Skip to navigation

Security Advisory Important: gpdf security update

Advisory: RHSA-2010:0752-1
Type: Security Advisory
Severity: Important
Issued on: 2010-10-07
Last updated on: 2010-10-07
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2010-3702
CVE-2010-3704

Details

An updated gpdf package that fixes two security issues is now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

GPdf is a viewer for Portable Document Format (PDF) files.

An uninitialized pointer use flaw was discovered in GPdf. An attacker could
create a malicious PDF file that, when opened, would cause GPdf to crash
or, potentially, execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way GPdf parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause GPdf to crash or, potentially, execute
arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to this updated package, which contains
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm     MD5: 2ec2af25ce8ee0d133a21217f8f87fc3
SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
 
IA-32:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm     MD5: 99e1a591279954dcbb9c97f30bd8120e
SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm     MD5: 48291cb4ac1a14e18ca9276c3d32fe23
SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm     MD5: 2ec2af25ce8ee0d133a21217f8f87fc3
SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
 
IA-32:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm     MD5: 99e1a591279954dcbb9c97f30bd8120e
SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm     MD5: 5c6925806514bfa5062f3abd2c2bd475
SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
 
PPC:
gpdf-2.8.2-7.7.2.el4_8.7.ppc.rpm     MD5: 1c0ad9e1b699eab3af56741f32c579e6
SHA-256: 2acd88922abe3e139942efad7482ab5d9be737bbae263ab68eb2360e963fd03a
 
s390:
gpdf-2.8.2-7.7.2.el4_8.7.s390.rpm     MD5: d204b7dbe32cb83d42f3d18c328ea1b2
SHA-256: bd8e18e1fd45141c6e86c514840a3a615943469a43564892cf68eb1f6f0293cb
 
s390x:
gpdf-2.8.2-7.7.2.el4_8.7.s390x.rpm     MD5: a4fe6e7c87969434f3832427e1263953
SHA-256: e74ded2066ff99fe603d3bcac1b388fddb98d473f8fe888e36acaaefa34dcef1
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm     MD5: 48291cb4ac1a14e18ca9276c3d32fe23
SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm     MD5: 2ec2af25ce8ee0d133a21217f8f87fc3
SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
 
IA-32:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm     MD5: 99e1a591279954dcbb9c97f30bd8120e
SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm     MD5: 5c6925806514bfa5062f3abd2c2bd475
SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
 
PPC:
gpdf-2.8.2-7.7.2.el4_8.7.ppc.rpm     MD5: 1c0ad9e1b699eab3af56741f32c579e6
SHA-256: 2acd88922abe3e139942efad7482ab5d9be737bbae263ab68eb2360e963fd03a
 
s390:
gpdf-2.8.2-7.7.2.el4_8.7.s390.rpm     MD5: d204b7dbe32cb83d42f3d18c328ea1b2
SHA-256: bd8e18e1fd45141c6e86c514840a3a615943469a43564892cf68eb1f6f0293cb
 
s390x:
gpdf-2.8.2-7.7.2.el4_8.7.s390x.rpm     MD5: a4fe6e7c87969434f3832427e1263953
SHA-256: e74ded2066ff99fe603d3bcac1b388fddb98d473f8fe888e36acaaefa34dcef1
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm     MD5: 48291cb4ac1a14e18ca9276c3d32fe23
SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm     MD5: 2ec2af25ce8ee0d133a21217f8f87fc3
SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
 
IA-32:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm     MD5: 99e1a591279954dcbb9c97f30bd8120e
SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm     MD5: 5c6925806514bfa5062f3abd2c2bd475
SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm     MD5: 48291cb4ac1a14e18ca9276c3d32fe23
SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm     MD5: 2ec2af25ce8ee0d133a21217f8f87fc3
SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
 
IA-32:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm     MD5: 99e1a591279954dcbb9c97f30bd8120e
SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm     MD5: 5c6925806514bfa5062f3abd2c2bd475
SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm     MD5: 48291cb4ac1a14e18ca9276c3d32fe23
SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm     MD5: 2ec2af25ce8ee0d133a21217f8f87fc3
SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
 
IA-32:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm     MD5: 99e1a591279954dcbb9c97f30bd8120e
SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248
 
IA-64:
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm     MD5: 5c6925806514bfa5062f3abd2c2bd475
SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
 
x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm     MD5: 48291cb4ac1a14e18ca9276c3d32fe23
SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/