--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2353 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2353 2005-02-04 ---------------------------------------------------------------------
Name : gpdf Versions : fc1: gpdf-0.110-1.4.legacy Summary : viewer for Portable Document Format (PDF) files for GNOME Description : This is GPdf, a viewer for Portable Document Format (PDF) files for GNOME. GPdf is based on the Xpdf program and uses additional GNOME libraries for better desktop integration.
--------------------------------------------------------------------- Update Information:
An updated gpdf package that fixes a number of integer overflow security flaws is now available.
GPdf is a viewer for Portable Document Format (PDF) files for GNOME.
During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. These issues also affect gpdf as it is based on xpdf source code. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue.
A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. This flaw also affects gpdf as it is based on xpdf source code. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.
A buffer overflow flaw was found when processing the /Encrypt /Length tag. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue.
Users of gpdf are advised to upgrade to this errata package, which contains backported patches correcting these issues.
--------------------------------------------------------------------- Changelogs
fc1: * Wed Jan 19 2005 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 0.110-1.4.legacy - patch for CAN-2005-0064 (FL #2353) - use better patch for CAN-2004-1125
* Wed Dec 22 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 0.110-1.3.legacy - add patch for CAN-2004-1125 (FL #2353)
* Tue Nov 30 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.110-1.2.legacy
- Added missing gettext BuildRequires
* Thu Oct 28 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 0.110-1.1.legacy - patch for CAN-2004-0888 CAN-2004-0889 (FL #2186, #2195)
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
fc1:
63438a137ac33d1355bc6b8065fef0a03dde7e68 fedora/1/updates-testing/i386/gpdf-0.110-1.4.legacy.i386.rpm
19c4e9fd40a135b4ad782c228990edcdc38dad04 fedora/1/updates-testing/SRPMS/gpdf-0.110-1.4.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
