Skip to navigation

Security Advisory Important: kdegraphics security update

Advisory: RHSA-2010:0753-1
Type: Security Advisory
Severity: Important
Issued on: 2010-10-07
Last updated on: 2010-10-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
RHEL Optional Productivity Applications (v. 5 server)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2010-3702
CVE-2010-3704

Details

Updated kdegraphics packages that fix two security issues are now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kdegraphics packages contain applications for the K Desktop
Environment, including KPDF, a viewer for Portable Document Format (PDF)
files.

An uninitialized pointer use flaw was discovered in KPDF. An attacker could
create a malicious PDF file that, when opened, would cause KPDF to crash
or, potentially, execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way KPDF parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause KPDF to crash or, potentially, execute
arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
kdegraphics-3.5.4-17.el5_5.1.src.rpm     MD5: d265aeb28ac5f0204c6dd059102d4aca
SHA-256: d20ab1aae0266e4338bebff12ae0271fb68f6414e1844c69232231127d41eaa9
 
IA-32:
kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm     MD5: d8f668e361407e56aa9461f300d8709b
SHA-256: 3f17465fb37d22d35bbe961c5bcbd9f880220ef5480785de78a10ce3b8b67b05
 
x86_64:
kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm     MD5: d8f668e361407e56aa9461f300d8709b
SHA-256: 3f17465fb37d22d35bbe961c5bcbd9f880220ef5480785de78a10ce3b8b67b05
kdegraphics-devel-3.5.4-17.el5_5.1.x86_64.rpm     MD5: 2ea9a8511a98de4a670cf96341f7ee97
SHA-256: 18360a888db064daba2acf7e8a01260459daa0786804ebe5a42a9d89a82104d0
 
RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
kdegraphics-3.5.4-17.el5_5.1.src.rpm     MD5: d265aeb28ac5f0204c6dd059102d4aca
SHA-256: d20ab1aae0266e4338bebff12ae0271fb68f6414e1844c69232231127d41eaa9
 
IA-32:
kdegraphics-3.5.4-17.el5_5.1.i386.rpm     MD5: d14af8aef4dfcc779058566afc6cb2f3
SHA-256: 59d13e8491cb64fd0036f22f1e2c97282afe273bed45893877d2eb3e43f02bbc
kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm     MD5: d8f668e361407e56aa9461f300d8709b
SHA-256: 3f17465fb37d22d35bbe961c5bcbd9f880220ef5480785de78a10ce3b8b67b05
 
x86_64:
kdegraphics-3.5.4-17.el5_5.1.x86_64.rpm     MD5: dd26a50321d607086a9221a1cfb37f1d
SHA-256: 30bd611f67ca209a3026df505918ea93247fd119e70b3fad625e1db872e85720
kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm     MD5: d8f668e361407e56aa9461f300d8709b
SHA-256: 3f17465fb37d22d35bbe961c5bcbd9f880220ef5480785de78a10ce3b8b67b05
kdegraphics-devel-3.5.4-17.el5_5.1.x86_64.rpm     MD5: 2ea9a8511a98de4a670cf96341f7ee97
SHA-256: 18360a888db064daba2acf7e8a01260459daa0786804ebe5a42a9d89a82104d0
 
Red Hat Desktop (v. 4)

SRPMS:
kdegraphics-3.3.1-18.el4_8.1.src.rpm     MD5: 7840c2c03e687602b10845366f5a93c8
SHA-256: d958186ac458956256fa491164ac69aa3950d9124f06598cfcf9934fcad3f33b
 
IA-32:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm     MD5: 4cbc6e7e5fb359ea3d800c5066dc0a42
SHA-256: 841555bbdfb8adc1be3789890f2d145e8e2e4cc1b130b6fa9495833c8e867d5c
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm     MD5: b6eb0313e1c77a3f813fd9b2d79579be
SHA-256: 7104e606c576a565717a25de72558de5adf2bc030a131b4a7b51bb365281b09f
 
x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm     MD5: 299dec058e03c7e737e4d941699490d4
SHA-256: c7c6504e308dfa7a884ec45fc1d7d1508f835fb0fe248ddde07eaee4fc797930
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm     MD5: eec0b7873391028166e05cb47119c647
SHA-256: 1054827062f1c8d63766943d8546d5bf6a0714df4359288d5979721425c344be
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
kdegraphics-3.3.1-18.el4_8.1.src.rpm     MD5: 7840c2c03e687602b10845366f5a93c8
SHA-256: d958186ac458956256fa491164ac69aa3950d9124f06598cfcf9934fcad3f33b
 
IA-32:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm     MD5: 4cbc6e7e5fb359ea3d800c5066dc0a42
SHA-256: 841555bbdfb8adc1be3789890f2d145e8e2e4cc1b130b6fa9495833c8e867d5c
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm     MD5: b6eb0313e1c77a3f813fd9b2d79579be
SHA-256: 7104e606c576a565717a25de72558de5adf2bc030a131b4a7b51bb365281b09f
 
IA-64:
kdegraphics-3.3.1-18.el4_8.1.ia64.rpm     MD5: fa0ab47a1eb3f6268e7e169b856f637e
SHA-256: 94edf359dbee2200af4464f0cb64aabc44c2b0337c691ca3eb9833c732cfc544
kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm     MD5: d470bd79b1d3ef0999e5ebed5e2391e3
SHA-256: 700951dca1154b661ec21abd2d9279e4ea34416ddbb3623bd23a5b648f1314e3
 
PPC:
kdegraphics-3.3.1-18.el4_8.1.ppc.rpm     MD5: 885fe8be4eabc4937f3f091454ae04b1
SHA-256: 5928206f83034cc2fb3febae9a2674fd1a5ce95266fd55df7a7fc0c1f0b77fdc
kdegraphics-devel-3.3.1-18.el4_8.1.ppc.rpm     MD5: bcf0d6d7d85bf0a24d2c0c7b79de23d3
SHA-256: ad274caf4c2154c646557e470280b637f839c18ac26dd11d2579c6ccc78a49aa
 
s390:
kdegraphics-3.3.1-18.el4_8.1.s390.rpm     MD5: 6196a99adbc02bd73d221cee0296b2b6
SHA-256: fd3e12266fdd130be64a6ae42b471b336c6c6f4933588c0adaa0251e6da080b1
kdegraphics-devel-3.3.1-18.el4_8.1.s390.rpm     MD5: 3d40f21411a4575075933f5ca4d16ac4
SHA-256: b4c941d82ead85296cc5e00f055a2fa403da72074302869241fe35fc88fa3aa6
 
s390x:
kdegraphics-3.3.1-18.el4_8.1.s390x.rpm     MD5: b0b80e1deb24b7be5ffae7e1b7aae18f
SHA-256: 5f1a48314e32226dc292689ed05b8307b1e0e8c3a95ef365d1b12a1bbceb4574
kdegraphics-devel-3.3.1-18.el4_8.1.s390x.rpm     MD5: e42c4af8f79b71509270e81af31128d8
SHA-256: 8476597917cce18b276725cd0a8e94e13d58af0541ba7a1acc21b31a70a8db07
 
x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm     MD5: 299dec058e03c7e737e4d941699490d4
SHA-256: c7c6504e308dfa7a884ec45fc1d7d1508f835fb0fe248ddde07eaee4fc797930
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm     MD5: eec0b7873391028166e05cb47119c647
SHA-256: 1054827062f1c8d63766943d8546d5bf6a0714df4359288d5979721425c344be
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
kdegraphics-3.3.1-18.el4_8.1.src.rpm     MD5: 7840c2c03e687602b10845366f5a93c8
SHA-256: d958186ac458956256fa491164ac69aa3950d9124f06598cfcf9934fcad3f33b
 
IA-32:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm     MD5: 4cbc6e7e5fb359ea3d800c5066dc0a42
SHA-256: 841555bbdfb8adc1be3789890f2d145e8e2e4cc1b130b6fa9495833c8e867d5c
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm     MD5: b6eb0313e1c77a3f813fd9b2d79579be
SHA-256: 7104e606c576a565717a25de72558de5adf2bc030a131b4a7b51bb365281b09f
 
IA-64:
kdegraphics-3.3.1-18.el4_8.1.ia64.rpm     MD5: fa0ab47a1eb3f6268e7e169b856f637e
SHA-256: 94edf359dbee2200af4464f0cb64aabc44c2b0337c691ca3eb9833c732cfc544
kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm     MD5: d470bd79b1d3ef0999e5ebed5e2391e3
SHA-256: 700951dca1154b661ec21abd2d9279e4ea34416ddbb3623bd23a5b648f1314e3
 
PPC:
kdegraphics-3.3.1-18.el4_8.1.ppc.rpm     MD5: 885fe8be4eabc4937f3f091454ae04b1
SHA-256: 5928206f83034cc2fb3febae9a2674fd1a5ce95266fd55df7a7fc0c1f0b77fdc
kdegraphics-devel-3.3.1-18.el4_8.1.ppc.rpm     MD5: bcf0d6d7d85bf0a24d2c0c7b79de23d3
SHA-256: ad274caf4c2154c646557e470280b637f839c18ac26dd11d2579c6ccc78a49aa
 
s390:
kdegraphics-3.3.1-18.el4_8.1.s390.rpm     MD5: 6196a99adbc02bd73d221cee0296b2b6
SHA-256: fd3e12266fdd130be64a6ae42b471b336c6c6f4933588c0adaa0251e6da080b1
kdegraphics-devel-3.3.1-18.el4_8.1.s390.rpm     MD5: 3d40f21411a4575075933f5ca4d16ac4
SHA-256: b4c941d82ead85296cc5e00f055a2fa403da72074302869241fe35fc88fa3aa6
 
s390x:
kdegraphics-3.3.1-18.el4_8.1.s390x.rpm     MD5: b0b80e1deb24b7be5ffae7e1b7aae18f
SHA-256: 5f1a48314e32226dc292689ed05b8307b1e0e8c3a95ef365d1b12a1bbceb4574
kdegraphics-devel-3.3.1-18.el4_8.1.s390x.rpm     MD5: e42c4af8f79b71509270e81af31128d8
SHA-256: 8476597917cce18b276725cd0a8e94e13d58af0541ba7a1acc21b31a70a8db07
 
x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm     MD5: 299dec058e03c7e737e4d941699490d4
SHA-256: c7c6504e308dfa7a884ec45fc1d7d1508f835fb0fe248ddde07eaee4fc797930
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm     MD5: eec0b7873391028166e05cb47119c647
SHA-256: 1054827062f1c8d63766943d8546d5bf6a0714df4359288d5979721425c344be
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
kdegraphics-3.5.4-17.el5_5.1.src.rpm     MD5: d265aeb28ac5f0204c6dd059102d4aca
SHA-256: d20ab1aae0266e4338bebff12ae0271fb68f6414e1844c69232231127d41eaa9
 
IA-32:
kdegraphics-3.5.4-17.el5_5.1.i386.rpm     MD5: d14af8aef4dfcc779058566afc6cb2f3
SHA-256: 59d13e8491cb64fd0036f22f1e2c97282afe273bed45893877d2eb3e43f02bbc
 
x86_64:
kdegraphics-3.5.4-17.el5_5.1.x86_64.rpm     MD5: dd26a50321d607086a9221a1cfb37f1d
SHA-256: 30bd611f67ca209a3026df505918ea93247fd119e70b3fad625e1db872e85720
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
kdegraphics-3.3.1-18.el4_8.1.src.rpm     MD5: 7840c2c03e687602b10845366f5a93c8
SHA-256: d958186ac458956256fa491164ac69aa3950d9124f06598cfcf9934fcad3f33b
 
IA-32:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm     MD5: 4cbc6e7e5fb359ea3d800c5066dc0a42
SHA-256: 841555bbdfb8adc1be3789890f2d145e8e2e4cc1b130b6fa9495833c8e867d5c
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm     MD5: b6eb0313e1c77a3f813fd9b2d79579be
SHA-256: 7104e606c576a565717a25de72558de5adf2bc030a131b4a7b51bb365281b09f
 
IA-64:
kdegraphics-3.3.1-18.el4_8.1.ia64.rpm     MD5: fa0ab47a1eb3f6268e7e169b856f637e
SHA-256: 94edf359dbee2200af4464f0cb64aabc44c2b0337c691ca3eb9833c732cfc544
kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm     MD5: d470bd79b1d3ef0999e5ebed5e2391e3
SHA-256: 700951dca1154b661ec21abd2d9279e4ea34416ddbb3623bd23a5b648f1314e3
 
x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm     MD5: 299dec058e03c7e737e4d941699490d4
SHA-256: c7c6504e308dfa7a884ec45fc1d7d1508f835fb0fe248ddde07eaee4fc797930
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm     MD5: eec0b7873391028166e05cb47119c647
SHA-256: 1054827062f1c8d63766943d8546d5bf6a0714df4359288d5979721425c344be
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
kdegraphics-3.3.1-18.el4_8.1.src.rpm     MD5: 7840c2c03e687602b10845366f5a93c8
SHA-256: d958186ac458956256fa491164ac69aa3950d9124f06598cfcf9934fcad3f33b
 
IA-32:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm     MD5: 4cbc6e7e5fb359ea3d800c5066dc0a42
SHA-256: 841555bbdfb8adc1be3789890f2d145e8e2e4cc1b130b6fa9495833c8e867d5c
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm     MD5: b6eb0313e1c77a3f813fd9b2d79579be
SHA-256: 7104e606c576a565717a25de72558de5adf2bc030a131b4a7b51bb365281b09f
 
IA-64:
kdegraphics-3.3.1-18.el4_8.1.ia64.rpm     MD5: fa0ab47a1eb3f6268e7e169b856f637e
SHA-256: 94edf359dbee2200af4464f0cb64aabc44c2b0337c691ca3eb9833c732cfc544
kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm     MD5: d470bd79b1d3ef0999e5ebed5e2391e3
SHA-256: 700951dca1154b661ec21abd2d9279e4ea34416ddbb3623bd23a5b648f1314e3
 
x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm     MD5: 299dec058e03c7e737e4d941699490d4
SHA-256: c7c6504e308dfa7a884ec45fc1d7d1508f835fb0fe248ddde07eaee4fc797930
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm     MD5: eec0b7873391028166e05cb47119c647
SHA-256: 1054827062f1c8d63766943d8546d5bf6a0714df4359288d5979721425c344be
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
kdegraphics-3.3.1-18.el4_8.1.src.rpm     MD5: 7840c2c03e687602b10845366f5a93c8
SHA-256: d958186ac458956256fa491164ac69aa3950d9124f06598cfcf9934fcad3f33b
 
IA-32:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm     MD5: 4cbc6e7e5fb359ea3d800c5066dc0a42
SHA-256: 841555bbdfb8adc1be3789890f2d145e8e2e4cc1b130b6fa9495833c8e867d5c
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm     MD5: b6eb0313e1c77a3f813fd9b2d79579be
SHA-256: 7104e606c576a565717a25de72558de5adf2bc030a131b4a7b51bb365281b09f
 
IA-64:
kdegraphics-3.3.1-18.el4_8.1.ia64.rpm     MD5: fa0ab47a1eb3f6268e7e169b856f637e
SHA-256: 94edf359dbee2200af4464f0cb64aabc44c2b0337c691ca3eb9833c732cfc544
kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm     MD5: d470bd79b1d3ef0999e5ebed5e2391e3
SHA-256: 700951dca1154b661ec21abd2d9279e4ea34416ddbb3623bd23a5b648f1314e3
 
x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm     MD5: 299dec058e03c7e737e4d941699490d4
SHA-256: c7c6504e308dfa7a884ec45fc1d7d1508f835fb0fe248ddde07eaee4fc797930
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm     MD5: eec0b7873391028166e05cb47119c647
SHA-256: 1054827062f1c8d63766943d8546d5bf6a0714df4359288d5979721425c344be
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/