Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <271749804.1926232.1312919290718.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Tue, 9 Aug 2011 15:48:10 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: cve request: xpdf: insecure tempfile usage in
 zxpdf script

Please use CVE-2011-2902.

Thanks.

-- 
    JB

----- Original Message -----
> Hi,
> 
> It was recently discovered that the compressed pdf handler script
> (zxpdf) that shipped in the Debian xpdf package handles tempfiles
> insecurely. Due to this flaw, a specifically-crafted pdf file name can
> be used to delete files from the user's system (by taking advantage of
> the tempfile cleanup trap; i.e. "rm -f <part of crafted file name>").
> 
> Note that as of version 3.02-13 (uploaded to Debian unstable on March
> 4th, 2011), the zxpdf became the default xpdf pdf file handler. With
> this being a default, the problem was promulgated to a much wider user
> base; thus precipitating discovery of the flaw. I've now fixed the
> problem in version 3.02-19 (uploaded to unstable on July 29th, 2011,
> and
> entered testing on July 31st).
> 
> Credit goes to Chung-chieh Shan from Harvard for discovering the
> issue.
> See his bug report for more background and details:
> http://bugs.debian.org/635849.
> 
> Please assign an id.
> 
> Thanks,
> Mike

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.