Rapid7 VulnDB

SUSE Linux Security Advisory: SUSE-SR:2009:020

Back to Search

SUSE Linux Security Advisory: SUSE-SR:2009:020

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
09/02/2009
Created
07/25/2018
Added
12/12/2013
Modified
07/04/2017

Description

Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries.

Solution(s)

  • suse-upgrade-apache2-mod_jk
  • suse-upgrade-cacti
  • suse-upgrade-cdparanoia
  • suse-upgrade-cdparanoia-32bit
  • suse-upgrade-cdparanoia-64bit
  • suse-upgrade-cdparanoia-x86
  • suse-upgrade-check
  • suse-upgrade-check-32bit
  • suse-upgrade-check-64bit
  • suse-upgrade-cups
  • suse-upgrade-cups-client
  • suse-upgrade-cups-devel
  • suse-upgrade-cups-libs
  • suse-upgrade-cups-libs-32bit
  • suse-upgrade-cups-libs-64bit
  • suse-upgrade-cups-libs-x86
  • suse-upgrade-desktop-file-utils
  • suse-upgrade-ethereal
  • suse-upgrade-ethereal-devel
  • suse-upgrade-fam
  • suse-upgrade-fam-32bit
  • suse-upgrade-fam-64bit
  • suse-upgrade-fam-x86
  • suse-upgrade-finch
  • suse-upgrade-finch-devel
  • suse-upgrade-gnome-vfs2
  • suse-upgrade-gnome-vfs2-32bit
  • suse-upgrade-gnome-vfs2-64bit
  • suse-upgrade-gnome-vfs2-lang
  • suse-upgrade-gnome-vfs2-x86
  • suse-upgrade-gstreamer-0_10
  • suse-upgrade-gstreamer-0_10-32bit
  • suse-upgrade-gstreamer-0_10-64bit
  • suse-upgrade-gstreamer-0_10-lang
  • suse-upgrade-htmldoc
  • suse-upgrade-kdelibs3
  • suse-upgrade-kdelibs3-32bit
  • suse-upgrade-kdelibs3-64bit
  • suse-upgrade-kdelibs3-arts
  • suse-upgrade-kdelibs3-arts-32bit
  • suse-upgrade-kdelibs3-arts-64bit
  • suse-upgrade-kdelibs3-default-style
  • suse-upgrade-kdelibs3-default-style-32bit
  • suse-upgrade-kdelibs3-default-style-64bit
  • suse-upgrade-kdelibs3-devel
  • suse-upgrade-kdelibs3-doc
  • suse-upgrade-kdelibs4
  • suse-upgrade-kdelibs4-core
  • suse-upgrade-kdelibs4-doc
  • suse-upgrade-libgstreamer-0_10-0
  • suse-upgrade-libgstreamer-0_10-0-32bit
  • suse-upgrade-libgstreamer-0_10-0-64bit
  • suse-upgrade-libkde4
  • suse-upgrade-libkde4-32bit
  • suse-upgrade-libkde4-64bit
  • suse-upgrade-libkde4-devel
  • suse-upgrade-libkdecore4
  • suse-upgrade-libkdecore4-32bit
  • suse-upgrade-libkdecore4-64bit
  • suse-upgrade-libkdecore4-devel
  • suse-upgrade-libogg0
  • suse-upgrade-libogg0-32bit
  • suse-upgrade-libogg0-64bit
  • suse-upgrade-libogg0-x86
  • suse-upgrade-liboil
  • suse-upgrade-liboil-32bit
  • suse-upgrade-liboil-64bit
  • suse-upgrade-liboil-x86
  • suse-upgrade-libpoppler-devel
  • suse-upgrade-libpoppler-doc
  • suse-upgrade-libpoppler-glib-devel
  • suse-upgrade-libpoppler-glib3
  • suse-upgrade-libpoppler-glib4
  • suse-upgrade-libpoppler-qt2
  • suse-upgrade-libpoppler-qt3-devel
  • suse-upgrade-libpoppler-qt4-3
  • suse-upgrade-libpoppler-qt4-devel
  • suse-upgrade-libpoppler3
  • suse-upgrade-libpoppler4
  • suse-upgrade-libpoppler5
  • suse-upgrade-libpurple
  • suse-upgrade-libpurple-devel
  • suse-upgrade-libpurple-lang
  • suse-upgrade-libpurple-meanwhile
  • suse-upgrade-libpurple-mono
  • suse-upgrade-libpurple-tcl
  • suse-upgrade-libtheora0
  • suse-upgrade-libtheora0-32bit
  • suse-upgrade-libtheora0-64bit
  • suse-upgrade-libtheora0-x86
  • suse-upgrade-libvisual
  • suse-upgrade-libvisual-32bit
  • suse-upgrade-libvisual-64bit
  • suse-upgrade-libvorbis
  • suse-upgrade-libvorbis-32bit
  • suse-upgrade-libvorbis-64bit
  • suse-upgrade-lighttpd
  • suse-upgrade-lighttpd-mod_cml
  • suse-upgrade-lighttpd-mod_magnet
  • suse-upgrade-lighttpd-mod_mysql_vhost
  • suse-upgrade-lighttpd-mod_rrdtool
  • suse-upgrade-lighttpd-mod_trigger_b4_dl
  • suse-upgrade-lighttpd-mod_webdav
  • suse-upgrade-mozilla-nspr
  • suse-upgrade-mozilla-nspr-32bit
  • suse-upgrade-mozilla-nspr-64bit
  • suse-upgrade-mozilla-nspr-devel
  • suse-upgrade-mozilla-xulrunner190
  • suse-upgrade-mozilla-xulrunner190-32bit
  • suse-upgrade-mozilla-xulrunner190-64bit
  • suse-upgrade-mozilla-xulrunner190-devel
  • suse-upgrade-mozilla-xulrunner190-gnomevfs
  • suse-upgrade-mozilla-xulrunner190-gnomevfs-32bit
  • suse-upgrade-mozilla-xulrunner190-gnomevfs-64bit
  • suse-upgrade-mozilla-xulrunner190-translations
  • suse-upgrade-mozilla-xulrunner190-translations-32bit
  • suse-upgrade-mozilla-xulrunner190-translations-64bit
  • suse-upgrade-mozillafirefox
  • suse-upgrade-mozillafirefox-branding-upstream
  • suse-upgrade-mozillafirefox-translations
  • suse-upgrade-mozillathunderbird
  • suse-upgrade-mozillathunderbird-devel
  • suse-upgrade-mozillathunderbird-translations
  • suse-upgrade-ntp
  • suse-upgrade-ntp-doc
  • suse-upgrade-opera
  • suse-upgrade-perl-html-parser
  • suse-upgrade-pidgin
  • suse-upgrade-pidgin-devel
  • suse-upgrade-pidgin-otr
  • suse-upgrade-poppler-tools
  • suse-upgrade-python-xpcom190
  • suse-upgrade-sap-aio-release
  • suse-upgrade-seamonkey
  • suse-upgrade-seamonkey-dom-inspector
  • suse-upgrade-seamonkey-irc
  • suse-upgrade-seamonkey-mail
  • suse-upgrade-seamonkey-spellchecker
  • suse-upgrade-seamonkey-venkman
  • suse-upgrade-utempter
  • suse-upgrade-utempter-32bit
  • suse-upgrade-utempter-64bit
  • suse-upgrade-wireshark
  • suse-upgrade-wireshark-devel
  • suse-upgrade-xntp
  • suse-upgrade-xntp-doc
  • suse-upgrade-xpdf
  • suse-upgrade-xpdf-tools
  • suse-upgrade-zope
  • suse-upgrade-zope3

References

  • suse-upgrade-apache2-mod_jk
  • suse-upgrade-cacti
  • suse-upgrade-cdparanoia
  • suse-upgrade-cdparanoia-32bit
  • suse-upgrade-cdparanoia-64bit
  • suse-upgrade-cdparanoia-x86
  • suse-upgrade-check
  • suse-upgrade-check-32bit
  • suse-upgrade-check-64bit
  • suse-upgrade-cups
  • suse-upgrade-cups-client
  • suse-upgrade-cups-devel
  • suse-upgrade-cups-libs
  • suse-upgrade-cups-libs-32bit
  • suse-upgrade-cups-libs-64bit
  • suse-upgrade-cups-libs-x86
  • suse-upgrade-desktop-file-utils
  • suse-upgrade-ethereal
  • suse-upgrade-ethereal-devel
  • suse-upgrade-fam
  • suse-upgrade-fam-32bit
  • suse-upgrade-fam-64bit
  • suse-upgrade-fam-x86
  • suse-upgrade-finch
  • suse-upgrade-finch-devel
  • suse-upgrade-gnome-vfs2
  • suse-upgrade-gnome-vfs2-32bit
  • suse-upgrade-gnome-vfs2-64bit
  • suse-upgrade-gnome-vfs2-lang
  • suse-upgrade-gnome-vfs2-x86
  • suse-upgrade-gstreamer-0_10
  • suse-upgrade-gstreamer-0_10-32bit
  • suse-upgrade-gstreamer-0_10-64bit
  • suse-upgrade-gstreamer-0_10-lang
  • suse-upgrade-htmldoc
  • suse-upgrade-kdelibs3
  • suse-upgrade-kdelibs3-32bit
  • suse-upgrade-kdelibs3-64bit
  • suse-upgrade-kdelibs3-arts
  • suse-upgrade-kdelibs3-arts-32bit
  • suse-upgrade-kdelibs3-arts-64bit
  • suse-upgrade-kdelibs3-default-style
  • suse-upgrade-kdelibs3-default-style-32bit
  • suse-upgrade-kdelibs3-default-style-64bit
  • suse-upgrade-kdelibs3-devel
  • suse-upgrade-kdelibs3-doc
  • suse-upgrade-kdelibs4
  • suse-upgrade-kdelibs4-core
  • suse-upgrade-kdelibs4-doc
  • suse-upgrade-libgstreamer-0_10-0
  • suse-upgrade-libgstreamer-0_10-0-32bit
  • suse-upgrade-libgstreamer-0_10-0-64bit
  • suse-upgrade-libkde4
  • suse-upgrade-libkde4-32bit
  • suse-upgrade-libkde4-64bit
  • suse-upgrade-libkde4-devel
  • suse-upgrade-libkdecore4
  • suse-upgrade-libkdecore4-32bit
  • suse-upgrade-libkdecore4-64bit
  • suse-upgrade-libkdecore4-devel
  • suse-upgrade-libogg0
  • suse-upgrade-libogg0-32bit
  • suse-upgrade-libogg0-64bit
  • suse-upgrade-libogg0-x86
  • suse-upgrade-liboil
  • suse-upgrade-liboil-32bit
  • suse-upgrade-liboil-64bit
  • suse-upgrade-liboil-x86
  • suse-upgrade-libpoppler-devel
  • suse-upgrade-libpoppler-doc
  • suse-upgrade-libpoppler-glib-devel
  • suse-upgrade-libpoppler-glib3
  • suse-upgrade-libpoppler-glib4
  • suse-upgrade-libpoppler-qt2
  • suse-upgrade-libpoppler-qt3-devel
  • suse-upgrade-libpoppler-qt4-3
  • suse-upgrade-libpoppler-qt4-devel
  • suse-upgrade-libpoppler3
  • suse-upgrade-libpoppler4
  • suse-upgrade-libpoppler5
  • suse-upgrade-libpurple
  • suse-upgrade-libpurple-devel
  • suse-upgrade-libpurple-lang
  • suse-upgrade-libpurple-meanwhile
  • suse-upgrade-libpurple-mono
  • suse-upgrade-libpurple-tcl
  • suse-upgrade-libtheora0
  • suse-upgrade-libtheora0-32bit
  • suse-upgrade-libtheora0-64bit
  • suse-upgrade-libtheora0-x86
  • suse-upgrade-libvisual
  • suse-upgrade-libvisual-32bit
  • suse-upgrade-libvisual-64bit
  • suse-upgrade-libvorbis
  • suse-upgrade-libvorbis-32bit
  • suse-upgrade-libvorbis-64bit
  • suse-upgrade-lighttpd
  • suse-upgrade-lighttpd-mod_cml
  • suse-upgrade-lighttpd-mod_magnet
  • suse-upgrade-lighttpd-mod_mysql_vhost
  • suse-upgrade-lighttpd-mod_rrdtool
  • suse-upgrade-lighttpd-mod_trigger_b4_dl
  • suse-upgrade-lighttpd-mod_webdav
  • suse-upgrade-mozilla-nspr
  • suse-upgrade-mozilla-nspr-32bit
  • suse-upgrade-mozilla-nspr-64bit
  • suse-upgrade-mozilla-nspr-devel
  • suse-upgrade-mozilla-xulrunner190
  • suse-upgrade-mozilla-xulrunner190-32bit
  • suse-upgrade-mozilla-xulrunner190-64bit
  • suse-upgrade-mozilla-xulrunner190-devel
  • suse-upgrade-mozilla-xulrunner190-gnomevfs
  • suse-upgrade-mozilla-xulrunner190-gnomevfs-32bit
  • suse-upgrade-mozilla-xulrunner190-gnomevfs-64bit
  • suse-upgrade-mozilla-xulrunner190-translations
  • suse-upgrade-mozilla-xulrunner190-translations-32bit
  • suse-upgrade-mozilla-xulrunner190-translations-64bit
  • suse-upgrade-mozillafirefox
  • suse-upgrade-mozillafirefox-branding-upstream
  • suse-upgrade-mozillafirefox-translations
  • suse-upgrade-mozillathunderbird
  • suse-upgrade-mozillathunderbird-devel
  • suse-upgrade-mozillathunderbird-translations
  • suse-upgrade-ntp
  • suse-upgrade-ntp-doc
  • suse-upgrade-opera
  • suse-upgrade-perl-html-parser
  • suse-upgrade-pidgin
  • suse-upgrade-pidgin-devel
  • suse-upgrade-pidgin-otr
  • suse-upgrade-poppler-tools
  • suse-upgrade-python-xpcom190
  • suse-upgrade-sap-aio-release
  • suse-upgrade-seamonkey
  • suse-upgrade-seamonkey-dom-inspector
  • suse-upgrade-seamonkey-irc
  • suse-upgrade-seamonkey-mail
  • suse-upgrade-seamonkey-spellchecker
  • suse-upgrade-seamonkey-venkman
  • suse-upgrade-utempter
  • suse-upgrade-utempter-32bit
  • suse-upgrade-utempter-64bit
  • suse-upgrade-wireshark
  • suse-upgrade-wireshark-devel
  • suse-upgrade-xntp
  • suse-upgrade-xntp-doc
  • suse-upgrade-xpdf
  • suse-upgrade-xpdf-tools
  • suse-upgrade-zope
  • suse-upgrade-zope3

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;