Bug 20846 - JBIG2 Processing Multiple Security Vulnerabilities
Summary: JBIG2 Processing Multiple Security Vulnerabilities
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: pdfedit (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Michael Shigorin
QA Contact: qa-sisyphus
URL: http://secunia.com/advisories/35920
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-07-22 14:17 MSD by Vladimir Lettiev
Modified: 2009-07-22 20:55 MSD (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-07-22 14:17:32 MSD 
+++ Данная ошибка создана размножением ошибки 19665 +++

Зарегистрировано множество уязвимостей в коде JBIG2 декодера:
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-1182
CVE-2009-1183
CVE-2009-1187
CVE-2009-1188

Уязвимости присутствуют в pdfedit поскольку исходный код содержит в себе копию кода xpdf, имеющего данные ошибки.

Была выпущена версия 0.4.3 ( http://sourceforge.net/project/shownotes.php?release_id=698655 )
Comment 1 Repository Robot 2009-07-22 20:55:05 MSD 
pdfedit-0.4.3-alt1 -> sisyphus:

* Wed Jul 22 2009 Michael Shigorin <mike@altlinux> 0.4.3-alt1

- 0.4.3 (closes: #20846)
  + fixes hordes of security vulnerabilities in xpdf-derived JBIG2 code:
    CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799,
    CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181,
    CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188
  + thanks crux@ for prompt notification