19667 2009-04-18 15:10:04 +0400 JBIG2 Processing Multiple Security Vulnerabilities 2009-04-29 14:14:49 +0400 1 1 4 Development Sisyphus kdegraphics unstable all Linux CLOSED FIXED https://rhn.redhat.com/errata/RHSA-2009-0431.html security P3 blocker --- 1 crux nobody dottedmag qa-sisyphus oldest_to_newest 89667 0 crux 2009-04-18 15:10:04 +0400 Множество уязвимостей найдено в компоненте KPDF, код которого базируется на xdf: CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) CVE-2009-0147 xpdf: Multiple integer overflows in JBIG2 decoder CVE-2009-0166 xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder CVE-2009-0799 PDF JBIG2 decoder OOB read CVE-2009-0800 PDF JBIG2 multiple input validation flaws CVE-2009-1179 PDF JBIG2 integer overflow CVE-2009-1180 PDF JBIG2 invalid free() CVE-2009-1181 PDF JBIG2 NULL dereference CVE-2009-1182 PDF JBIG2 MMR decoder buffer overflows CVE-2009-1183 PDF JBIG2 MMR infinite loop DoS Апстримом xpdf выпущен патч: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch 89668 1 dottedmag 2009-04-18 15:10:48 +0400 security -> blocker 89798 2 crux 2009-04-21 01:56:41 +0400 JFYI, развернул у себя ветку security_fixes, где приложил скорректированный патч от xpdf: http://git.altlinux.org/people/crux/packages/?p=kdegraphics.git;a=commit;h=0592840ed99d1d75ca0da033e022fb60d08774bd 89887 3 zerg 2009-04-22 14:02:33 +0400 kdegraphics-3.5.10-alt2 89898 4 crux 2009-04-22 16:58:27 +0400 ack