Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 10: 2009-10694 High: xpdf Integer Overflow Threat

fedora
Calendar Grey October 20, 2009
Dist Fedora Esm H88
Upgrade xpdf on Fedora 10 to mitigate severe integer overflow vulnerabilities identified in various CVEs by applying patch 3.02pl4.
- apply xpdf-3.02pl4 security patch to fix: CVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609

Summary

Xpdf is an X Window System based viewer for Portable Document Format

(PDF) files. Xpdf is a small and efficient program which uses

standard X fonts.

Update Information:

- apply xpdf-3.02pl4 security patch to fix: CVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609

Topics%20covered

Topics Covered

security advisory Fedora security patch integer overflow xpdf

Change Log

* Fri Oct 16 2009 Tom "spot" Callaway - 1:3.02-15 - apply xpdf-3.02pl4 security patch to fix: CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606 CVE-2009-3608, CVE-2009-3609 * Mon Jul 27 2009 Fedora Release Engineering - 1:3.02-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu Apr 16 2009 Tom "spot" Callaway - 1:3.02-13 - apply xpdf-3.02pl3 security patch to fix: CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180 CVE-2009-1181, CVE-2009-1182, CVE-2009-1183 * Wed Mar 4 2009 Tom "spot" Callaway - 1:3.02-12 - add Requires: xorg-x11-fonts-ISO8859-1-100dpi (bz 485404) * Thu Feb 26 2009 Fedora Release Engineering - 1:3.02-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Wed Feb 11 2009 Tom "spot" Callaway - 1:3.02-10 - cleanup crash patch a bit (bz 483664) - improve support for more mouse buttons (bz 483669) * Wed Dec 10 2008 Tom "spot" Callaway - 1:3.02-9 - apply debian patches * Sun Sep 21 2008 Ville Skyttä - 1:3.02-8 - Fix Patch0:/%patch mismatch.

References


[ 1 ] Bug #495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=495907 [ 2 ] Bug #526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check https://bugzilla.redhat.com/show_bug.cgi?id=526911 [ 3 ] Bug #526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526877 [ 4 ] Bug #526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) https://bugzilla.redhat.com/show_bug.cgi?id=526637 [ 5 ] Bug #526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526893

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xpdf' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: xpdf
Product: Fedora 10
Version: 3.02
Release: 15.fc10
URL: http://www.xpdfreader.com/
Summary: A PDF file viewer for the X Window System

Topics%20covered

Topics Covered

security advisory Fedora security patch integer overflow xpdf

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here