Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 22 Oct 2004 02:57:43 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           gpdf
 Advisory ID:            MDKSA-2004:114
 Date:                   October 21st, 2004

 Affected versions:      10.0
 ______________________________________________________________________

 Problem Description:

 Chris Evans discovered numerous vulnerabilities in the xpdf package,
 which also effect software using embedded xpdf code, such as gpdf:
 
 Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
 Also programs like gpdf which have embedded versions of xpdf.
 These can result in writing an arbitrary byte to an attacker controlled
 location which probably could lead to arbitrary code execution. 
 
 The updated packages are patched to protect against these
 vulnerabilities.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 133d3df8bdbbb8853ed5540df8587608  10.0/RPMS/gpdf-0.112-2.2.100mdk.i586.rpm
 53052a1b9209ff77cf38aa15a7210e7c  10.0/SRPMS/gpdf-0.112-2.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 a83ab4bcbff0b4ddef26af27d4aa79a4  amd64/10.0/RPMS/gpdf-0.112-2.2.100mdk.amd64.rpm
 53052a1b9209ff77cf38aa15a7210e7c  amd64/10.0/SRPMS/gpdf-0.112-2.2.100mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBeHcmmqjQ0CJFipgRAqyjAJ9HnWL+//FQ7CmBlwGN6MWmVmNb8wCggdi+
9zsZ9hbriWOzPVd7SJfxEeQ=
=zupy
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability Mandrake Linux Security Team (Oct 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]