U radu programskog paketa Evince, za operacijski sustav Fedora 13, otkriveno je nekoliko sigurnosnih propusta. Riječ je o paketu namijenjenom pregledavanju dokumenata različitih formata, kao što su PDF, PostScript, djvu, tiff i dvi. Propusti su posljedica nepravilnosti u komponenti "dvi-backend" u PK, VF, AFM i TFM font analizatorima. Takva situacija omogućuje udaljeno izvođenje napada uskraćivanjem usluge (DoS) ili pokretanje proizvoljnog programskog koda. Svim se korisnicima savjetuje instalacija ispravljenih inačica.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0224
2011-01-07 19:29:25
--------------------------------------------------------------------------------
Name : evince
Product : Fedora 13
Version : 2.30.3
Release : 2.fc13
URL : http://projects.gnome.org/evince/
Summary : Document viewer
Description :
Evince is simple multi-page document viewer. It can display and print
Portable Document Format (PDF), PostScript (PS) and Encapsulated PostScript
(EPS) files. When supported by the document format, evince allows searching
for text, copying text to the clipboard, hypertext navigation,
table-of-contents bookmarks and editing of forms.
Support for other document formats such as DVI and DJVU can be added by
installing additional backends.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 6 2011 Marek Kasik <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.30.3-2
- Fixes CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643
- Resolves: #667573
* Fri Jun 25 2010 Marek Kasik <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.30.3-1
- Update to 2.30.3
* Tue Jun 22 2010 Marek Kasik <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.30.2-1
- Update to 2.30.2 (resolves #587495)
- Remove unused patches
* Tue Jun 22 2010 Marek Kasik <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.30.1-3
- Check whether metadata is NULL before using it
- Resolves: #597777
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #666314 - CVE-2010-2641 evince: Array index errror in DVI file VF
font parser
https://bugzilla.redhat.com/show_bug.cgi?id=666314
[ 2 ] Bug #666318 - CVE-2010-2642 evince: Heap based buffer overflow in DVI
file AFM font parser
https://bugzilla.redhat.com/show_bug.cgi?id=666318
[ 3 ] Bug #666313 - CVE-2010-2640 evince: Array index errror in DVI file PK
font parser
https://bugzilla.redhat.com/show_bug.cgi?id=666313
[ 4 ] Bug #666321 - CVE-2010-2643 evince: Integer overflow in DVI file TFM
font parser
https://bugzilla.redhat.com/show_bug.cgi?id=666321
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update evince' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke