[RHSA-2007:0735-01] Important: xpdf security update

bugzilla at redhat.com bugzilla at redhat.com
Mon Jul 30 19:10:32 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: xpdf security update
Advisory ID:       RHSA-2007:0735-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0735.html
Issue date:        2007-07-30
Updated on:        2007-07-30
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-3387 
- ---------------------------------------------------------------------

1. Summary:

Updated xpdf packages that fix a security issue in PDF handling are
now available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1  - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Xpdf is an X Window System-based viewer for Portable Document Format (PDF)
files. 

Maurycy Prodeus discovered an integer overflow flaw in the processing
of PDF files.  An attacker could create a malicious PDF file that would
cause Xpdf to crash or potentially execute arbitrary code when opened. 
(CVE-2007-3387)

All users of Xpdf should upgrade to these updated packages, which
contain a backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

248194 - CVE-2007-3387 xpdf integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xpdf-0.92-18.RHEL2.src.rpm
350f9204ab85a9df9b0a434c612070e6  xpdf-0.92-18.RHEL2.src.rpm

i386:
a0a6db6c85891eb03c8bc1c8d9e407f2  xpdf-0.92-18.RHEL2.i386.rpm

ia64:
551281dd430be27952c5a839b6b5b057  xpdf-0.92-18.RHEL2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW-ia64/en/os/SRPMS/xpdf-0.92-18.RHEL2.src.rpm
350f9204ab85a9df9b0a434c612070e6  xpdf-0.92-18.RHEL2.src.rpm

ia64:
551281dd430be27952c5a839b6b5b057  xpdf-0.92-18.RHEL2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xpdf-0.92-18.RHEL2.src.rpm
350f9204ab85a9df9b0a434c612070e6  xpdf-0.92-18.RHEL2.src.rpm

i386:
a0a6db6c85891eb03c8bc1c8d9e407f2  xpdf-0.92-18.RHEL2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xpdf-0.92-18.RHEL2.src.rpm
350f9204ab85a9df9b0a434c612070e6  xpdf-0.92-18.RHEL2.src.rpm

i386:
a0a6db6c85891eb03c8bc1c8d9e407f2  xpdf-0.92-18.RHEL2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-10.RHEL3.src.rpm
516d02747251fcc8055c809514eb8c08  xpdf-2.02-10.RHEL3.src.rpm

i386:
766622084f22fe7ccc73626afe70f0d6  xpdf-2.02-10.RHEL3.i386.rpm
49871d1ed0ae9dbdc7b7a65af71dd35a  xpdf-debuginfo-2.02-10.RHEL3.i386.rpm

ia64:
7decef8fef80f38a343ff0876d40fdb3  xpdf-2.02-10.RHEL3.ia64.rpm
9c0bef91f406163f6f0c0e3a7124af98  xpdf-debuginfo-2.02-10.RHEL3.ia64.rpm

ppc:
32251d2a622a18c34f7a476d3b6a660c  xpdf-2.02-10.RHEL3.ppc.rpm
33da411341442604650cb00e9afe96bb  xpdf-debuginfo-2.02-10.RHEL3.ppc.rpm

s390:
b6a56155b271351c1c05a80b445b49e1  xpdf-2.02-10.RHEL3.s390.rpm
5683801d3061dbb7df84f1fed65bc367  xpdf-debuginfo-2.02-10.RHEL3.s390.rpm

s390x:
8760491d1e23b0807c4a892b9652d67c  xpdf-2.02-10.RHEL3.s390x.rpm
6413729399b9c5cab5bd8eb5f3e5efde  xpdf-debuginfo-2.02-10.RHEL3.s390x.rpm

x86_64:
94df39ca018e9946300b4d40a5f7bc35  xpdf-2.02-10.RHEL3.x86_64.rpm
7028f2dd1feb3c39533ac330ba65143e  xpdf-debuginfo-2.02-10.RHEL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-10.RHEL3.src.rpm
516d02747251fcc8055c809514eb8c08  xpdf-2.02-10.RHEL3.src.rpm

i386:
766622084f22fe7ccc73626afe70f0d6  xpdf-2.02-10.RHEL3.i386.rpm
49871d1ed0ae9dbdc7b7a65af71dd35a  xpdf-debuginfo-2.02-10.RHEL3.i386.rpm

x86_64:
94df39ca018e9946300b4d40a5f7bc35  xpdf-2.02-10.RHEL3.x86_64.rpm
7028f2dd1feb3c39533ac330ba65143e  xpdf-debuginfo-2.02-10.RHEL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-10.RHEL3.src.rpm
516d02747251fcc8055c809514eb8c08  xpdf-2.02-10.RHEL3.src.rpm

i386:
766622084f22fe7ccc73626afe70f0d6  xpdf-2.02-10.RHEL3.i386.rpm
49871d1ed0ae9dbdc7b7a65af71dd35a  xpdf-debuginfo-2.02-10.RHEL3.i386.rpm

ia64:
7decef8fef80f38a343ff0876d40fdb3  xpdf-2.02-10.RHEL3.ia64.rpm
9c0bef91f406163f6f0c0e3a7124af98  xpdf-debuginfo-2.02-10.RHEL3.ia64.rpm

x86_64:
94df39ca018e9946300b4d40a5f7bc35  xpdf-2.02-10.RHEL3.x86_64.rpm
7028f2dd1feb3c39533ac330ba65143e  xpdf-debuginfo-2.02-10.RHEL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-10.RHEL3.src.rpm
516d02747251fcc8055c809514eb8c08  xpdf-2.02-10.RHEL3.src.rpm

i386:
766622084f22fe7ccc73626afe70f0d6  xpdf-2.02-10.RHEL3.i386.rpm
49871d1ed0ae9dbdc7b7a65af71dd35a  xpdf-debuginfo-2.02-10.RHEL3.i386.rpm

ia64:
7decef8fef80f38a343ff0876d40fdb3  xpdf-2.02-10.RHEL3.ia64.rpm
9c0bef91f406163f6f0c0e3a7124af98  xpdf-debuginfo-2.02-10.RHEL3.ia64.rpm

x86_64:
94df39ca018e9946300b4d40a5f7bc35  xpdf-2.02-10.RHEL3.x86_64.rpm
7028f2dd1feb3c39533ac330ba65143e  xpdf-debuginfo-2.02-10.RHEL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-12.RHEL4.src.rpm
a846d08f3455d4f847fbe660189c4489  xpdf-3.00-12.RHEL4.src.rpm

i386:
77f886c49671eb3451344c72f1931d3d  xpdf-3.00-12.RHEL4.i386.rpm
76f72c76e328656a84d6e00e0273102a  xpdf-debuginfo-3.00-12.RHEL4.i386.rpm

ia64:
4bf5f2c2cac07f73ad9554f5805aa07e  xpdf-3.00-12.RHEL4.ia64.rpm
4e63efcd7167413ed7568f4149d0b049  xpdf-debuginfo-3.00-12.RHEL4.ia64.rpm

ppc:
2e080c9f25c4f88e343f59b54925112f  xpdf-3.00-12.RHEL4.ppc.rpm
06c0712e10089b09df129949a2e4ed16  xpdf-debuginfo-3.00-12.RHEL4.ppc.rpm

s390:
77f364656f2de525d097ad9b7b22926a  xpdf-3.00-12.RHEL4.s390.rpm
2e64bc8b055b3ad64234ea1b1c2dc08d  xpdf-debuginfo-3.00-12.RHEL4.s390.rpm

s390x:
f13e006105c368f7b497e2385109c0b9  xpdf-3.00-12.RHEL4.s390x.rpm
37915d99ab406d9c537f6295246b98e2  xpdf-debuginfo-3.00-12.RHEL4.s390x.rpm

x86_64:
5637ed2926f4e87910f482f0dda853d5  xpdf-3.00-12.RHEL4.x86_64.rpm
b43d63be1c7dfb6d127670f050b7a5ca  xpdf-debuginfo-3.00-12.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-12.RHEL4.src.rpm
a846d08f3455d4f847fbe660189c4489  xpdf-3.00-12.RHEL4.src.rpm

i386:
77f886c49671eb3451344c72f1931d3d  xpdf-3.00-12.RHEL4.i386.rpm
76f72c76e328656a84d6e00e0273102a  xpdf-debuginfo-3.00-12.RHEL4.i386.rpm

x86_64:
5637ed2926f4e87910f482f0dda853d5  xpdf-3.00-12.RHEL4.x86_64.rpm
b43d63be1c7dfb6d127670f050b7a5ca  xpdf-debuginfo-3.00-12.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-12.RHEL4.src.rpm
a846d08f3455d4f847fbe660189c4489  xpdf-3.00-12.RHEL4.src.rpm

i386:
77f886c49671eb3451344c72f1931d3d  xpdf-3.00-12.RHEL4.i386.rpm
76f72c76e328656a84d6e00e0273102a  xpdf-debuginfo-3.00-12.RHEL4.i386.rpm

ia64:
4bf5f2c2cac07f73ad9554f5805aa07e  xpdf-3.00-12.RHEL4.ia64.rpm
4e63efcd7167413ed7568f4149d0b049  xpdf-debuginfo-3.00-12.RHEL4.ia64.rpm

x86_64:
5637ed2926f4e87910f482f0dda853d5  xpdf-3.00-12.RHEL4.x86_64.rpm
b43d63be1c7dfb6d127670f050b7a5ca  xpdf-debuginfo-3.00-12.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-12.RHEL4.src.rpm
a846d08f3455d4f847fbe660189c4489  xpdf-3.00-12.RHEL4.src.rpm

i386:
77f886c49671eb3451344c72f1931d3d  xpdf-3.00-12.RHEL4.i386.rpm
76f72c76e328656a84d6e00e0273102a  xpdf-debuginfo-3.00-12.RHEL4.i386.rpm

ia64:
4bf5f2c2cac07f73ad9554f5805aa07e  xpdf-3.00-12.RHEL4.ia64.rpm
4e63efcd7167413ed7568f4149d0b049  xpdf-debuginfo-3.00-12.RHEL4.ia64.rpm

x86_64:
5637ed2926f4e87910f482f0dda853d5  xpdf-3.00-12.RHEL4.x86_64.rpm
b43d63be1c7dfb6d127670f050b7a5ca  xpdf-debuginfo-3.00-12.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGrjeiXlSAg2UNWIIRAl2JAJ45mWG0KlZ83of5gEfikxlGOD7imwCbBiSB
E2aat6/+cTnt7kgeYhAUSZM=
=Gg9e
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list