-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2003-3
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 21 Jan 2003
Last revised : 01 Apr 2003
Package : xpdf
Summry : Integer overflow
More information :
An integer overflow in the pdftops filter from the xpdf package.
Impact :
Local attackers can gain root privileges.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
If you need to confirm the version of current installed
package, please issue rpm command as :
# rpm -qa | grep PACKAGE-NAME
<Turbolinux 8 Server>
Source Packages
Size : MD5
xpdf-1.00-2.src.rpm
4044358 b20268a33842607dd4aab05c1815af06
Binary Packages
Size : MD5
xpdf-1.00-2.i586.rpm
3835679 06e2f25af49ebf08a0ab1ea2fcc06931
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
xpdf-1.00-2.src.rpm
4044358 b20268a33842607dd4aab05c1815af06
Binary Packages
Size : MD5
xpdf-1.00-2.i586.rpm
3835319 1810fcd843182b304f5df09b5fb7ac21
<Turbolinux 7 Server>
Source Packages
Size : MD5
xpdf-0.92-2.src.rpm
1815995 de6692f858019bdf2e7e95f0e3b0e2d1
Binary Packages
Size : MD5
xpdf-0.92-2.i586.rpm
2951960 f9d52cd1215dd532947c767089ec6880
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
xpdf-0.92-2.src.rpm
1815995 de6692f858019bdf2e7e95f0e3b0e2d1
Binary Packages
Size : MD5
xpdf-0.92-2.i586.rpm
2952014 7bae12866ed3852e7c18faf508e2a7bd
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
xpdf-0.92-2.src.rpm
1815995 de6692f858019bdf2e7e95f0e3b0e2d1
Binary Packages
Size : MD5
xpdf-0.92-2.i386.rpm
3251260 1c86f8bf8cea2da09c5027e4f3b483a2
References :
CVE
[
CAN-2002-1384]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2002-1384
--------------------------------------------------------------------------
Revision History
21 Jan 2003 Initial release
01 Apr 2003 modifyed file size
--------------------------------------------------------------------------
Copyright(C) 2003 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+iVmBK0LzjOqIJMwRApUkAJ4gVJcBBPp9X+6nbWtC/7HkAvKrwACeMLhr
dbyrK/P1CFpDaE9FBIzn6S8=
=MJZq
-----END PGP SIGNATURE-----