Skip to navigation

Security Advisory Important: xpdf security update

Advisory: RHSA-2007:0735-2
Type: Security Advisory
Severity: Important
Issued on: 2007-07-30
Last updated on: 2007-07-30
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2007-3387

Details

Updated xpdf packages that fix a security issue in PDF handling are
now available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Xpdf is an X Window System-based viewer for Portable Document Format (PDF)
files.

Maurycy Prodeus discovered an integer overflow flaw in the processing
of PDF files. An attacker could create a malicious PDF file that would
cause Xpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)

All users of Xpdf should upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
xpdf-2.02-10.RHEL3.src.rpm
File outdated by:  RHSA-2010:0750
    MD5: 516d02747251fcc8055c809514eb8c08
 
IA-32:
xpdf-2.02-10.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0750
    MD5: 766622084f22fe7ccc73626afe70f0d6
 
x86_64:
xpdf-2.02-10.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0750
    MD5: 94df39ca018e9946300b4d40a5f7bc35
 
Red Hat Desktop (v. 4)

SRPMS:
xpdf-3.00-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0751
    MD5: a846d08f3455d4f847fbe660189c4489
 
IA-32:
xpdf-3.00-12.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0751
    MD5: 77f886c49671eb3451344c72f1931d3d
 
x86_64:
xpdf-3.00-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0751
    MD5: 5637ed2926f4e87910f482f0dda853d5
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
xpdf-0.92-18.RHEL2.src.rpm
File outdated by:  RHSA-2007:1031
    MD5: 350f9204ab85a9df9b0a434c612070e6
 
IA-32:
xpdf-0.92-18.RHEL2.i386.rpm
File outdated by:  RHSA-2007:1031
    MD5: a0a6db6c85891eb03c8bc1c8d9e407f2
 
IA-64:
xpdf-0.92-18.RHEL2.ia64.rpm
File outdated by:  RHSA-2007:1031
    MD5: 551281dd430be27952c5a839b6b5b057
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
xpdf-2.02-10.RHEL3.src.rpm
File outdated by:  RHSA-2010:0750
    MD5: 516d02747251fcc8055c809514eb8c08
 
IA-32:
xpdf-2.02-10.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0750
    MD5: 766622084f22fe7ccc73626afe70f0d6
 
IA-64:
xpdf-2.02-10.RHEL3.ia64.rpm
File outdated by:  RHSA-2010:0750
    MD5: 7decef8fef80f38a343ff0876d40fdb3
 
PPC:
xpdf-2.02-10.RHEL3.ppc.rpm
File outdated by:  RHSA-2010:0750
    MD5: 32251d2a622a18c34f7a476d3b6a660c
 
s390:
xpdf-2.02-10.RHEL3.s390.rpm
File outdated by:  RHSA-2010:0750
    MD5: b6a56155b271351c1c05a80b445b49e1
 
s390x:
xpdf-2.02-10.RHEL3.s390x.rpm
File outdated by:  RHSA-2010:0750
    MD5: 8760491d1e23b0807c4a892b9652d67c
 
x86_64:
xpdf-2.02-10.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0750
    MD5: 94df39ca018e9946300b4d40a5f7bc35
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
xpdf-3.00-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0751
    MD5: a846d08f3455d4f847fbe660189c4489
 
IA-32:
xpdf-3.00-12.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0751
    MD5: 77f886c49671eb3451344c72f1931d3d
 
IA-64:
xpdf-3.00-12.RHEL4.ia64.rpm
File outdated by:  RHSA-2010:0751
    MD5: 4bf5f2c2cac07f73ad9554f5805aa07e
 
PPC:
xpdf-3.00-12.RHEL4.ppc.rpm
File outdated by:  RHSA-2010:0751
    MD5: 2e080c9f25c4f88e343f59b54925112f
 
s390:
xpdf-3.00-12.RHEL4.s390.rpm
File outdated by:  RHSA-2010:0751
    MD5: 77f364656f2de525d097ad9b7b22926a
 
s390x:
xpdf-3.00-12.RHEL4.s390x.rpm
File outdated by:  RHSA-2010:0751
    MD5: f13e006105c368f7b497e2385109c0b9
 
x86_64:
xpdf-3.00-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0751
    MD5: 5637ed2926f4e87910f482f0dda853d5
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
xpdf-3.00-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0751
    MD5: a846d08f3455d4f847fbe660189c4489
 
IA-32:
xpdf-3.00-12.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1029
    MD5: 77f886c49671eb3451344c72f1931d3d
 
IA-64:
xpdf-3.00-12.RHEL4.ia64.rpm
File outdated by:  RHSA-2007:1029
    MD5: 4bf5f2c2cac07f73ad9554f5805aa07e
 
PPC:
xpdf-3.00-12.RHEL4.ppc.rpm
File outdated by:  RHSA-2007:1029
    MD5: 2e080c9f25c4f88e343f59b54925112f
 
s390:
xpdf-3.00-12.RHEL4.s390.rpm
File outdated by:  RHSA-2007:1029
    MD5: 77f364656f2de525d097ad9b7b22926a
 
s390x:
xpdf-3.00-12.RHEL4.s390x.rpm
File outdated by:  RHSA-2007:1029
    MD5: f13e006105c368f7b497e2385109c0b9
 
x86_64:
xpdf-3.00-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1029
    MD5: 5637ed2926f4e87910f482f0dda853d5
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
xpdf-0.92-18.RHEL2.src.rpm
File outdated by:  RHSA-2007:1031
    MD5: 350f9204ab85a9df9b0a434c612070e6
 
IA-32:
xpdf-0.92-18.RHEL2.i386.rpm
File outdated by:  RHSA-2007:1031
    MD5: a0a6db6c85891eb03c8bc1c8d9e407f2
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
xpdf-2.02-10.RHEL3.src.rpm
File outdated by:  RHSA-2010:0750
    MD5: 516d02747251fcc8055c809514eb8c08
 
IA-32:
xpdf-2.02-10.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0750
    MD5: 766622084f22fe7ccc73626afe70f0d6
 
IA-64:
xpdf-2.02-10.RHEL3.ia64.rpm
File outdated by:  RHSA-2010:0750
    MD5: 7decef8fef80f38a343ff0876d40fdb3
 
x86_64:
xpdf-2.02-10.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0750
    MD5: 94df39ca018e9946300b4d40a5f7bc35
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
xpdf-3.00-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0751
    MD5: a846d08f3455d4f847fbe660189c4489
 
IA-32:
xpdf-3.00-12.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0751
    MD5: 77f886c49671eb3451344c72f1931d3d
 
IA-64:
xpdf-3.00-12.RHEL4.ia64.rpm
File outdated by:  RHSA-2010:0751
    MD5: 4bf5f2c2cac07f73ad9554f5805aa07e
 
x86_64:
xpdf-3.00-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0751
    MD5: 5637ed2926f4e87910f482f0dda853d5
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
xpdf-3.00-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0751
    MD5: a846d08f3455d4f847fbe660189c4489
 
IA-32:
xpdf-3.00-12.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1029
    MD5: 77f886c49671eb3451344c72f1931d3d
 
IA-64:
xpdf-3.00-12.RHEL4.ia64.rpm
File outdated by:  RHSA-2007:1029
    MD5: 4bf5f2c2cac07f73ad9554f5805aa07e
 
x86_64:
xpdf-3.00-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1029
    MD5: 5637ed2926f4e87910f482f0dda853d5
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
xpdf-0.92-18.RHEL2.src.rpm
File outdated by:  RHSA-2007:1031
    MD5: 350f9204ab85a9df9b0a434c612070e6
 
IA-32:
xpdf-0.92-18.RHEL2.i386.rpm
File outdated by:  RHSA-2007:1031
    MD5: a0a6db6c85891eb03c8bc1c8d9e407f2
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
xpdf-2.02-10.RHEL3.src.rpm
File outdated by:  RHSA-2010:0750
    MD5: 516d02747251fcc8055c809514eb8c08
 
IA-32:
xpdf-2.02-10.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0750
    MD5: 766622084f22fe7ccc73626afe70f0d6
 
IA-64:
xpdf-2.02-10.RHEL3.ia64.rpm
File outdated by:  RHSA-2010:0750
    MD5: 7decef8fef80f38a343ff0876d40fdb3
 
x86_64:
xpdf-2.02-10.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0750
    MD5: 94df39ca018e9946300b4d40a5f7bc35
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
xpdf-3.00-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0751
    MD5: a846d08f3455d4f847fbe660189c4489
 
IA-32:
xpdf-3.00-12.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0751
    MD5: 77f886c49671eb3451344c72f1931d3d
 
IA-64:
xpdf-3.00-12.RHEL4.ia64.rpm
File outdated by:  RHSA-2010:0751
    MD5: 4bf5f2c2cac07f73ad9554f5805aa07e
 
x86_64:
xpdf-3.00-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0751
    MD5: 5637ed2926f4e87910f482f0dda853d5
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
xpdf-0.92-18.RHEL2.src.rpm
File outdated by:  RHSA-2007:1031
    MD5: 350f9204ab85a9df9b0a434c612070e6
 
IA-64:
xpdf-0.92-18.RHEL2.ia64.rpm
File outdated by:  RHSA-2007:1031
    MD5: 551281dd430be27952c5a839b6b5b057
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

248194 - CVE-2007-3387 xpdf integer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/