Unix, Linux Security Bugs Patched | eWeek

Unix, Linux Security Bugs Patched

Verfasst von
Larry Seltzer
Larry Seltzer
Dec 22, 2004
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Internet security research firm iDefense has announced a series of vulnerabilities and patches for a variety of Unix- and Linux-based products.

A stack-based buffer overflow was revealed in version 3.00 of Xpdf, a popular viewer for reading PDF files, usually created by Adobe Acrobat.

“Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file,” the iDefense advisory said. According to the advisory, SuSE Linux, Red Hat Linux, Fedora Core, Debian Linux, Gentoo Linux, FreeBSD (ports) and OpenBSD are affected.

iDefense said that the bug is not a simple one to exploit, but that it can be done if the attacker has knowledge of the operating system that is running. The attacker must, of course, convince the user to view a malicious PDF file.

Foo Labs has released a patch for the problem and an updated binary version (3.00pl2) of the product.

/zimages/4/28571.gifClick hereto read about two security flaws in Acrobat that could allow an attacker to execute malicious code on a users system via a PDF file distributed via e-mail.

Meanwhile, two bugs were announced in LibTIFF, a popular library for working with TIFF image files. Both are heap-based buffer overflows and have the potential to allow remote code execution.

The user must be persuaded to open a malicious TIFF file from within an application linked to a vulnerable version of the library. The first bug, which affects the calculation of the size of a directory entry, was confirmed by iDefense in LibTIFF versions 3.5.7 and 3.7.0. The second, which affects the parsing of files with the STRIPOFFSETS flag, was confirmed in LibTIFF 3.6.1.

Both problems are fixed in the current version of the library, 3.7.1.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.