Unix, Linux Security Bugs Patched | eWeek

Unix, Linux Security Bugs Patched

Écrit par
Larry Seltzer
Larry Seltzer
Dec 22, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Internet security research firm iDefense has announced a series of vulnerabilities and patches for a variety of Unix- and Linux-based products.

A stack-based buffer overflow was revealed in version 3.00 of Xpdf, a popular viewer for reading PDF files, usually created by Adobe Acrobat.

“Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file,” the iDefense advisory said. According to the advisory, SuSE Linux, Red Hat Linux, Fedora Core, Debian Linux, Gentoo Linux, FreeBSD (ports) and OpenBSD are affected.

iDefense said that the bug is not a simple one to exploit, but that it can be done if the attacker has knowledge of the operating system that is running. The attacker must, of course, convince the user to view a malicious PDF file.

Foo Labs has released a patch for the problem and an updated binary version (3.00pl2) of the product.

/zimages/4/28571.gifClick hereto read about two security flaws in Acrobat that could allow an attacker to execute malicious code on a users system via a PDF file distributed via e-mail.

Meanwhile, two bugs were announced in LibTIFF, a popular library for working with TIFF image files. Both are heap-based buffer overflows and have the potential to allow remote code execution.

The user must be persuaded to open a malicious TIFF file from within an application linked to a vulnerable version of the library. The first bug, which affects the calculation of the size of a directory entry, was confirmed by iDefense in LibTIFF versions 3.5.7 and 3.7.0. The second, which affects the parsing of files with the STRIPOFFSETS flag, was confirmed in LibTIFF 3.6.1.

Both problems are fixed in the current version of the library, 3.7.1.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.