Test ID:	1.3.6.1.4.1.25623.1.0.63958
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1793-1)
Summary:	The remote host is missing an update for the Debian 'kdegraphics' package(s) announced via the DSA-1793-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'kdegraphics' package(s) announced via the DSA-1793-1 advisory. Vulnerability Insight: kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. CVE-2009-0165 Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to 'g*allocn.' CVE-2009-0166 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. CVE-2009-0799 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0800 Multiple 'input validation flaws' in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1180 The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1181 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1183 The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. The old stable distribution (etch), these problems have been fixed in version 3.5.5-3etch3. For the stable distribution (lenny), these problems have been fixed in version 3.5.9-3+lenny1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your kdegraphics packages. Affected Software/OS: 'kdegraphics' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0146 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html BugTraq ID: 34568 http://www.securityfocus.com/bid/34568 Bugtraq: 20090417 rPSA-2009-0059-1 poppler (Google Search) http://www.securityfocus.com/archive/1/502761/100/0/threaded Bugtraq: 20090417 rPSA-2009-0061-1 cups (Google Search) http://www.securityfocus.com/archive/1/502750/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1790 (Google Search) http://www.debian.org/security/2009/dsa-1790 Debian Security Information: DSA-1793 (Google Search) http://www.debian.org/security/2009/dsa-1793 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html http://security.gentoo.org/glsa/glsa-200904-20.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632 http://www.redhat.com/support/errata/RHSA-2009-0429.html http://www.redhat.com/support/errata/RHSA-2009-0430.html http://www.redhat.com/support/errata/RHSA-2009-0431.html RedHat Security Advisories: RHSA-2009:0458 http://rhn.redhat.com/errata/RHSA-2009-0458.html http://www.redhat.com/support/errata/RHSA-2009-0480.html http://www.securitytracker.com/id?1022073 http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34755 http://secunia.com/advisories/34756 http://secunia.com/advisories/34852 http://secunia.com/advisories/34959 http://secunia.com/advisories/34963 http://secunia.com/advisories/34991 http://secunia.com/advisories/35037 http://secunia.com/advisories/35064 http://secunia.com/advisories/35065 http://secunia.com/advisories/35074 http://secunia.com/advisories/35618 http://secunia.com/advisories/35685 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 SuSE Security Announcement: SUSE-SA:2009:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://www.vupen.com/english/advisories/2009/1065 http://www.vupen.com/english/advisories/2009/1066 http://www.vupen.com/english/advisories/2009/1077 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2010/1040 Common Vulnerability Exposure (CVE) ID: CVE-2009-0147 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941 Common Vulnerability Exposure (CVE) ID: CVE-2009-0165 XForce ISS Database: multiple-jbig2-unspecified(50377) https://exchange.xforce.ibmcloud.com/vulnerabilities/50377 Common Vulnerability Exposure (CVE) ID: CVE-2009-0166 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778 Common Vulnerability Exposure (CVE) ID: CVE-2009-0799 1022072 http://www.securitytracker.com/id?1022072 34291 34481 34568 34746 http://secunia.com/advisories/34746 34755 34756 34852 34959 34963 34991 35037 35064 35065 35618 35685 ADV-2009-1065 ADV-2009-1066 ADV-2009-1076 http://www.vupen.com/english/advisories/2009/1076 ADV-2009-1077 ADV-2010-1040 DSA-1790 DSA-1793 FEDORA-2009-6972 FEDORA-2009-6973 FEDORA-2009-6982 MDVSA-2009:101 MDVSA-2010:087 MDVSA-2011:175 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 RHSA-2009:0429 RHSA-2009:0430 RHSA-2009:0431 RHSA-2009:0458 RHSA-2009:0480 SSA:2009-129-01 SUSE-SA:2009:024 SUSE-SR:2009:010 SUSE-SR:2009:012 VU#196617 http://www.kb.cert.org/vuls/id/196617 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886 http://poppler.freedesktop.org/releases.html oval:org.mitre.oval:def:10204 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204 Common Vulnerability Exposure (CVE) ID: CVE-2009-0800 1022073 https://bugzilla.redhat.com/show_bug.cgi?id=495887 oval:org.mitre.oval:def:11323 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323 Common Vulnerability Exposure (CVE) ID: CVE-2009-1179 35379 http://secunia.com/advisories/35379 ADV-2009-1522 http://www.vupen.com/english/advisories/2009/1522 ADV-2009-1621 APPLE-SA-2009-06-08-1 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html APPLE-SA-2009-06-17-1 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 https://bugzilla.redhat.com/show_bug.cgi?id=495889 oval:org.mitre.oval:def:11892 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892 Common Vulnerability Exposure (CVE) ID: CVE-2009-1180 https://bugzilla.redhat.com/show_bug.cgi?id=495892 oval:org.mitre.oval:def:9926 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926 Common Vulnerability Exposure (CVE) ID: CVE-2009-1181 https://bugzilla.redhat.com/show_bug.cgi?id=495894 oval:org.mitre.oval:def:9683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683 Common Vulnerability Exposure (CVE) ID: CVE-2009-1182 https://bugzilla.redhat.com/show_bug.cgi?id=495896 oval:org.mitre.oval:def:10735 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735 Common Vulnerability Exposure (CVE) ID: CVE-2009-1183 https://bugzilla.redhat.com/show_bug.cgi?id=495899 oval:org.mitre.oval:def:10769 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.