diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-00:55.xpdf.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-00:55.xpdf.asc | 96 |
1 files changed, 0 insertions, 96 deletions
diff --git a/share/security/advisories/FreeBSD-SA-00:55.xpdf.asc b/share/security/advisories/FreeBSD-SA-00:55.xpdf.asc deleted file mode 100644 index d7d8b295c1..0000000000 --- a/share/security/advisories/FreeBSD-SA-00:55.xpdf.asc +++ /dev/null @@ -1,96 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SA-00:55 Security Advisory - FreeBSD, Inc. - -Topic: xpdf contains multiple vulnerabilities - -Category: ports -Module: xpdf -Announced: 2000-10-13 -Credits: Unknown -Affects: Ports collection prior to the correction date. -Corrected: 2000-09-04 (4.1.1-RELEASE) -Vendor status: Updated version released -FreeBSD only: NO - -I. Background - -xpdf is a PDF viewer for X Windows. - -II. Problem Description - -The xpdf port, versions prior to 0.91, contains a race condition due -to improper handing of temporary files that may allow a local user to -overwrite arbitrary files owned by the user running xpdf. - -Additionally, when handling URLs in documents no checking was done for -shell metacharacters before starting the browser. This makes it possible -to construct a document which cause xpdf to run arbitrary commands when -the user views an URL. - -The xpdf port is not installed by default, nor is it "part of FreeBSD" -as such: it is part of the FreeBSD ports collection, which contains -nearly 4000 third-party applications in a ready-to-install format. -The ports collections shipped with FreeBSD 3.5.1 and 4.1 contain this -problem since it was discovered after the releases, but it was -corrected prior to the release of FreeBSD 4.1.1. - -FreeBSD makes no claim about the security of these third-party -applications, although an effort is underway to provide a security -audit of the most security-critical ports. - -III. Impact - -Local users, using a symlink attack, can cause arbitrary files owned -by the user running xpdf to be overwritten. Also, malicious PDFs can -cause arbitrary code to be executed. - -If you have not chosen to install the xpdf port/package, then your -system is not vulnerable to this problem. - -IV. Workaround - -Deinstall the xpdf port/package, if you you have installed it. - -V. Solution - -One of the following: - -1) Upgrade your entire ports collection and rebuild the xpdf port. - -2) Deinstall the old package and install a new package dated after the -correction date, obtained from: - -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/graphics/xpdf-0.91.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/xpdf-0.91.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/graphics/xpdf-0.91.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/xpdf-0.91.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/graphics/xpdf-0.91.tgz - -3) download a new port skeleton for the cvsweb port from: - -http://www.freebsd.org/ports/ - -and use it to rebuild the port. - -4) Use the portcheckout utility to automate option (3) above. The -portcheckout port is available in /usr/ports/devel/portcheckout or the -package can be obtained from: - -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz - ------BEGIN PGP SIGNATURE----- -Version: 2.6.2 - -iQCVAwUBOebCfVUuHi5z0oilAQEcuAP8DYr3RrCnnysWYS3eVyNJ1sokvXOXZdhZ -hI8ialbbpKY+kEtnL0DrUmeJ9c5xsVb70XJQ3D80n8O2N8I9ZAbfiHadY+omZPZX -Hpk47MuA3R4G6jXldnyq545/QdK3+uKMLkNiGG63P5VcyUsQ3bpB1uIRIX/a9U6Z -rdQfL0s3N0k= -=qh/t ------END PGP SIGNATURE----- |