Test ID:	1.3.6.1.4.1.25623.1.0.56080
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-236-1 (tetex-bin)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to tetex-bin announced via advisory USN-236-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: cupsys libpoppler0c2 tetex-bin xpdf-reader xpdf-utils The problem can be corrected by upgrading the affected package to the following versions: Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document. The CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user 'cupsys'). Solution: Ubuntu 4.10: xpdf: 3.00-8ubuntu1.10 cupsys: 1.1.20final+cvs20040330-4ubuntu16.10 tetex-bin: 2.0.2-21ubuntu0.7 Ubuntu 5.04: xpdf: 3.00-11ubuntu3.6 tetex-bin: 2.0.2-25ubuntu0.4 Ubuntu 5.10: libpoppler0c2: 0.4.2-0ubuntu6.5 tetex-bin: 2.0.2-30ubuntu3.4 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-236-1 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3624 102972 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1 16143 http://www.securityfocus.com/bid/16143 18147 http://secunia.com/advisories/18147 18303 http://secunia.com/advisories/18303 18312 http://secunia.com/advisories/18312 18313 http://secunia.com/advisories/18313 18329 http://secunia.com/advisories/18329 18332 http://secunia.com/advisories/18332 18334 http://secunia.com/advisories/18334 18338 http://secunia.com/advisories/18338 18349 http://secunia.com/advisories/18349 18373 http://secunia.com/advisories/18373 18375 http://secunia.com/advisories/18375 18380 http://secunia.com/advisories/18380 18385 http://secunia.com/advisories/18385 18387 http://secunia.com/advisories/18387 18389 http://secunia.com/advisories/18389 18398 http://secunia.com/advisories/18398 18407 http://secunia.com/advisories/18407 18414 http://secunia.com/advisories/18414 18416 http://secunia.com/advisories/18416 18423 http://secunia.com/advisories/18423 18425 http://secunia.com/advisories/18425 18428 http://secunia.com/advisories/18428 18436 http://secunia.com/advisories/18436 18448 http://secunia.com/advisories/18448 18463 http://secunia.com/advisories/18463 18517 http://secunia.com/advisories/18517 18534 http://secunia.com/advisories/18534 18554 http://secunia.com/advisories/18554 18582 http://secunia.com/advisories/18582 18642 http://secunia.com/advisories/18642 18644 http://secunia.com/advisories/18644 18674 http://secunia.com/advisories/18674 18675 http://secunia.com/advisories/18675 18679 http://secunia.com/advisories/18679 18908 http://secunia.com/advisories/18908 18913 http://secunia.com/advisories/18913 19230 http://secunia.com/advisories/19230 19377 http://secunia.com/advisories/19377 20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U 2006-0002 http://www.trustix.org/errata/2006/0002/ 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U 20060201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U 25729 http://secunia.com/advisories/25729 ADV-2006-0047 http://www.vupen.com/english/advisories/2006/0047 ADV-2007-2280 http://www.vupen.com/english/advisories/2007/2280 DSA-931 http://www.debian.org/security/2005/dsa-931 DSA-932 http://www.debian.org/security/2005/dsa-932 DSA-936 http://www.debian.org/security/2006/dsa-936 DSA-937 http://www.debian.org/security/2005/dsa-937 DSA-938 http://www.debian.org/security/2005/dsa-938 DSA-940 http://www.debian.org/security/2005/dsa-940 DSA-950 http://www.debian.org/security/2006/dsa-950 DSA-961 http://www.debian.org/security/2006/dsa-961 DSA-962 http://www.debian.org/security/2006/dsa-962 FEDORA-2005-025 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html FEDORA-2005-026 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html FLSA-2006:176751 http://www.securityfocus.com/archive/1/427053/100/0/threaded FLSA:175404 http://www.securityfocus.com/archive/1/427990/100/0/threaded GLSA-200601-02 http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml GLSA-200601-17 http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml MDKSA-2006:003 http://www.mandriva.com/security/advisories?name=MDKSA-2006:003 MDKSA-2006:004 http://www.mandriva.com/security/advisories?name=MDKSA-2006:004 MDKSA-2006:005 http://www.mandriva.com/security/advisories?name=MDKSA-2006:005 MDKSA-2006:006 http://www.mandriva.com/security/advisories?name=MDKSA-2006:006 MDKSA-2006:008 http://www.mandriva.com/security/advisories?name=MDKSA-2006:008 MDKSA-2006:010 http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 MDKSA-2006:011 http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 MDKSA-2006:012 http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 RHSA-2006:0160 http://www.redhat.com/support/errata/RHSA-2006-0160.html RHSA-2006:0163 http://www.redhat.com/support/errata/RHSA-2006-0163.html RHSA-2006:0177 http://rhn.redhat.com/errata/RHSA-2006-0177.html SCOSA-2006.15 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt SSA:2006-045-04 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 SSA:2006-045-09 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 SUSE-SA:2006:001 http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html USN-236-1 https://usn.ubuntu.com/236-1/ http://scary.beasts.org/security/CESA-2005-003.txt http://www.kde.org/info/security/advisory-20051207-2.txt oval:org.mitre.oval:def:9437 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437 xpdf-ccitt-faxstream-bo(24022) https://exchange.xforce.ibmcloud.com/vulnerabilities/24022 Common Vulnerability Exposure (CVE) ID: CVE-2005-3625 18335 http://secunia.com/advisories/18335 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html oval:org.mitre.oval:def:9575 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575 xpdf-ccittfaxdecode-dctdecode-dos(24023) https://exchange.xforce.ibmcloud.com/vulnerabilities/24023 Common Vulnerability Exposure (CVE) ID: CVE-2005-3626 oval:org.mitre.oval:def:9992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9992 xpdf-flatedecode-dos(24026) https://exchange.xforce.ibmcloud.com/vulnerabilities/24026 Common Vulnerability Exposure (CVE) ID: CVE-2005-3627 oval:org.mitre.oval:def:10200 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200 xpdf-readhuffmantables-bo(24024) https://exchange.xforce.ibmcloud.com/vulnerabilities/24024 xpdf-readscaninfo-bo(24025) https://exchange.xforce.ibmcloud.com/vulnerabilities/24025
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.