Fedora Core 4: Security Advisory for Poppler Remote Exec Threat

Poppler, a PDF rendering library, it's a fork of the xpdf PDF

viewer developed by Derek Noonburg of Glyph and Cog, LLC.

Chris Evans discovered several flaws in the way poppler

processes PDF files. An attacker could construct a carefully

crafted PDF file that could cause poppler to crash or possibly

execute arbitrary code when opened. The Common

Vulnerabilities and Exposures project assigned the names

CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and

CVE-2005-3627 to these issues.

- Update to 0.4.4 release and drop poppler-0.4.3-CVE-2005-3191.patch.

3690ab8e7d8e717f6fe2580a81738c579996357f SRPMS/poppler-0.4.4-1.1.src.rpm

1597b8461a8bd1972aee62d4e1b2027dcf2bbc42 ppc/poppler-0.4.4-1.1.ppc.rpm

363d5fcff948292d5f60663309df7bd147ddb7e7 ppc/poppler-devel-0.4.4-1.1.ppc.rpm

e372992802a3e1867dcbab31e4a69720065809c8 ppc/debug/poppler-debuginfo-0.4.4-1.1.ppc.rpm

6c30672e65b4f257812f0a6c1e4443aa8354e687 x86_64/poppler-0.4.4-1.1.x86_64.rpm

9ad63986347bb0de8cadb1fca0df69d865cbef4a x86_64/poppler-devel-0.4.4-1.1.x86_64.rpm

ed87f5deb75bcef2cfe15d2ea5a33991eb4227cb x86_64/debug/poppler-debuginfo-0.4.4-1.1.x86_64.rpm

1571c13ca07473bf880dad9712c2505fdf7d4e71 i386/poppler-0.4.4-1.1.i386.rpm

798f241bcec802e7d0c6ef09aebdaebd4f112d9c i386/poppler-devel-0.4.4-1.1.i386.rpm

2f18e087f3eb11a56204ef3caaedba900ba86eb9 i386/debug/poppler-debuginfo-0.4.4-1.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list

fedora-announce-list@redhat.com