Skip to navigation

Security Advisory kdegraphics security update

Advisory: RHSA-2005:671-03
Type: Security Advisory
Severity: Moderate
Issued on: 2005-08-09
Last updated on: 2005-08-09
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-2097

Details

Updated kdegraphics packages that resolve a security issue in kpdf are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a pdf file viewer.

A flaw was discovered in kpdf. An attacker could construct a carefully
crafted PDF file that would cause kpdf to consume all available disk space
in /tmp when opened. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-2097 to this issue.

Note this issue does not affect Red Hat Enterprise Linux 3 or 2.1.

Users of kpdf should upgrade to these updated packages, which contains a
backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

IA-32:
kdegraphics-3.3.1-3.4.i386.rpm
File outdated by:  RHSA-2010:0753
    MD5: 551912cff4672ac8e5d8c9e1c1aa6bd5
kdegraphics-devel-3.3.1-3.4.i386.rpm
File outdated by:  RHSA-2010:0753
    MD5: 7d26d5de1c406e6e89333eb17c4d9720
 
x86_64:
kdegraphics-3.3.1-3.4.x86_64.rpm
File outdated by:  RHSA-2010:0753
    MD5: ff88d2ce2b9129ba3cc8f0b90d8350cc
kdegraphics-devel-3.3.1-3.4.x86_64.rpm
File outdated by:  RHSA-2010:0753
    MD5: 4e67a2cb74e2dbd7d264c2967ade9f97
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
kdegraphics-3.3.1-3.4.i386.rpm
File outdated by:  RHSA-2010:0753
    MD5: 551912cff4672ac8e5d8c9e1c1aa6bd5
kdegraphics-devel-3.3.1-3.4.i386.rpm
File outdated by:  RHSA-2010:0753
    MD5: 7d26d5de1c406e6e89333eb17c4d9720
 
IA-64:
kdegraphics-3.3.1-3.4.ia64.rpm
File outdated by:  RHSA-2010:0753
    MD5: c26447459cac09d0b8a680f8aff37cce
kdegraphics-devel-3.3.1-3.4.ia64.rpm
File outdated by:  RHSA-2010:0753
    MD5: 1072f640b595f512ba217264d2c77aec
 
PPC:
kdegraphics-3.3.1-3.4.ppc.rpm
File outdated by:  RHSA-2010:0753
    MD5: 5f05c498a6515ea03b567691a1795588
kdegraphics-devel-3.3.1-3.4.ppc.rpm
File outdated by:  RHSA-2010:0753
    MD5: 12f3c69ef13a8617ef6e3c3ef7108b6f
 
s390:
kdegraphics-3.3.1-3.4.s390.rpm
File outdated by:  RHSA-2010:0753
    MD5: 6492a12dd82ab6ad78977b36f6acc277
kdegraphics-devel-3.3.1-3.4.s390.rpm
File outdated by:  RHSA-2010:0753
    MD5: 644af9b7f094d9fad6eb43423b04854a
 
s390x:
kdegraphics-3.3.1-3.4.s390x.rpm
File outdated by:  RHSA-2010:0753
    MD5: 8a8e96eacc5ebff6f6cb9d4d0f87b229
kdegraphics-devel-3.3.1-3.4.s390x.rpm
File outdated by:  RHSA-2010:0753
    MD5: 6a83d580fe2d065f1f2cff4978c00ec5
 
x86_64:
kdegraphics-3.3.1-3.4.x86_64.rpm
File outdated by:  RHSA-2010:0753
    MD5: ff88d2ce2b9129ba3cc8f0b90d8350cc
kdegraphics-devel-3.3.1-3.4.x86_64.rpm
File outdated by:  RHSA-2010:0753
    MD5: 4e67a2cb74e2dbd7d264c2967ade9f97
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
kdegraphics-3.3.1-3.4.i386.rpm
File outdated by:  RHSA-2010:0753
    MD5: 551912cff4672ac8e5d8c9e1c1aa6bd5
kdegraphics-devel-3.3.1-3.4.i386.rpm
File outdated by:  RHSA-2010:0753
    MD5: 7d26d5de1c406e6e89333eb17c4d9720
 
IA-64:
kdegraphics-3.3.1-3.4.ia64.rpm
File outdated by:  RHSA-2010:0753
    MD5: c26447459cac09d0b8a680f8aff37cce
kdegraphics-devel-3.3.1-3.4.ia64.rpm
File outdated by:  RHSA-2010:0753
    MD5: 1072f640b595f512ba217264d2c77aec
 
x86_64:
kdegraphics-3.3.1-3.4.x86_64.rpm
File outdated by:  RHSA-2010:0753
    MD5: ff88d2ce2b9129ba3cc8f0b90d8350cc
kdegraphics-devel-3.3.1-3.4.x86_64.rpm
File outdated by:  RHSA-2010:0753
    MD5: 4e67a2cb74e2dbd7d264c2967ade9f97
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
kdegraphics-3.3.1-3.4.i386.rpm
File outdated by:  RHSA-2010:0753
    MD5: 551912cff4672ac8e5d8c9e1c1aa6bd5
kdegraphics-devel-3.3.1-3.4.i386.rpm
File outdated by:  RHSA-2010:0753
    MD5: 7d26d5de1c406e6e89333eb17c4d9720
 
IA-64:
kdegraphics-3.3.1-3.4.ia64.rpm
File outdated by:  RHSA-2010:0753
    MD5: c26447459cac09d0b8a680f8aff37cce
kdegraphics-devel-3.3.1-3.4.ia64.rpm
File outdated by:  RHSA-2010:0753
    MD5: 1072f640b595f512ba217264d2c77aec
 
x86_64:
kdegraphics-3.3.1-3.4.x86_64.rpm
File outdated by:  RHSA-2010:0753
    MD5: ff88d2ce2b9129ba3cc8f0b90d8350cc
kdegraphics-devel-3.3.1-3.4.x86_64.rpm
File outdated by:  RHSA-2010:0753
    MD5: 4e67a2cb74e2dbd7d264c2967ade9f97
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

163925 - CAN-2005-2097 kpdf DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/