Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)

High Nessus Plugin ID 28149

Synopsis

The remote Slackware host is missing a security update.

Description

New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current. These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF. These advisories and CVE entries cover the bugs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.kde.org/info/security/advisory-20071107-1.txt

Solution

Update the affected packages.

See Also

https://www.kde.org/info/security/advisory-20071107-1.txt

http://www.nessus.org/u?17a94089

Plugin Details

Severity: High

ID: 28149

File Name: Slackware_SSA_2007-316-01.nasl

Version: 1.17

Type: local

Published: 2007/11/12

Updated: 2018/11/19

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:kdegraphics, p-cpe:/a:slackware:slackware_linux:koffice, p-cpe:/a:slackware:slackware_linux:poppler, p-cpe:/a:slackware:slackware_linux:xpdf, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:10.0, cpe:/o:slackware:slackware_linux:10.1, cpe:/o:slackware:slackware_linux:10.2, cpe:/o:slackware:slackware_linux:11.0, cpe:/o:slackware:slackware_linux:12.0, cpe:/o:slackware:slackware_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/11/12

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-3387, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393

BID: 26367

SSA: 2007-316-01

CWE: 119, 189