Fedora Core 2: kdegraphics Critical Update for PDF Issues

Graphics applications for the K Desktop Environment.

Includes:

kdvi (displays TeX .dvi files)

kfax (displays faxfiles)

kghostview (displays postscript files)

kcoloredit (palette editor and color chooser)

kamera (digital camera support)

kiconedit (icon editor)

kpaint (a simple drawing program)

ksnapshot (screen capture utility)

kview (image viewer for GIF, JPEG, TIFF, etc.)

kuickshow (quick picture viewer)

kooka (scanner application)

kruler (screen ruler and color measurement tool)

A problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (https://www.mitre.org) has assigned the name CAN-2004-0888 to this issue.

a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to this issue. * Thu Oct 28 2004 Than Ngo <than@redhat.com> 7:3.2.2-1.1

- add fix to link against system libtiff CAN-2004-0886 - apply patch to fix CAN-2004-0888

This update can be downloaded from:

a104c3550141c3f0e7f5245e321f717d SRPMS/kdegraphics-3.2.2-1.1.src.rpm b9c227361354cebbcae97df082e60f3c x86_64/kdegraphics-3.2.2-1.1.x86_64.rpm bd4...