Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Two Red Hat Security Advisories: 1. RHSA-2005:059-01 - Updated Xpdf package fixes security issue 2. RHSA-2005:068-01 - Updated less package fixes security issue

January 2005

Two Red Hat Security Advisories: 1. RHSA-2005:059-01 - Updated Xpdf package fixes security issue 2. RHSA-2005:068-01 - Updated less package fixes security issue

ID: 00080
Ref: 66/2005
Date: 31 January 2005:14:19:24
Version: 1
Title: Two Red Hat Security Advisories: 1. RHSA-2005:059-01 - Updated Xpdf package fixes security issue 2. RHSA-2005:068-01 - Updated less package fixes security issue
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
Title
=====

Two Red Hat Security Advisories:

1. RHSA-2005:059-01 - Updated Xpdf package fixes security issue

2. RHSA-2005:068-01 - Updated less package fixes security issue

Detail
======

1. Xpdf is an X Window System based viewer for Portable Document
Format (PDF) files.
A buffer overflow flaw was found when processing the /Encrypt
/Length tag. An attacker could construct a carefully crafted PDF
file that could cause Xpdf to crash or possibly execute arbitrary
code when opened. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0064 to this issue.


2. The less utility is a text file browser that resembles more, but
has extended capabilities.
Victor Ashik discovered a heap based buffer overflow in less, caused
by a patch added to the less package in Red Hat Enterprise Linux 3.
An attacker could construct a carefully crafted file that could
cause less to crash or possibly execute arbitrary code when opened.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0086 to this issue. Note that this
issue only affects the version of less distributed with Red Hat
Enterprise Linux 3.






1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0083 -- RHSA-2005:059-01
Updated Xpdf package fixes security issue
27 January 2005

===========================================================================



Product: Xpdf
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Linux variants
UNIX variants
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0064

Ref: ESB-2005.0055

Comment: This Red Hat advisory is for Enterprise Linux version 3 only. The same
vulnerability may exist in other versions, and administrators are
advised to check the vendor's web site for further details.

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated Xpdf package fixes security issue
Advisory ID: RHSA-2005:059-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-059.html
Issue date: 2005-01-26
Updated on: 2005-01-26
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0064
- - - ---------------------------------------------------------------------

1. Summary:

Updated Xpdf package that fixes a stack based buffer overflow security
issue is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x,
x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise
Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux
WS version 3 - i386, ia64, x86_64

3. Problem description:

Xpdf is an X Window System based viewer for Portable Document
Format (PDF) files.

A buffer overflow flaw was found when processing the /Encrypt
/Length tag. An attacker could construct a carefully crafted PDF
file that could cause Xpdf to crash or possibly execute arbitrary
code when opened. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0064 to this issue.

Red Hat believes that the Exec-Shield technology (enabled by default
since Update 3) will block attempts to exploit this vulnerability on
x86 architectures.

All users of the Xpdf package should upgrade to this updated package,
which resolves this issue

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the
Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

145049 - CAN-2005-0064 xpdf buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-9.5.src.rpm
b7682bf873235a9a3a94ee32798de722 xpdf-2.02-9.5.src.rpm

i386:
66b2b8703c747d9d06acd1281487fbc5 xpdf-2.02-9.5.i386.rpm

ia64:
724f57f3e393c12986305f9fd5a1ede2 xpdf-2.02-9.5.ia64.rpm

ppc:
086666a3b1f21bc428ce82378bfa97e5 xpdf-2.02-9.5.ppc.rpm

s390:
5cdff857e8cc9a8ab1ca5207578b62ce xpdf-2.02-9.5.s390.rpm

s390x:
13ebfda5ccf35633d6566fe223256875 xpdf-2.02-9.5.s390x.rpm

x86_64:
d7cb251b33b80ca2daaa02cb3f746899 xpdf-2.02-9.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-9.5.src.rpm
b7682bf873235a9a3a94ee32798de722 xpdf-2.02-9.5.src.rpm

i386:
66b2b8703c747d9d06acd1281487fbc5 xpdf-2.02-9.5.i386.rpm

x86_64:
d7cb251b33b80ca2daaa02cb3f746899 xpdf-2.02-9.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-9.5.src.rpm
b7682bf873235a9a3a94ee32798de722 xpdf-2.02-9.5.src.rpm

i386:
66b2b8703c747d9d06acd1281487fbc5 xpdf-2.02-9.5.i386.rpm

ia64:
724f57f3e393c12986305f9fd5a1ede2 xpdf-2.02-9.5.ia64.rpm

x86_64:
d7cb251b33b80ca2daaa02cb3f746899 xpdf-2.02-9.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-9.5.src.rpm
b7682bf873235a9a3a94ee32798de722 xpdf-2.02-9.5.src.rpm

i386:
66b2b8703c747d9d06acd1281487fbc5 xpdf-2.02-9.5.i386.rpm

ia64:
724f57f3e393c12986305f9fd5a1ede2 xpdf-2.02-9.5.ia64.rpm

x86_64:
d7cb251b33b80ca2daaa02cb3f746899 xpdf-2.02-9.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB97uZXlSAg2UNWIIRAvH6AJ9BObl2Dq6DTQ8i00AJmEt1tQ7N7wCgkNnn
eki2dMWdOiOJw/N1WYq/F8k=
=AIUa
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------

iQCVAwUBQfhL5Ch9+71yA2DNAQKsRAP/Zs94WrLM2IvMOxj6FAL7r/WhiEUNfaVI
xfl6TRD/zfTbkvQF2WVxnRBvLNgCW0+ekP6/ZB5bcMDf+7vpItu1nLmoPyYqvSrE
tEBlD0xXeBnHdO9/ygSaCbmnc3z1zOTMuyuPcMYd+ZRia9XRxS6vmAnWEfi9NjIq
ZkStTCKiQes=
=Q8DW
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0084 -- RHSA-2005:068-01
Updated less package fixes security issue
27 January 2005

===========================================================================



Product: less
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Linux variants
UNIX variants
Impact: Execute Arbitrary Code/Commands
Access: Existing Account
CVE Names: CAN-2005-0086

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated less package fixes security issue
Advisory ID: RHSA-2005:068-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-068.html
Issue date: 2005-01-26
Updated on: 2005-01-26
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0086
- - - ---------------------------------------------------------------------

1. Summary:

An updated less package that fixes segmentation fault when viewing
binary files is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x,
x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise
Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS
version 3 - i386, ia64, x86_64

3. Problem description:

The less utility is a text file browser that resembles more, but
has extended capabilities.

Victor Ashik discovered a heap based buffer overflow in less, caused
by a patch added to the less package in Red Hat Enterprise Linux 3.
An attacker could construct a carefully crafted file that could
cause less to crash or possibly execute arbitrary code when opened.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0086 to this issue. Note that this
issue only affects the version of less distributed with Red Hat
Enterprise Linux 3.

Red Hat believes that the Exec-Shield technology (enabled by default
since Update 3) will block attempts to remotely exploit this
vulnerability on x86 architectures.

All users of the less package should upgrade to this updated
package, which resolves this issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list
will not be updated. Note that you can also use wildcards
(*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat
Network. Many people find this an easier way to apply updates.
To use Red Hat Network, launch the Red Hat Update Agent with the
following command:

up2date

This will start an interactive process that will result in
the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

145527 - CAN-2005-0086 less crashes on scrolling of binary files

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/less-378-12.src.rpm
00632a5f0e1bfc0e752251700537b74e less-378-12.src.rpm

i386:
2966089410f98b11a3e5580ab1c2a41d less-378-12.i386.rpm

ia64:
144c0b176f93cc9962928d87d262c14d less-378-12.ia64.rpm

ppc:
01a9360e6bca2675788d7d62900cadef less-378-12.ppc.rpm

s390:
75dcd61eb532e06b0d3948694e8a831f less-378-12.s390.rpm

s390x:
2c5755559a11e4ab36726db10f8c005c less-378-12.s390x.rpm

x86_64:
8dd24b870a1ce118bcddff29e0a94074 less-378-12.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/less-378-12.src.rpm
00632a5f0e1bfc0e752251700537b74e less-378-12.src.rpm

i386:
2966089410f98b11a3e5580ab1c2a41d less-378-12.i386.rpm

x86_64:
8dd24b870a1ce118bcddff29e0a94074 less-378-12.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/less-378-12.src.rpm
00632a5f0e1bfc0e752251700537b74e less-378-12.src.rpm

i386:
2966089410f98b11a3e5580ab1c2a41d less-378-12.i386.rpm

ia64:
144c0b176f93cc9962928d87d262c14d less-378-12.ia64.rpm

x86_64:
8dd24b870a1ce118bcddff29e0a94074 less-378-12.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/less-378-12.src.rpm
00632a5f0e1bfc0e752251700537b74e less-378-12.src.rpm

i386:
2966089410f98b11a3e5580ab1c2a41d less-378-12.i386.rpm

ia64:
144c0b176f93cc9962928d87d262c14d less-378-12.ia64.rpm

x86_64:
8dd24b870a1ce118bcddff29e0a94074 less-378-12.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0086

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB97vYXlSAg2UNWIIRAlSAAJ9HIeyI3BebQfnvBeX8na0Ex5linACfYCuV
ogj5oZU8l6HbKTB1bwuAmEU=
=afTj
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQfhOMCh9+71yA2DNAQIRNAP/WCFrc1NlsYjhZFef+YmILAbOLhn6Iueb
191GcIMaBsq9aE+TvIjgKIxO7vBXqeRyDkC4y1ipdcnHr4GJXBiebiuwPXwJ5O3n
PTu71bKXW0NreR7mnsCRKxrzfTXTxLzWE+4dWJH+hBKq8f8RObv/yHMHi/c7O+oD
3vK05OJ9GiE=
=44MF
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |