Skip to navigation

Security Advisory Important: xpdf security update

Advisory: RHSA-2010:0750-1
Type: Security Advisory
Severity: Important
Issued on: 2010-10-07
Last updated on: 2010-10-07
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2010-3702

Details

An updated xpdf package that fixes one security issue is now available for
Red Hat Enterprise Linux 3.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Xpdf is an X Window System based viewer for Portable Document Format (PDF)
files.

An uninitialized pointer use flaw was discovered in Xpdf. An attacker could
create a malicious PDF file that, when opened, would cause Xpdf to crash
or, potentially, execute arbitrary code. (CVE-2010-3702)

Users are advised to upgrade to this updated package, which contains a
backported patch to correct this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/SRPMS/xpdf-2.02-19.el3.src.rpm
Missing file
    MD5: 313403731430149e9b132ff0be4c36de
SHA-256: 6823b72a77907c23ba473539de0233557933babe34a18b6403e78dfa90218a27
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/i386/xpdf-2.02-19.el3.i386.rpm
Missing file
    MD5: 8099cc2ef8ccdabf15b355adc1d64fe0
SHA-256: 4dacb76d268429ff047c9a19ca438c99ffeaebfa312817336a0c5bd149ae6445
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/x86_64/xpdf-2.02-19.el3.x86_64.rpm
Missing file
    MD5: d84e6177f3977fcb8df20078e5708d70
SHA-256: 54c2beebdf52505b5f893b0229025b68e033a183a8875453856a0e05025902ec
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/SRPMS/xpdf-2.02-19.el3.src.rpm
Missing file
    MD5: 313403731430149e9b132ff0be4c36de
SHA-256: 6823b72a77907c23ba473539de0233557933babe34a18b6403e78dfa90218a27
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/i386/xpdf-2.02-19.el3.i386.rpm
Missing file
    MD5: 8099cc2ef8ccdabf15b355adc1d64fe0
SHA-256: 4dacb76d268429ff047c9a19ca438c99ffeaebfa312817336a0c5bd149ae6445
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/ia64/xpdf-2.02-19.el3.ia64.rpm
Missing file
    MD5: c9cebb087cbb05dc11b5f89e7f206349
SHA-256: 610ac3c457706140d52afd88783068928ddc22a9f709776e23b3b150e26a25d1
 
PPC:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/ppc/xpdf-2.02-19.el3.ppc.rpm
Missing file
    MD5: 157f4c295bf80e0026455660e9a08415
SHA-256: ed9e6c581fbdd06d126cd72d666f4d0aa5020266af239cf7abf045b4d653c911
 
s390:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/s390/xpdf-2.02-19.el3.s390.rpm
Missing file
    MD5: bf8c7ef1f94e7ddccdb2f78fc9388758
SHA-256: 025b5b37225350ba525128489b761c04c56386f44755a7e84dc90483d374768d
 
s390x:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/s390x/xpdf-2.02-19.el3.s390x.rpm
Missing file
    MD5: 2fd437d3a886a73687fde807014fe059
SHA-256: 06d2b45fcc73c8c3f217fd30d82de796ba631c397457ff35f02ab7d742b63792
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/x86_64/xpdf-2.02-19.el3.x86_64.rpm
Missing file
    MD5: d84e6177f3977fcb8df20078e5708d70
SHA-256: 54c2beebdf52505b5f893b0229025b68e033a183a8875453856a0e05025902ec
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/SRPMS/xpdf-2.02-19.el3.src.rpm
Missing file
    MD5: 313403731430149e9b132ff0be4c36de
SHA-256: 6823b72a77907c23ba473539de0233557933babe34a18b6403e78dfa90218a27
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/i386/xpdf-2.02-19.el3.i386.rpm
Missing file
    MD5: 8099cc2ef8ccdabf15b355adc1d64fe0
SHA-256: 4dacb76d268429ff047c9a19ca438c99ffeaebfa312817336a0c5bd149ae6445
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/ia64/xpdf-2.02-19.el3.ia64.rpm
Missing file
    MD5: c9cebb087cbb05dc11b5f89e7f206349
SHA-256: 610ac3c457706140d52afd88783068928ddc22a9f709776e23b3b150e26a25d1
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/x86_64/xpdf-2.02-19.el3.x86_64.rpm
Missing file
    MD5: d84e6177f3977fcb8df20078e5708d70
SHA-256: 54c2beebdf52505b5f893b0229025b68e033a183a8875453856a0e05025902ec
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/SRPMS/xpdf-2.02-19.el3.src.rpm
Missing file
    MD5: 313403731430149e9b132ff0be4c36de
SHA-256: 6823b72a77907c23ba473539de0233557933babe34a18b6403e78dfa90218a27
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/i386/xpdf-2.02-19.el3.i386.rpm
Missing file
    MD5: 8099cc2ef8ccdabf15b355adc1d64fe0
SHA-256: 4dacb76d268429ff047c9a19ca438c99ffeaebfa312817336a0c5bd149ae6445
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/ia64/xpdf-2.02-19.el3.ia64.rpm
Missing file
    MD5: c9cebb087cbb05dc11b5f89e7f206349
SHA-256: 610ac3c457706140d52afd88783068928ddc22a9f709776e23b3b150e26a25d1
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/xpdf/2.02-19.el3/x86_64/xpdf-2.02-19.el3.x86_64.rpm
Missing file
    MD5: d84e6177f3977fcb8df20078e5708d70
SHA-256: 54c2beebdf52505b5f893b0229025b68e033a183a8875453856a0e05025902ec
 

Bugs fixed (see bugzilla for more information)

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/