Skip to navigation

Security Advisory Important: xpdf security update

Advisory: RHSA-2010:0751-1
Type: Security Advisory
Severity: Important
Issued on: 2010-10-07
Last updated on: 2010-10-07
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2010-3702
CVE-2010-3704

Details

An updated xpdf package that fixes two security issues is now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Xpdf is an X Window System based viewer for Portable Document Format (PDF)
files.

An uninitialized pointer use flaw was discovered in Xpdf. An attacker could
create a malicious PDF file that, when opened, would cause Xpdf to crash
or, potentially, execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way Xpdf parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause Xpdf to crash or, potentially, execute
arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to this updated package, which contains
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
xpdf-3.00-24.el4_8.1.src.rpm     MD5: 0296514ad4a1152da4ecb5be5dad7103
SHA-256: e8cbd29a51a4b590fe785408ddafe65db96ddc34101ea9b8033321e0b6c05be3
 
IA-32:
xpdf-3.00-24.el4_8.1.i386.rpm     MD5: a5ac0f04114550eff382b1da73b49496
SHA-256: 14662d71f1c7f1ae078524c5d70526b4e32020f83e525f83aa6b326d79202b39
 
x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm     MD5: db13c476c5f7625666972cb0e04fe037
SHA-256: 2dcf4b48eb6e85b55c6c02543d8d7708b6cc16d6656330aac8484961bcfca4e7
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
xpdf-3.00-24.el4_8.1.src.rpm     MD5: 0296514ad4a1152da4ecb5be5dad7103
SHA-256: e8cbd29a51a4b590fe785408ddafe65db96ddc34101ea9b8033321e0b6c05be3
 
IA-32:
xpdf-3.00-24.el4_8.1.i386.rpm     MD5: a5ac0f04114550eff382b1da73b49496
SHA-256: 14662d71f1c7f1ae078524c5d70526b4e32020f83e525f83aa6b326d79202b39
 
IA-64:
xpdf-3.00-24.el4_8.1.ia64.rpm     MD5: c9a0cac034e113b5d61bb36cea57ebcb
SHA-256: 8bf1ccf888058a2d7888e3c0d1897f4b3ae525e60bac3966fca2d1918d83e6a3
 
PPC:
xpdf-3.00-24.el4_8.1.ppc.rpm     MD5: bc0f8b617c828a34bf91a18aaf55d692
SHA-256: cacba596c43b6284a8f0cb7e58f1282c98cc12051a41d6758335147c874469c2
 
s390:
xpdf-3.00-24.el4_8.1.s390.rpm     MD5: 115eb49e362179ff93f384e5a808482c
SHA-256: f7296f6c705e7855f6ed7daac92376c289d16bd44d6c7a6e62016e3950b41918
 
s390x:
xpdf-3.00-24.el4_8.1.s390x.rpm     MD5: d7f0e45c3d8961374b07f47eaaeb967b
SHA-256: c439b2cc947c1c7e9582c02d5e35730a69e9ec14509dae183827b5bc2885e9f2
 
x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm     MD5: db13c476c5f7625666972cb0e04fe037
SHA-256: 2dcf4b48eb6e85b55c6c02543d8d7708b6cc16d6656330aac8484961bcfca4e7
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
xpdf-3.00-24.el4_8.1.src.rpm     MD5: 0296514ad4a1152da4ecb5be5dad7103
SHA-256: e8cbd29a51a4b590fe785408ddafe65db96ddc34101ea9b8033321e0b6c05be3
 
IA-32:
xpdf-3.00-24.el4_8.1.i386.rpm     MD5: a5ac0f04114550eff382b1da73b49496
SHA-256: 14662d71f1c7f1ae078524c5d70526b4e32020f83e525f83aa6b326d79202b39
 
IA-64:
xpdf-3.00-24.el4_8.1.ia64.rpm     MD5: c9a0cac034e113b5d61bb36cea57ebcb
SHA-256: 8bf1ccf888058a2d7888e3c0d1897f4b3ae525e60bac3966fca2d1918d83e6a3
 
PPC:
xpdf-3.00-24.el4_8.1.ppc.rpm     MD5: bc0f8b617c828a34bf91a18aaf55d692
SHA-256: cacba596c43b6284a8f0cb7e58f1282c98cc12051a41d6758335147c874469c2
 
s390:
xpdf-3.00-24.el4_8.1.s390.rpm     MD5: 115eb49e362179ff93f384e5a808482c
SHA-256: f7296f6c705e7855f6ed7daac92376c289d16bd44d6c7a6e62016e3950b41918
 
s390x:
xpdf-3.00-24.el4_8.1.s390x.rpm     MD5: d7f0e45c3d8961374b07f47eaaeb967b
SHA-256: c439b2cc947c1c7e9582c02d5e35730a69e9ec14509dae183827b5bc2885e9f2
 
x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm     MD5: db13c476c5f7625666972cb0e04fe037
SHA-256: 2dcf4b48eb6e85b55c6c02543d8d7708b6cc16d6656330aac8484961bcfca4e7
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
xpdf-3.00-24.el4_8.1.src.rpm     MD5: 0296514ad4a1152da4ecb5be5dad7103
SHA-256: e8cbd29a51a4b590fe785408ddafe65db96ddc34101ea9b8033321e0b6c05be3
 
IA-32:
xpdf-3.00-24.el4_8.1.i386.rpm     MD5: a5ac0f04114550eff382b1da73b49496
SHA-256: 14662d71f1c7f1ae078524c5d70526b4e32020f83e525f83aa6b326d79202b39
 
IA-64:
xpdf-3.00-24.el4_8.1.ia64.rpm     MD5: c9a0cac034e113b5d61bb36cea57ebcb
SHA-256: 8bf1ccf888058a2d7888e3c0d1897f4b3ae525e60bac3966fca2d1918d83e6a3
 
x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm     MD5: db13c476c5f7625666972cb0e04fe037
SHA-256: 2dcf4b48eb6e85b55c6c02543d8d7708b6cc16d6656330aac8484961bcfca4e7
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
xpdf-3.00-24.el4_8.1.src.rpm     MD5: 0296514ad4a1152da4ecb5be5dad7103
SHA-256: e8cbd29a51a4b590fe785408ddafe65db96ddc34101ea9b8033321e0b6c05be3
 
IA-32:
xpdf-3.00-24.el4_8.1.i386.rpm     MD5: a5ac0f04114550eff382b1da73b49496
SHA-256: 14662d71f1c7f1ae078524c5d70526b4e32020f83e525f83aa6b326d79202b39
 
IA-64:
xpdf-3.00-24.el4_8.1.ia64.rpm     MD5: c9a0cac034e113b5d61bb36cea57ebcb
SHA-256: 8bf1ccf888058a2d7888e3c0d1897f4b3ae525e60bac3966fca2d1918d83e6a3
 
x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm     MD5: db13c476c5f7625666972cb0e04fe037
SHA-256: 2dcf4b48eb6e85b55c6c02543d8d7708b6cc16d6656330aac8484961bcfca4e7
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
xpdf-3.00-24.el4_8.1.src.rpm     MD5: 0296514ad4a1152da4ecb5be5dad7103
SHA-256: e8cbd29a51a4b590fe785408ddafe65db96ddc34101ea9b8033321e0b6c05be3
 
IA-32:
xpdf-3.00-24.el4_8.1.i386.rpm     MD5: a5ac0f04114550eff382b1da73b49496
SHA-256: 14662d71f1c7f1ae078524c5d70526b4e32020f83e525f83aa6b326d79202b39
 
IA-64:
xpdf-3.00-24.el4_8.1.ia64.rpm     MD5: c9a0cac034e113b5d61bb36cea57ebcb
SHA-256: 8bf1ccf888058a2d7888e3c0d1897f4b3ae525e60bac3966fca2d1918d83e6a3
 
x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm     MD5: db13c476c5f7625666972cb0e04fe037
SHA-256: 2dcf4b48eb6e85b55c6c02543d8d7708b6cc16d6656330aac8484961bcfca4e7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/