Home / mailings [RHSA-2007:0735-01] Important: xpdf security update
Posted on 30 July 2007
RedHat-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: xpdf security update
Advisory ID: RHSA-2007:0735-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0735.html
Issue date: 2007-07-30
Updated on: 2007-07-30
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3387
- ---------------------------------------------------------------------
1. Summary:
Updated xpdf packages that fix a security issue in PDF handling are
now available for Red Hat Enterprise Linux 2.1, 3, and 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Xpdf is an X Window System-based viewer for Portable Document Format (PDF)
files.
Maurycy Prodeus discovered an integer overflow flaw in the processing
of PDF files. An attacker could create a malicious PDF file that would
cause Xpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)
All users of Xpdf should upgrade to these updated packages, which
contain a backported patch to resolve this issue.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
248194 - CVE-2007-3387 xpdf integer overflow
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xpdf-0.92-18.RHEL2.src.rpm
350f9204ab85a9df9b0a434c612070e6 xpdf-0.92-18.RHEL2.src.rpm
i386:
a0a6db6c85891eb03c8bc1c8d9e407f2 xpdf-0.92-18.RHEL2.i386.rpm
ia64:
551281dd430be27952c5a839b6b5b057 xpdf-0.92-18.RHEL2.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW-ia64/en/os/SRPMS/xpdf-0.92-18.RHEL2.src.rpm
350f9204ab85a9df9b0a434c612070e6 xpdf-0.92-18.RHEL2.src.rpm
ia64:
551281dd430be27952c5a839b6b5b057 xpdf-0.92-18.RHEL2.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xpdf-0.92-18.RHEL2.src.rpm
350f9204ab85a9df9b0a434c612070e6 xpdf-0.92-18.RHEL2.src.rpm
i386:
a0a6db6c85891eb03c8bc1c8d9e407f2 xpdf-0.92-18.RHEL2.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xpdf-0.92-18.RHEL2.src.rpm
350f9204ab85a9df9b0a434c612070e6 xpdf-0.92-18.RHEL2.src.rpm
i386:
a0a6db6c85891eb03c8bc1c8d9e407f2 xpdf-0.92-18.RHEL2.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-10.RHEL3.src.rpm
516d02747251fcc8055c809514eb8c08 xpdf-2.02-10.RHEL3.src.rpm
i386:
766622084f22fe7ccc73626afe70f0d6 xpdf-2.02-10.RHEL3.i386.rpm
49871d1ed0ae9dbdc7b7a65af71dd35a xpdf-debuginfo-2.02-10.RHEL3.i386.rpm
ia64:
7decef8fef80f38a343ff0876d40fdb3 xpdf-2.02-10.RHEL3.ia64.rpm
9c0bef91f406163f6f0c0e3a7124af98 xpdf-debuginfo-2.02-10.RHEL3.ia64.rpm
ppc:
32251d2a622a18c34f7a476d3b6a660c xpdf-2.02-10.RHEL3.ppc.rpm
33da411341442604650cb00e9afe96bb xpdf-debuginfo-2.02-10.RHEL3.ppc.rpm
s390:
b6a56155b271351c1c05a80b445b49e1 xpdf-2.02-10.RHEL3.s390.rpm
5683801d3061dbb7df84f1fed65bc367 xpdf-debuginfo-2.02-10.RHEL3.s390.rpm
s390x:
8760491d1e23b0807c4a892b9652d67c xpdf-2.02-10.RHEL3.s390x.rpm
6413729399b9c5cab5bd8eb5f3e5efde xpdf-debuginfo-2.02-10.RHEL3.s390x.rpm
x86_64:
94df39ca018e9946300b4d40a5f7bc35 xpdf-2.02-10.RHEL3.x86_64.rpm
7028f2dd1feb3c39533ac330ba65143e xpdf-debuginfo-2.02-10.RHEL3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-10.RHEL3.src.rpm
516d02747251fcc8055c809514eb8c08 xpdf-2.02-10.RHEL3.src.rpm
i386:
766622084f22fe7ccc73626afe70f0d6 xpdf-2.02-10.RHEL3.i386.rpm
49871d1ed0ae9dbdc7b7a65af71dd35a xpdf-debuginfo-2.02-10.RHEL3.i386.rpm
x86_64:
94df39ca018e9946300b4d40a5f7bc35 xpdf-2.02-10.RHEL3.x86_64.rpm
7028f2dd1feb3c39533ac330ba65143e xpdf-debuginfo-2.02-10.RHEL3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-10.RHEL3.src.rpm
516d02747251fcc8055c809514eb8c08 xpdf-2.02-10.RHEL3.src.rpm
i386:
766622084f22fe7ccc73626afe70f0d6 xpdf-2.02-10.RHEL3.i386.rpm
49871d1ed0ae9dbdc7b7a65af71dd35a xpdf-debuginfo-2.02-10.RHEL3.i386.rpm
ia64:
7decef8fef80f38a343ff0876d40fdb3 xpdf-2.02-10.RHEL3.ia64.rpm
9c0bef91f406163f6f0c0e3a7124af98 xpdf-debuginfo-2.02-10.RHEL3.ia64.rpm
x86_64:
94df39ca018e9946300b4d40a5f7bc35 xpdf-2.02-10.RHEL3.x86_64.rpm
7028f2dd1feb3c39533ac330ba65143e xpdf-debuginfo-2.02-10.RHEL3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-10.RHEL3.src.rpm
516d02747251fcc8055c809514eb8c08 xpdf-2.02-10.RHEL3.src.rpm
i386:
766622084f22fe7ccc73626afe70f0d6 xpdf-2.02-10.RHEL3.i386.rpm
49871d1ed0ae9dbdc7b7a65af71dd35a xpdf-debuginfo-2.02-10.RHEL3.i386.rpm
ia64:
7decef8fef80f38a343ff0876d40fdb3 xpdf-2.02-10.RHEL3.ia64.rpm
9c0bef91f406163f6f0c0e3a7124af98 xpdf-debuginfo-2.02-10.RHEL3.ia64.rpm
x86_64:
94df39ca018e9946300b4d40a5f7bc35 xpdf-2.02-10.RHEL3.x86_64.rpm
7028f2dd1feb3c39533ac330ba65143e xpdf-debuginfo-2.02-10.RHEL3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-12.RHEL4.src.rpm
a846d08f3455d4f847fbe660189c4489 xpdf-3.00-12.RHEL4.src.rpm
i386:
77f886c49671eb3451344c72f1931d3d xpdf-3.00-12.RHEL4.i386.rpm
76f72c76e328656a84d6e00e0273102a xpdf-debuginfo-3.00-12.RHEL4.i386.rpm
ia64:
4bf5f2c2cac07f73ad9554f5805aa07e xpdf-3.00-12.RHEL4.ia64.rpm
4e63efcd7167413ed7568f4149d0b049 xpdf-debuginfo-3.00-12.RHEL4.ia64.rpm
ppc:
2e080c9f25c4f88e343f59b54925112f xpdf-3.00-12.RHEL4.ppc.rpm
06c0712e10089b09df129949a2e4ed16 xpdf-debuginfo-3.00-12.RHEL4.ppc.rpm
s390:
77f364656f2de525d097ad9b7b22926a xpdf-3.00-12.RHEL4.s390.rpm
2e64bc8b055b3ad64234ea1b1c2dc08d xpdf-debuginfo-3.00-12.RHEL4.s390.rpm
s390x:
f13e006105c368f7b497e2385109c0b9 xpdf-3.00-12.RHEL4.s390x.rpm
37915d99ab406d9c537f6295246b98e2 xpdf-debuginfo-3.00-12.RHEL4.s390x.rpm
x86_64:
5637ed2926f4e87910f482f0dda853d5 xpdf-3.00-12.RHEL4.x86_64.rpm
b43d63be1c7dfb6d127670f050b7a5ca xpdf-debuginfo-3.00-12.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-12.RHEL4.src.rpm
a846d08f3455d4f847fbe660189c4489 xpdf-3.00-12.RHEL4.src.rpm
i386:
77f886c49671eb3451344c72f1931d3d xpdf-3.00-12.RHEL4.i386.rpm
76f72c76e328656a84d6e00e0273102a xpdf-debuginfo-3.00-12.RHEL4.i386.rpm
x86_64:
5637ed2926f4e87910f482f0dda853d5 xpdf-3.00-12.RHEL4.x86_64.rpm
b43d63be1c7dfb6d127670f050b7a5ca xpdf-debuginfo-3.00-12.RHEL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-12.RHEL4.src.rpm
a846d08f3455d4f847fbe660189c4489 xpdf-3.00-12.RHEL4.src.rpm
i386:
77f886c49671eb3451344c72f1931d3d xpdf-3.00-12.RHEL4.i386.rpm
76f72c76e328656a84d6e00e0273102a xpdf-debuginfo-3.00-12.RHEL4.i386.rpm
ia64:
4bf5f2c2cac07f73ad9554f5805aa07e xpdf-3.00-12.RHEL4.ia64.rpm
4e63efcd7167413ed7568f4149d0b049 xpdf-debuginfo-3.00-12.RHEL4.ia64.rpm
x86_64:
5637ed2926f4e87910f482f0dda853d5 xpdf-3.00-12.RHEL4.x86_64.rpm
b43d63be1c7dfb6d127670f050b7a5ca xpdf-debuginfo-3.00-12.RHEL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-12.RHEL4.src.rpm
a846d08f3455d4f847fbe660189c4489 xpdf-3.00-12.RHEL4.src.rpm
i386:
77f886c49671eb3451344c72f1931d3d xpdf-3.00-12.RHEL4.i386.rpm
76f72c76e328656a84d6e00e0273102a xpdf-debuginfo-3.00-12.RHEL4.i386.rpm
ia64:
4bf5f2c2cac07f73ad9554f5805aa07e xpdf-3.00-12.RHEL4.ia64.rpm
4e63efcd7167413ed7568f4149d0b049 xpdf-debuginfo-3.00-12.RHEL4.ia64.rpm
x86_64:
5637ed2926f4e87910f482f0dda853d5 xpdf-3.00-12.RHEL4.x86_64.rpm
b43d63be1c7dfb6d127670f050b7a5ca xpdf-debuginfo-3.00-12.RHEL4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.