Security advisory: xpdf (CVE-2005-3624/25/26/27)
Yaakov S (Cygwin Ports)
yselkowitz@users.sourceforge.net
Tue Feb 14 02:47:00 GMT 2006
Yaakov S (Cygwin Ports) wrote:
> Xpdf is vulnerable to integer overflows that may be exploited to execute
> arbitrary code.
>
> Solution: apply this patch to xpdf-3.01:
> http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-text/xpdf/files/xpdf-3.01-sec-rollup.patch
>
>
> More information:
> http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
Now, in addition to the above, there's another heap overflow
vulnerability. Isn't maintaining xpdf a lot of fun? :-)
Solution: apply this patch (IN ADDITION to the others):
https://bugzilla.novell.com/attachment.cgi?id=66287
More information:
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
Yaakov
More information about the Cygwin-apps
mailing list