English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54047
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2004:039 (xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups)
Summary:SuSE Security Advisory SUSE-SA:2004:039 (xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups)
Description:
The remote host is missing updates announced in
advisory SUSE-SA:2004:039.

Xpdf is a widely used fast PDF file viewer. Various other PDF viewer
and PDF conversion tools use xpdf code to accomplish their tasks.
Chris Evans found several integer overflows and arithmetic errors.
Additionally Sebastian Krahmer from the SuSE Security-Team found similar
bugs in xpdf 3.
These bugs can be exploited by tricking an user to open a malformated PDF
file. As a result the PDF viewer can be crashed or may be even code can be
executed.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2004:039

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0888
Conectiva Linux advisory: CLA-2004:886
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886
Debian Security Information: DSA-573 (Google Search)
http://www.debian.org/security/2004/dsa-573
Debian Security Information: DSA-581 (Google Search)
http://www.debian.org/security/2004/dsa-581
Debian Security Information: DSA-599 (Google Search)
http://www.debian.org/security/2004/dsa-599
http://marc.theaimsgroup.com/?l=bugtraq&m=110815379627883&w=2
https://bugzilla.fedora.us/show_bug.cgi?id=2353
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
http://www.mandriva.com/security/advisories?name=MDKSA-2004:114
http://www.mandriva.com/security/advisories?name=MDKSA-2004:115
http://www.mandriva.com/security/advisories?name=MDKSA-2004:116
http://www.redhat.com/support/errata/RHSA-2004-543.html
http://www.redhat.com/support/errata/RHSA-2004-592.html
http://www.redhat.com/support/errata/RHSA-2005-066.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
SuSE Security Announcement: SUSE-SA:2004:039 (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=109880927526773&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=109900116408307&w=2
BugTraq ID: 11501
http://www.securityfocus.com/bid/11501
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9714
XForce ISS Database: xpdf-pdf-bo(17818)
http://xforce.iss.net/xforce/xfdb/17818
Common Vulnerability Exposure (CVE) ID: CVE-2004-0889
XForce ISS Database: xpdf-pdf-file-bo(17819)
http://xforce.iss.net/xforce/xfdb/17819
Common Vulnerability Exposure (CVE) ID: CVE-2004-0938
http://security.gentoo.org/glsa/glsa-200409-29.xml
CERT/CC vulnerability note: VU#541574
http://www.kb.cert.org/vuls/id/541574
BugTraq ID: 11222
http://www.securityfocus.com/bid/11222
http://www.osvdb.org/10178
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1347
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10837
XForce ISS Database: freeradius-dos(17440)
http://xforce.iss.net/xforce/xfdb/17440
Common Vulnerability Exposure (CVE) ID: CVE-2004-0960
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11023
Common Vulnerability Exposure (CVE) ID: CVE-2004-0961
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10024
Common Vulnerability Exposure (CVE) ID: CVE-2004-0918
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=false
Conectiva Linux advisory: CLA-2005:923
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
http://fedoranews.org/updates/FEDORA--.shtml
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html
http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml
http://www.redhat.com/support/errata/RHSA-2004-591.html
SCO Security Bulletin: SCOSA-2005.16
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=109913064629327&w=2
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
BugTraq ID: 11385
http://www.securityfocus.com/bid/11385
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10931
http://www.vupen.com/english/advisories/2008/1969/references
http://secunia.com/advisories/30914
http://secunia.com/advisories/30967
XForce ISS Database: squid-snmp-asnparseheader-dos(17688)
http://xforce.iss.net/xforce/xfdb/17688
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.