Security advisory: xpdf (CVE-2005-3624/25/26/27)

Yaakov S (Cygwin Ports) yselkowitz@users.sourceforge.net
Tue Feb 14 02:47:00 GMT 2006


Yaakov S (Cygwin Ports) wrote:
> Xpdf is vulnerable to integer overflows that may be exploited to execute 
> arbitrary code.
> 
> Solution: apply this patch to xpdf-3.01:
> http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-text/xpdf/files/xpdf-3.01-sec-rollup.patch 
> 
> 
> More information:
> http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

Now, in addition to the above, there's another heap overflow 
vulnerability.  Isn't maintaining xpdf a lot of fun? :-)

Solution:  apply this patch (IN ADDITION to the others):
https://bugzilla.novell.com/attachment.cgi?id=66287

More information:
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml


Yaakov



More information about the Cygwin-apps mailing list