Skip to navigation

Security Advisory Important: gpdf security update

Advisory: RHSA-2009:1681-1
Type: Security Advisory
Severity: Important
Issued on: 2009-12-16
Last updated on: 2009-12-16
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2009-4035

Details

An updated gpdf package that fixes a security issue is now available for
Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

GPdf is a viewer for Portable Document Format (PDF) files.

Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw
in GPdf's Type 1 font parser. A specially-crafted PDF file with an embedded
Type 1 font could cause GPdf to crash or, possibly, execute arbitrary code
when opened. (CVE-2009-4035)

Users are advised to upgrade to this updated package, which contains a
backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

IA-32:
gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm
File outdated by:  RHSA-2010:0752
    MD5: f1f722f80e4bb807aa0f3dc46fbd1326
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm
File outdated by:  RHSA-2010:0752
    MD5: b3c15388e6904e7c3740ed71564b55a6
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm
File outdated by:  RHSA-2010:0752
    MD5: f1f722f80e4bb807aa0f3dc46fbd1326
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm
File outdated by:  RHSA-2010:0752
    MD5: 4c1ea6a46ef44abb7fd402bd6f92c7e6
 
PPC:
gpdf-2.8.2-7.7.2.el4_8.6.ppc.rpm
File outdated by:  RHSA-2010:0752
    MD5: d10fe3e0dd6d9f52ccc283970e3cadfd
 
s390:
gpdf-2.8.2-7.7.2.el4_8.6.s390.rpm
File outdated by:  RHSA-2010:0752
    MD5: f73448e474a0dd994df42e2a5ffa492c
 
s390x:
gpdf-2.8.2-7.7.2.el4_8.6.s390x.rpm
File outdated by:  RHSA-2010:0752
    MD5: e2acd9ad67ee091ce23d45e705c68582
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm
File outdated by:  RHSA-2010:0752
    MD5: b3c15388e6904e7c3740ed71564b55a6
 
Red Hat Enterprise Linux AS (v. 4.8.z)

IA-32:
gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm
File outdated by:  RHSA-2010:0752
    MD5: f1f722f80e4bb807aa0f3dc46fbd1326
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm
File outdated by:  RHSA-2010:0752
    MD5: 4c1ea6a46ef44abb7fd402bd6f92c7e6
 
PPC:
gpdf-2.8.2-7.7.2.el4_8.6.ppc.rpm
File outdated by:  RHSA-2010:0752
    MD5: d10fe3e0dd6d9f52ccc283970e3cadfd
 
s390:
gpdf-2.8.2-7.7.2.el4_8.6.s390.rpm
File outdated by:  RHSA-2010:0752
    MD5: f73448e474a0dd994df42e2a5ffa492c
 
s390x:
gpdf-2.8.2-7.7.2.el4_8.6.s390x.rpm
File outdated by:  RHSA-2010:0752
    MD5: e2acd9ad67ee091ce23d45e705c68582
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm
File outdated by:  RHSA-2010:0752
    MD5: b3c15388e6904e7c3740ed71564b55a6
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm
File outdated by:  RHSA-2010:0752
    MD5: f1f722f80e4bb807aa0f3dc46fbd1326
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm
File outdated by:  RHSA-2010:0752
    MD5: 4c1ea6a46ef44abb7fd402bd6f92c7e6
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm
File outdated by:  RHSA-2010:0752
    MD5: b3c15388e6904e7c3740ed71564b55a6
 
Red Hat Enterprise Linux ES (v. 4.8.z)

IA-32:
gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm
File outdated by:  RHSA-2010:0752
    MD5: f1f722f80e4bb807aa0f3dc46fbd1326
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm
File outdated by:  RHSA-2010:0752
    MD5: 4c1ea6a46ef44abb7fd402bd6f92c7e6
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm
File outdated by:  RHSA-2010:0752
    MD5: b3c15388e6904e7c3740ed71564b55a6
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm
File outdated by:  RHSA-2010:0752
    MD5: f1f722f80e4bb807aa0f3dc46fbd1326
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm
File outdated by:  RHSA-2010:0752
    MD5: 4c1ea6a46ef44abb7fd402bd6f92c7e6
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm
File outdated by:  RHSA-2010:0752
    MD5: b3c15388e6904e7c3740ed71564b55a6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

541614 - CVE-2009-4035 xpdf: buffer overflow in FoFiType1::parse


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/