Nom du paquet
htmldoc
Date
2009-09-11
Advisory ID
MDVSA-2009:231
Affected versions
2009.0 x86_64 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2009.1 x86_64

Problem description

A security vulnerability has been identified and fixed in htmldoc:

Buffer overflow in the set_page_size function in util.cxx in HTMLDOC
1.8.27 and earlier allows context-dependent attackers to execute
arbitrary code via a long MEDIA SIZE comment. NOTE: it was later
reported that there were additional vectors in htmllib.cxx and
ps-pdf.cxx using an AFM font file with a long glyph name, but these
vectors do not cross privilege boundaries (CVE-2009-3050).

This update provides a solution to this vulnerability.

Updated packages

2009.0 x86_64

 9353328eb2f962049d06e06515872df6  2009.0/x86_64/htmldoc-1.8.27-2.1mdv2009.0.x86_64.rpm
 0cd7a69ece1fcb4a400357a3ab72cbd6  2009.0/x86_64/htmldoc-nogui-1.8.27-2.1mdv2009.0.x86_64.rpm 
 3793881a911d590a4a4bc6d062203334  2009.0/SRPMS/htmldoc-1.8.27-2.1mdv2009.0.src.rpm

2009.1 i586

 987394761cabb52d30a2936be12d45df  2009.1/i586/htmldoc-1.8.27-3.1mdv2009.1.i586.rpm
 a856629efe866caa315898b8d8c032cf  2009.1/i586/htmldoc-nogui-1.8.27-3.1mdv2009.1.i586.rpm 
 811cc1df862042c1f861c195f6e257e8  2009.1/SRPMS/htmldoc-1.8.27-3.1mdv2009.1.src.rpm

2009.0 i586

 9ecff97cbcaa32de2c3bec214ae9ffb9  2009.0/i586/htmldoc-1.8.27-2.1mdv2009.0.i586.rpm
 2dadb48ff604f983e379e3de3a3e2c58  2009.0/i586/htmldoc-nogui-1.8.27-2.1mdv2009.0.i586.rpm 
 3793881a911d590a4a4bc6d062203334  2009.0/SRPMS/htmldoc-1.8.27-2.1mdv2009.0.src.rpm

CS4.0 i586

 56490816a2a8d3d3d998e1a5d6b614c3  corporate/4.0/i586/htmldoc-1.8.23-8.1.20060mlcs4.i586.rpm
 4e7a0bda97b9a50858e1f8c16daa0c59  corporate/4.0/i586/htmldoc-nogui-1.8.23-8.1.20060mlcs4.i586.rpm 
 40616589d5ff1b6451b30fd9bdd424d4  corporate/4.0/SRPMS/htmldoc-1.8.23-8.1.20060mlcs4.src.rpm

CS4.0 x86_64

 9bb6ca090589664fec4f17d9fec71a26  corporate/4.0/x86_64/htmldoc-1.8.23-8.1.20060mlcs4.x86_64.rpm
 da5e19232e4f434433f3f8f243a42f6b  corporate/4.0/x86_64/htmldoc-nogui-1.8.23-8.1.20060mlcs4.x86_64.rpm 
 40616589d5ff1b6451b30fd9bdd424d4  corporate/4.0/SRPMS/htmldoc-1.8.23-8.1.20060mlcs4.src.rpm

2009.1 x86_64

 bb3ef843a653cb80277157ec193ca1b8  2009.1/x86_64/htmldoc-1.8.27-3.1mdv2009.1.x86_64.rpm
 22be1cebf3740a71bb76f299929c371e  2009.1/x86_64/htmldoc-nogui-1.8.27-3.1mdv2009.1.x86_64.rpm 
 811cc1df862042c1f861c195f6e257e8  2009.1/SRPMS/htmldoc-1.8.27-3.1mdv2009.1.src.rpm

References