About Ubuntu

=========================================================== Ubuntu Security Notice USN-249-1 February 13, 2006 xpdf, poppler, kdegraphics vulnerabilities CVE-2006-0301 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: kpdf libpoppler0c2 xpdf-reader xpdf-utils The problem can be corrected by upgrading the affected package to the following versions: Ubuntu 4.10: xpdf: 3.00-8ubuntu1.11 Ubuntu 5.04: xpdf: 3.00-11ubuntu3.7 kpdf: 4:3.4.0-0ubuntu3.4 Ubuntu 5.10: libpoppler0c2: 0.4.2-0ubuntu6.6 kpdf: 4:3.4.3-0ubuntu2.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: The splash image handler in xpdf did not check the validity of coordinates. By tricking a user into opening a specially crafted PDF file, an attacker could exploit this to trigger a buffer overflow which could lead to arbitrary code execution with the privileges of the user. The poppler library and kpdf also contain xpdf code, and thus are affected by the same vulnerability.