Andr0m3da
Power Member
iDefense has warned that xpdf, an open-source application included in multiple Linux distributions, is affected by a vulnerability that could allow arbitrary code to be run.
This security flaw, which affects xpdf version 3.00, could lead to a buffer overflow that allowed an attacker to run arbitrary code when a specially crafted PDF file is opened.
All users whose computers might be affected by this flaw, are advised to install the new version 3.00pl2, available at http://www.foolabs.com/xpdf/download.html, or install a specific patch from:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
Additionally, Adobe has recently published a series of patches that solve critical vulnerabilities in versions 6.0.0 to 6.0.2 of Adobe Reader and Acrobat Reader for Windows and Macintosh. They have also fixed a buffer overflow vulnerability in Adobe Acrobat Reader version 5.09 for Unix. All these updates are available, depending on the program version, at the following addresses:
- Adobe Reader 6.0.3 update/Windows:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679
- Adobe Reader 6.0.3a update/Macintosh:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2680
- Adobe Acrobat 6.0.3 Professional and Standard Update/Windows:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2677
- Adobe Acrobat 6.0.3a Professional and Standard update/Macintosh:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2676
- Acrobat Reader for Unix 5.0.10:
http://www.adobe.com/support/techdocs/331153.html
This security flaw, which affects xpdf version 3.00, could lead to a buffer overflow that allowed an attacker to run arbitrary code when a specially crafted PDF file is opened.
All users whose computers might be affected by this flaw, are advised to install the new version 3.00pl2, available at http://www.foolabs.com/xpdf/download.html, or install a specific patch from:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
Additionally, Adobe has recently published a series of patches that solve critical vulnerabilities in versions 6.0.0 to 6.0.2 of Adobe Reader and Acrobat Reader for Windows and Macintosh. They have also fixed a buffer overflow vulnerability in Adobe Acrobat Reader version 5.09 for Unix. All these updates are available, depending on the program version, at the following addresses:
- Adobe Reader 6.0.3 update/Windows:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679
- Adobe Reader 6.0.3a update/Macintosh:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2680
- Adobe Acrobat 6.0.3 Professional and Standard Update/Windows:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2677
- Adobe Acrobat 6.0.3a Professional and Standard update/Macintosh:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2676
- Acrobat Reader for Unix 5.0.10:
http://www.adobe.com/support/techdocs/331153.html