CVE-2006-0301

fc3:
CVE-2006-0301

9da32c36e4a6cb0ef5bc97ae330a4b4fd0267963  7.3/xpdf-1.00-7.5.legacy.src.rpm
84d8c49c3d2178da51f7c5da330dae399a910a6b  9/xpdf-2.01-11.4.legacy.src.rpm
b8b923254760db567ff247a6c684c261dcf5b6d2  1/xpdf-2.03-1.4.legacy.src.rpm
1b7f801dd81ddd434af622cb39a730bc39262fda  2/xpdf-3.00-3.8.1.legacy.src.rpm
0dc50026b2dfec8e9dace0ef127fca23af707f64  3/xpdf-3.01-0.FC3.5.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/xpdf-1.00-7.5.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/xpdf-2.01-11.4.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/xpdf-2.03-1.4.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/2/xpdf-3.00-3.8.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/3/xpdf-3.01-0.FC3.5.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFD+JnZLMAs/0C4zNoRAgjvAKCZr/Z796yoFakDlLaVrz44aMrANwCeP7EG
Ju5ueZGrMjrcRcC22YLQokQ=
=AY9r
-----END PGP SIGNATURE-----
Comment 4 Pekka Savola 2006-02-20 01:08:16 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - patches verified to come from upstream or be with minor mods.
 
One spotted issue: was there a reason why the earlier patch was not
bumped to -135393.patch in RHL73?
 
+PUBLISH RHL9, FC1, FC2, FC3
 
9da32c36e4a6cb0ef5bc97ae330a4b4fd0267963  xpdf-1.00-7.5.legacy.src.rpm
84d8c49c3d2178da51f7c5da330dae399a910a6b  xpdf-2.01-11.4.legacy.src.rpm
b8b923254760db567ff247a6c684c261dcf5b6d2  xpdf-2.03-1.4.legacy.src.rpm
1b7f801dd81ddd434af622cb39a730bc39262fda  xpdf-3.00-3.8.1.legacy.src.rpm
0dc50026b2dfec8e9dace0ef127fca23af707f64  xpdf-3.01-0.FC3.5.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFD+V3zGHbTkzxSL7QRAiZwAJ4iYfybeNoqgYchuBgWNZtj1DA00ACcDUeA
d+RyT3a0guGaynDglKXUj/4=
=QNQq
-----END PGP SIGNATURE-----
Comment 5 Marc Deslauriers 2006-02-20 07:47:40 EST
in rh7.3, the code is different, and the earlier patch for 7.3 looks like it
covers the issues as well as the 135393 patch does.

The other ones had incomplete patches that I replaced with 135393.
Comment 6 Pekka Savola 2006-02-20 08:01:47 EST
I noticed that RHEL 2.1 has adapted the 135393 patch though?
Comment 7 Marc Deslauriers 2006-02-20 19:03:03 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You're right Pekka, thanks. For some reason, I didn't think rhel21 had xpdf.

Here are updated packages for rh7.3. The xpdf-0.92 patch from rhel21 was
incomplete for xpdf-1.00, so I added the missing section in.

95a0e6b4ce12d14d02bb684f9869f006520bd9c9  7.3/xpdf-1.00-7.6.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/xpdf-1.00-7.6.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFD+loZLMAs/0C4zNoRAjAVAKC70s05zLfpIxQSoz7CLFDkk9ZSmQCgr7w2
eMFIjxNTI87jI1EOnLUG0pQ=
=wvdY
-----END PGP SIGNATURE-----
Comment 8 Pekka Savola 2006-02-21 01:41:02 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
                                                                               
                                               
QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - patch mostly like RHEL21, with the one added segment which seems OK
                                                                               
                                               
+PUBLISH RHL73
                                                                               
                                               
95a0e6b4ce12d14d02bb684f9869f006520bd9c9  xpdf-1.00-7.6.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
                                                                               
                                               
iD8DBQFD+rceGHbTkzxSL7QRAnJWAJ9W+fj3RW51RhXh2e4MQe7JuNopzwCgpGEz
MvfORN0f2VL95sCF0Xy06TQ=
=0hKY
-----END PGP SIGNATURE-----
Comment 9 Marc Deslauriers 2006-02-26 11:05:18 EST
Packages were released to updates-testing
Comment 10 Pekka Savola 2006-03-01 02:40:55 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA for RHL9.  Signatures OK, upgrades OK.
Opened a couple of PDF's fine.
 
+VERIFY RHL9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFEBVDvGHbTkzxSL7QRAvTCAJ4/fuYgJS953ZrCVi5uldRFVnIlOwCgmDk4
tVCDe48yRK8cqWL5iiDwJ90=
=EndE
-----END PGP SIGNATURE-----
Comment 11 Pekka Savola 2006-03-01 02:48:59 EST
Btw, I also did rpm-build-compare.sh on the binary compared to the original Red
Hat version (xpdf-2.01-8.i386.rpm), and I noticed that our version is also
linking against libfreetype.so.6.

I don't know at which point this has come in, or whether it's intentional, but I
don't think it hurts in any case..
Comment 12 Pekka Savola 2006-03-13 01:32:08 EST
Timeout over..
Comment 13 Marc Deslauriers 2006-03-16 19:49:42 EST
Packages were pushed to updates.

Note You need to log in before you can comment on or make changes to this bug.