Debian DSA-2357-1 : evince - several vulnerabilities

High Nessus Plugin ID 56999

Synopsis

The remote Debian host is missing a security-related update.

Description

Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the Evince document viewer :

- CVE-2010-2640 Insufficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution.

- CVE-2010-2641 Insufficient array bounds checks in the VF fonts parser could lead to function pointer overwrite, causing arbitrary code execution.

- CVE-2010-2642 Insufficient bounds checks in the AFM fonts parser when writing data to a memory buffer allocated on heap could lead to arbitrary memory overwrite and arbitrary code execution.

- CVE-2010-2643 Insufficient check on an integer used as a size for memory allocation can lead to arbitrary write outside the allocated range and cause arbitrary code execution.

Solution

Upgrade the evince packages.

For the oldstable distribution (lenny), this problem has been fixed in version 2.22.2-4~lenny2.

For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641 and CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for CVE-2010-2642 was incomplete. The final fix is present in version 2.30.3-2+squeeze1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609534

https://security-tracker.debian.org/tracker/CVE-2010-2640

https://security-tracker.debian.org/tracker/CVE-2010-2641

https://security-tracker.debian.org/tracker/CVE-2010-2642

https://security-tracker.debian.org/tracker/CVE-2010-2643

https://security-tracker.debian.org/tracker/CVE-2010-2640

https://security-tracker.debian.org/tracker/CVE-2010-2641

https://security-tracker.debian.org/tracker/CVE-2010-2643

https://security-tracker.debian.org/tracker/CVE-2010-2642

https://packages.debian.org/source/squeeze/evince

https://www.debian.org/security/2011/dsa-2357

Plugin Details

Severity: High

ID: 56999

File Name: debian_DSA-2357.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2011/12/05

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:evince, cpe:/o:debian:debian_linux:5.0, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/12/03

Reference Information

CVE: CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643

BID: 45678

DSA: 2357