Fedora Legacy Test Update Notification: xpdf
Marc Deslauriers
marcdeslauriers at videotron.ca
Sun Feb 26 16:12:19 UTC 2006
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-175404
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175404
2006-02-26
---------------------------------------------------------------------
Name : xpdf
Versions : rh73: xpdf-1.00-7.6.legacy
Versions : rh9: xpdf-2.01-11.4.legacy
Versions : fc1: xpdf-2.03-1.4.legacy
Versions : fc2: xpdf-3.00-3.8.1.legacy
Versions : fc3: xpdf-3.01-0.FC3.5.legacy
Summary : A PDF file viewer for the X Window System.
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.
---------------------------------------------------------------------
Update Information:
An updated xpdf package that fixes several security issues is now
available.
The xpdf package is an X Window System-based viewer for Portable
Document Format (PDF) files.
A flaw was discovered in Xpdf in that an attacker could construct a
carefully crafted PDF file that would cause Xpdf to consume all
available disk space in /tmp when opened. The Common Vulnerabilities
and Exposures project assigned the name CVE-2005-2097 to this issue.
Several flaws were discovered in Xpdf. An attacker could construct a
carefully crafted PDF file that could cause Xpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192,
CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,
CVE-2005-3627 and CVE-2005-3628 to these issues.
A heap based buffer overflow bug was discovered in Xpdf. An attacker
could construct a carefully crafted PDF file that could cause Xpdf to
crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the name CVE-2006-0301
to this issue.
Users of Xpdf should upgrade to this updated package, which contains
backported patches to resolve these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Mon Feb 20 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.00-7.6.legacy
- Added better patch for CVE-2004-0888
* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.00-7.5.legacy
- Added patch for CVE-2005-3193
rh9:
* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.01-11.4.legacy
- Added better patch for CVE-2004-0888
- Added patch for CVE-2005-3193
fc1:
* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:2.03-1.4.legacy
- Added better patch for CVE-2004-0888
- Added patch for CVE-2005-3193
fc2:
* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:3.00-3.8.1.legacy
- Apply patches for CVE-2005-2097, CVE-2005-3193, CVE-2006-0301
fc3:
* Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:3.01-0.FC3.5.legacy
- Added patch for CVE-2006-0301
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh73:
6096aa2b487e635ae3003cf246ec66d53dc81d41
redhat/7.3/updates-testing/i386/xpdf-1.00-7.6.legacy.i386.rpm
e670899dd04a31d466d0ba2cc213763157a3b101
redhat/7.3/updates-testing/i386/xpdf-chinese-simplified-1.00-7.6.legacy.i386.rpm
c636a2b79eb22afe35993466675e9fdd086a84f2
redhat/7.3/updates-testing/i386/xpdf-chinese-traditional-1.00-7.6.legacy.i386.rpm
9a2bfe9e373cd20422a862f48d3d6ad787b7f0f1
redhat/7.3/updates-testing/i386/xpdf-japanese-1.00-7.6.legacy.i386.rpm
bc47f11dea342606e74aff1a55cf74bd52783b60
redhat/7.3/updates-testing/i386/xpdf-korean-1.00-7.6.legacy.i386.rpm
ace7a51b625269d9f5bd3355b07a842f0e1426f4
redhat/7.3/updates-testing/SRPMS/xpdf-1.00-7.6.legacy.src.rpm
rh9:
4fe0714cdf2194cf0426e15210cbe509d77b2788
redhat/9/updates-testing/i386/xpdf-2.01-11.4.legacy.i386.rpm
c54fad904f475d693c781632dbadfae9434e4c87
redhat/9/updates-testing/i386/xpdf-chinese-simplified-2.01-11.4.legacy.i386.rpm
1b6f0cf3f309515fd60b88576a1168f9d9bc7fe0
redhat/9/updates-testing/i386/xpdf-chinese-traditional-2.01-11.4.legacy.i386.rpm
accef6df9ed9b1cee0e05fffa7e7dde085ae3f35
redhat/9/updates-testing/i386/xpdf-japanese-2.01-11.4.legacy.i386.rpm
69a7ae59cb1ddb5b422eccdec53711f459939c3f
redhat/9/updates-testing/i386/xpdf-korean-2.01-11.4.legacy.i386.rpm
090ddacf36dc0180c16cef8526aedc9bb9c5225c
redhat/9/updates-testing/SRPMS/xpdf-2.01-11.4.legacy.src.rpm
fc1:
0349626a79f659adc0590938b99a6097f6898f10
fedora/1/updates-testing/i386/xpdf-2.03-1.4.legacy.i386.rpm
8612ba60a89cfb0ef195450d1c927487b868deec
fedora/1/updates-testing/SRPMS/xpdf-2.03-1.4.legacy.src.rpm
fc2:
f60fc20854386ef91f6769aabd29f3a77e29084d
fedora/2/updates-testing/i386/xpdf-3.00-3.8.1.legacy.i386.rpm
64139c039afc0af67eadcc8c87e03aed6c6254d0
fedora/2/updates-testing/SRPMS/xpdf-3.00-3.8.1.legacy.src.rpm
fc3:
268cba4fb5fd62699595cdeed78375f324c874f6
fedora/3/updates-testing/i386/xpdf-3.01-0.FC3.5.legacy.i386.rpm
021ec4bb4d86192a519261b3073a3d348e4fa14a
fedora/3/updates-testing/x86_64/xpdf-3.01-0.FC3.5.legacy.x86_64.rpm
3e139055107af9057062154add60191331765e43
fedora/3/updates-testing/SRPMS/xpdf-3.01-0.FC3.5.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060226/7059fde7/attachment.sig>
More information about the fedora-legacy-list
mailing list