Flubber Posted January 5, 2011 Report Share Posted January 5, 2011 A security issue affects the following Ubuntu releases:Ubuntu 8.04 LTSUbuntu 9.10Ubuntu 10.04 LTSUbuntu 10.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.04 LTS: evince 2.22.2-0ubuntu2.1Ubuntu 9.10: evince 2.28.1-0ubuntu1.3Ubuntu 10.04 LTS: evince 2.30.3-0ubuntu1.2Ubuntu 10.10: evince 2.32.0-0ubuntu1.1Detalii:Details follow:Jon Larimer discovered that Evince's font parsers incorrectly handledcertain buffer lengths when rendering a DVI file. By tricking a user intoopening or previewing a DVI file that uses a specially crafted font file,an attacker could crash evince or execute arbitrary code with the user'sprivileges.In the default installation of Ubuntu 9.10 and later, attackers would beisolated by the Evince AppArmor profile.Sursa: Full Disclosure: [uSN-1035-1] Evince vulnerabilitiesPatch-urile au fost deja lansate (cu cateva ore in urma) asa ca, go, go apt-get:sudo apt-get update && sudo apt-get upgrade Quote Link to comment Share on other sites More sharing options...
