MDVSA-2011:005

Nom du paquet

evince

Date

2011-01-13

Advisory ID

MDVSA-2011:005

Affected versions

MES5 i586 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in evince:

Array index error in the PK and VF font parser in the dvi-backend
component in Evince 2.32 and earlier allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted font in conjunction with a DVI file that
is processed by the thumbnailer (CVE-2010-2640, CVE-2010-2641).

Heap-based buffer overflow in the AFM font parser in the dvi-backend
component in Evince 2.32 and earlier allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted font in conjunction with a DVI file that
is processed by the thumbnailer (CVE-2010-2642).

Integer overflow in the TFM font parser in the dvi-backend component in
Evince 2.32 and earlier allows remote attackers to execute arbitrary
code via a crafted font in conjunction with a DVI file that is
processed by the thumbnailer (CVE-2010-2643).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 c5187d89da4344a18e4b757f51946671  mes5/i586/evince-2.24.0-2.2mdvmes5.1.i586.rpm
 5a81c37bff705aa4b7b9cb8e96a4cbb2  mes5/i586/libevince0-2.24.0-2.2mdvmes5.1.i586.rpm
 9e1c0400a275f99fa3a1350b4328e84e  mes5/i586/libevince-devel-2.24.0-2.2mdvmes5.1.i586.rpm 
 d4ac7e1574b982ec49d34cfb61026c77  mes5/SRPMS/evince-2.24.0-2.2mdvmes5.1.src.rpm

2010.0 x86_64

 7f547bd0f819bb294155a77992dc3867  2010.0/x86_64/evince-2.28.1-1.1mdv2010.0.x86_64.rpm
 b49ee796665b1f3690aa8604f398da6f  2010.0/x86_64/lib64evince1-2.28.1-1.1mdv2010.0.x86_64.rpm
 2d4d32da719f789cab879b3a057c31e8  2010.0/x86_64/lib64evince-devel-2.28.1-1.1mdv2010.0.x86_64.rpm 
 8cf3fc28bc224cb6d798986b83ff214b  2010.0/SRPMS/evince-2.28.1-1.1mdv2010.0.src.rpm

2010.1 i586

 89ccc35a168dc271615257ca3b9dc15b  2010.1/i586/evince-2.30.3-1.1mdv2010.2.i586.rpm
 680a161ca4937b9624d76313f66ece67  2010.1/i586/libevince2-2.30.3-1.1mdv2010.2.i586.rpm
 5f2992bce84180aa51ff1b7a6ceb8ff1  2010.1/i586/libevince-devel-2.30.3-1.1mdv2010.2.i586.rpm 
 1c0b1ce4cb6374b5d83f620669e2ff7f  2010.1/SRPMS/evince-2.30.3-1.1mdv2010.2.src.rpm

2010.0 i586

 e079913edf4d4f3073865b7d49fe799e  2010.0/i586/evince-2.28.1-1.1mdv2010.0.i586.rpm
 799a7a19999cca73b787ea557fabe48b  2010.0/i586/libevince1-2.28.1-1.1mdv2010.0.i586.rpm
 9da45de2f8808622d87310139ab0cd57  2010.0/i586/libevince-devel-2.28.1-1.1mdv2010.0.i586.rpm 
 8cf3fc28bc224cb6d798986b83ff214b  2010.0/SRPMS/evince-2.28.1-1.1mdv2010.0.src.rpm

MES5 x86_64

 8f672ce32264b8ca99f5540972a3a7f8  mes5/x86_64/evince-2.24.0-2.2mdvmes5.1.x86_64.rpm
 0882e7a97b30c1ecf1ebf7c1dd1bb191  mes5/x86_64/lib64evince0-2.24.0-2.2mdvmes5.1.x86_64.rpm
 9bce986a11c112a50911390d965be0c9  mes5/x86_64/lib64evince-devel-2.24.0-2.2mdvmes5.1.x86_64.rpm 
 d4ac7e1574b982ec49d34cfb61026c77  mes5/SRPMS/evince-2.24.0-2.2mdvmes5.1.src.rpm

2010.1 x86_64

 92b2edf7ebcbc5562b3664d328cfbb84  2010.1/x86_64/evince-2.30.3-1.1mdv2010.2.x86_64.rpm
 258d61dca83a88e6a4560e0793ebc35f  2010.1/x86_64/lib64evince2-2.30.3-1.1mdv2010.2.x86_64.rpm
 04afd91e85be6701d28e0b1164e7e41f  2010.1/x86_64/lib64evince-devel-2.30.3-1.1mdv2010.2.x86_64.rpm 
 1c0b1ce4cb6374b5d83f620669e2ff7f  2010.1/SRPMS/evince-2.30.3-1.1mdv2010.2.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2643
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2641
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2640