--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-175404 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175404 2006-02-26 --------------------------------------------------------------------- Name : xpdf Versions : rh73: xpdf-1.00-7.6.legacy Versions : rh9: xpdf-2.01-11.4.legacy Versions : fc1: xpdf-2.03-1.4.legacy Versions : fc2: xpdf-3.00-3.8.1.legacy Versions : fc3: xpdf-3.01-0.FC3.5.legacy Summary : A PDF file viewer for the X Window System. Description : Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. --------------------------------------------------------------------- Update Information: An updated xpdf package that fixes several security issues is now available. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 and CVE-2005-3628 to these issues. A heap based buffer overflow bug was discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of Xpdf should upgrade to this updated package, which contains backported patches to resolve these issues. --------------------------------------------------------------------- Changelogs rh73: * Mon Feb 20 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.00-7.6.legacy - Added better patch for CVE-2004-0888 * Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.00-7.5.legacy - Added patch for CVE-2005-3193 rh9: * Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.01-11.4.legacy - Added better patch for CVE-2004-0888 - Added patch for CVE-2005-3193 fc1: * Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:2.03-1.4.legacy - Added better patch for CVE-2004-0888 - Added patch for CVE-2005-3193 fc2: * Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:3.00-3.8.1.legacy - Apply patches for CVE-2005-2097, CVE-2005-3193, CVE-2006-0301 fc3: * Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:3.01-0.FC3.5.legacy - Added patch for CVE-2006-0301 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 6096aa2b487e635ae3003cf246ec66d53dc81d41 redhat/7.3/updates-testing/i386/xpdf-1.00-7.6.legacy.i386.rpm e670899dd04a31d466d0ba2cc213763157a3b101 redhat/7.3/updates-testing/i386/xpdf-chinese-simplified-1.00-7.6.legacy.i386.rpm c636a2b79eb22afe35993466675e9fdd086a84f2 redhat/7.3/updates-testing/i386/xpdf-chinese-traditional-1.00-7.6.legacy.i386.rpm 9a2bfe9e373cd20422a862f48d3d6ad787b7f0f1 redhat/7.3/updates-testing/i386/xpdf-japanese-1.00-7.6.legacy.i386.rpm bc47f11dea342606e74aff1a55cf74bd52783b60 redhat/7.3/updates-testing/i386/xpdf-korean-1.00-7.6.legacy.i386.rpm ace7a51b625269d9f5bd3355b07a842f0e1426f4 redhat/7.3/updates-testing/SRPMS/xpdf-1.00-7.6.legacy.src.rpm rh9: 4fe0714cdf2194cf0426e15210cbe509d77b2788 redhat/9/updates-testing/i386/xpdf-2.01-11.4.legacy.i386.rpm c54fad904f475d693c781632dbadfae9434e4c87 redhat/9/updates-testing/i386/xpdf-chinese-simplified-2.01-11.4.legacy.i386.rpm 1b6f0cf3f309515fd60b88576a1168f9d9bc7fe0 redhat/9/updates-testing/i386/xpdf-chinese-traditional-2.01-11.4.legacy.i386.rpm accef6df9ed9b1cee0e05fffa7e7dde085ae3f35 redhat/9/updates-testing/i386/xpdf-japanese-2.01-11.4.legacy.i386.rpm 69a7ae59cb1ddb5b422eccdec53711f459939c3f redhat/9/updates-testing/i386/xpdf-korean-2.01-11.4.legacy.i386.rpm 090ddacf36dc0180c16cef8526aedc9bb9c5225c redhat/9/updates-testing/SRPMS/xpdf-2.01-11.4.legacy.src.rpm fc1: 0349626a79f659adc0590938b99a6097f6898f10 fedora/1/updates-testing/i386/xpdf-2.03-1.4.legacy.i386.rpm 8612ba60a89cfb0ef195450d1c927487b868deec fedora/1/updates-testing/SRPMS/xpdf-2.03-1.4.legacy.src.rpm fc2: f60fc20854386ef91f6769aabd29f3a77e29084d fedora/2/updates-testing/i386/xpdf-3.00-3.8.1.legacy.i386.rpm 64139c039afc0af67eadcc8c87e03aed6c6254d0 fedora/2/updates-testing/SRPMS/xpdf-3.00-3.8.1.legacy.src.rpm fc3: 268cba4fb5fd62699595cdeed78375f324c874f6 fedora/3/updates-testing/i386/xpdf-3.01-0.FC3.5.legacy.i386.rpm 021ec4bb4d86192a519261b3073a3d348e4fa14a fedora/3/updates-testing/x86_64/xpdf-3.01-0.FC3.5.legacy.x86_64.rpm 3e139055107af9057062154add60191331765e43 fedora/3/updates-testing/SRPMS/xpdf-3.01-0.FC3.5.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
