[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IKkHX-0007gZ-4V@artemis.annvix.ca>
Date: Mon, 13 Aug 2007 18:29:11 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:158 ] - Updated xpdf packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:158
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xpdf
Date : August 13, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Maurycy Prodeus found an integer overflow vulnerability in the way
various PDF viewers processed PDF files. An attacker could create
a malicious PDF file that could cause xpdf to crash and possibly
execute arbitrary code open a user opening the file.
This update provides packages which are patched to prevent these
issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
269758a101a0b173a5cf5d77969b84e4 2007.0/i586/xpdf-3.01pl2-3.2mdv2007.0.i586.rpm
f716a25908b7c51f83fc6ed2e6c430e5 2007.0/i586/xpdf-tools-3.01pl2-3.2mdv2007.0.i586.rpm
a7ec337f6981c4e7f7397cff5172d6f7 2007.0/SRPMS/xpdf-3.01pl2-3.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
b79a710e2f13d81dc23be17ea24373d7 2007.0/x86_64/xpdf-3.01pl2-3.2mdv2007.0.x86_64.rpm
3b0bf52479044b0f90bef43c9a47d916 2007.0/x86_64/xpdf-tools-3.01pl2-3.2mdv2007.0.x86_64.rpm
a7ec337f6981c4e7f7397cff5172d6f7 2007.0/SRPMS/xpdf-3.01pl2-3.2mdv2007.0.src.rpm
Mandriva Linux 2007.1:
e6d43c42af665f665a053e879382d487 2007.1/i586/xpdf-3.02-1.2mdv2007.1.i586.rpm
801976970dbb5dc4bbe5383e285a5a47 2007.1/i586/xpdf-tools-3.02-1.2mdv2007.1.i586.rpm
1ffa2c61b74cff6dc6d63d1b639e3a7d 2007.1/SRPMS/xpdf-3.02-1.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
b7232e0c216fab5c3cf0d79e6fe8556f 2007.1/x86_64/xpdf-3.02-1.2mdv2007.1.x86_64.rpm
ccb70220cf4155dbe199e7740c1a706a 2007.1/x86_64/xpdf-tools-3.02-1.2mdv2007.1.x86_64.rpm
1ffa2c61b74cff6dc6d63d1b639e3a7d 2007.1/SRPMS/xpdf-3.02-1.2mdv2007.1.src.rpm
Corporate 3.0:
fd898bc3b8e3ad116afdbe2830151e78 corporate/3.0/i586/xpdf-3.00-5.10.C30mdk.i586.rpm
19c11694c9485188559e4d53780e89bf corporate/3.0/SRPMS/xpdf-3.00-5.10.C30mdk.src.rpm
Corporate 3.0/X86_64:
4836903f1fcc94dc36b726d54e81a5df corporate/3.0/x86_64/xpdf-3.00-5.10.C30mdk.x86_64.rpm
19c11694c9485188559e4d53780e89bf corporate/3.0/SRPMS/xpdf-3.00-5.10.C30mdk.src.rpm
Corporate 4.0:
2cfc84f609c24cbca54f5d7209c0afb1 corporate/4.0/i586/xpdf-3.01-1.4.20060mlcs4.i586.rpm
95fd53a24bf1c773dc3925a68b51e01b corporate/4.0/SRPMS/xpdf-3.01-1.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
b88cfde5131adf97fc654b8772fb638b corporate/4.0/x86_64/xpdf-3.01-1.4.20060mlcs4.x86_64.rpm
95fd53a24bf1c773dc3925a68b51e01b corporate/4.0/SRPMS/xpdf-3.01-1.4.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGwM0emqjQ0CJFipgRAu3vAKDmsiefFpqDx6azTsk+bf6bjpIEEQCeIaMz
WGhfTpiOik4jsvYLU0N5Xxo=
=yMmF
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists