Red Hat: RHSA-2007:0729-01 Important: kpdf Integer Overflow Risk

Updated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5.Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team.

- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Important: kdegraphics security update
Advisory ID:       RHSA-2007:0729-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0729.html
Issue date:        2007-07-30
Updated on:        2007-07-30
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-3387 
- ---------------------------------------------------------------------1. Summary:

Updated kdegraphics packages that fix a security issue in PDF handling are
now available for Red Hat Enterprise Linux 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64

3. Problem description:

The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a PDF file viewer.

Maurycy Prodeus discovered an integer overflow flaw in the processing
of PDF files.  An attacker could create a malicious PDF file that would
cause kpdf to crash or potentially execute arbitrary code when opened. 
(CVE-2007-3387)

All users of kdegraphics should upgrade to these updated packages, which
contain a backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

248194 - CVE-2007-3387 xpdf integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
b78ba0835fce93f721febd51318c1db6  kdegraphics-3.3.1-4.RHEL4.src.rpm

i386:
88544438bb972a546c374cbcb53f8956  kdegraphics-3.3.1-4.RHEL4.i386.rpm
c31a8d43003c21828dc3f563e0a5ebe8  kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm
178baf61f8c682d2ba9d9031afa23657  kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm

ia64:
b114dcd33743deb25c856ea3cf7b545a  kdegraphics-3.3.1-4.RHEL4.ia64.rpm
db486d94a2d8800f792547c2d2200ceb  kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm
3381a1ff9e438b77d4905f9803c05b42  kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm

ppc:
edab6a600164ee482d1d55171120c07b  kdegraphics-3.3.1-4.RHEL4.ppc.rpm
aad60b90f597ca5ecec87623632170b5  kdegraphics-debuginfo-3.3.1-4.RHEL4.ppc.rpm
ca631d25d2471b473a33bde34f13d405  kdegraphics-devel-3.3.1-4.RHEL4.ppc.rpm

s390:
2cf1fe87e50f7f480ac2321e47adf907  kdegraphics-3.3.1-4.RHEL4.s390.rpm
de54109ab25d76ed7c9d1f7cd52b0403  kdegraphics-debuginfo-3.3.1-4.RHEL4.s390.rpm
ff1a5a0c545d4118f6aee59aaa3d57dc  kdegraphics-devel-3.3.1-4.RHEL4.s390.rpm

s390x:
8eed01e12376df9e2f924338882e1e5a  kdegraphics-3.3.1-4.RHEL4.s390x.rpm
450052f389766b6d58ce89fb5dac30cd  kdegraphics-debuginfo-3.3.1-4.RHEL4.s390x.rpm
9361e2e1aac6fa7974e164a7a57c9688  kdegraphics-devel-3.3.1-4.RHEL4.s390x.rpm

x86_64:
ca58ec39be68af1a6cacb443a3fc5615  kdegraphics-3.3.1-4.RHEL4.x86_64.rpm
afb42e97c91596ee5994a2d127768450  kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm
da78236e6660e3bf558f923aa3bb59f9  kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
b78ba0835fce93f721febd51318c1db6  kdegraphics-3.3.1-4.RHEL4.src.rpm

i386:
88544438bb972a546c374cbcb53f8956  kdegraphics-3.3.1-4.RHEL4.i386.rpm
c31a8d43003c21828dc3f563e0a5ebe8  kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm
178baf61f8c682d2ba9d9031afa23657  kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm

x86_64:
ca58ec39be68af1a6cacb443a3fc5615  kdegraphics-3.3.1-4.RHEL4.x86_64.rpm
afb42e97c91596ee5994a2d127768450  kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm
da78236e6660e3bf558f923aa3bb59f9  kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
b78ba0835fce93f721febd51318c1db6  kdegraphics-3.3.1-4.RHEL4.src.rpm

i386:
88544438bb972a546c374cbcb53f8956  kdegraphics-3.3.1-4.RHEL4.i386.rpm
c31a8d43003c21828dc3f563e0a5ebe8  kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm
178baf61f8c682d2ba9d9031afa23657  kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm

ia64:
b114dcd33743deb25c856ea3cf7b545a  kdegraphics-3.3.1-4.RHEL4.ia64.rpm
db486d94a2d8800f792547c2d2200ceb  kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm
3381a1ff9e438b77d4905f9803c05b42  kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm

x86_64:
ca58ec39be68af1a6cacb443a3fc5615  kdegraphics-3.3.1-4.RHEL4.x86_64.rpm
afb42e97c91596ee5994a2d127768450  kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm
da78236e6660e3bf558f923aa3bb59f9  kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
b78ba0835fce93f721febd51318c1db6  kdegraphics-3.3.1-4.RHEL4.src.rpm

i386:
88544438bb972a546c374cbcb53f8956  kdegraphics-3.3.1-4.RHEL4.i386.rpm
c31a8d43003c21828dc3f563e0a5ebe8  kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm
178baf61f8c682d2ba9d9031afa23657  kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm

ia64:
b114dcd33743deb25c856ea3cf7b545a  kdegraphics-3.3.1-4.RHEL4.ia64.rpm
db486d94a2d8800f792547c2d2200ceb  kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm
3381a1ff9e438b77d4905f9803c05b42  kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm

x86_64:
ca58ec39be68af1a6cacb443a3fc5615  kdegraphics-3.3.1-4.RHEL4.x86_64.rpm
afb42e97c91596ee5994a2d127768450  kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm
da78236e6660e3bf558f923aa3bb59f9  kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
449672b607d1b707bdc3bab763b4828e  kdegraphics-3.5.4-2.el5.src.rpm

i386:
26f52902c9f59744d25620f281eb47b8  kdegraphics-3.5.4-2.el5.i386.rpm
82f829719f108b1046f7e1f03e282c75  kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm

x86_64:
f3c5a0c8328efe296bfaa1841fafca7b  kdegraphics-3.5.4-2.el5.x86_64.rpm
6394160b918675dc57f5fb91e3a43f3c  kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
449672b607d1b707bdc3bab763b4828e  kdegraphics-3.5.4-2.el5.src.rpm

i386:
82f829719f108b1046f7e1f03e282c75  kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm
98ce8d56bf736e4fea3489797ff7f349  kdegraphics-devel-3.5.4-2.el5.i386.rpm

x86_64:
82f829719f108b1046f7e1f03e282c75  kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm
6394160b918675dc57f5fb91e3a43f3c  kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm
98ce8d56bf736e4fea3489797ff7f349  kdegraphics-devel-3.5.4-2.el5.i386.rpm
72a9c49a87f2fc072084cb51c4c7caea  kdegraphics-devel-3.5.4-2.el5.x86_64.rpm

RHEL Optional Productivity Applications (v. 5 server):

SRPMS:
449672b607d1b707bdc3bab763b4828e  kdegraphics-3.5.4-2.el5.src.rpm

i386:
26f52902c9f59744d25620f281eb47b8  kdegraphics-3.5.4-2.el5.i386.rpm
82f829719f108b1046f7e1f03e282c75  kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm
98ce8d56bf736e4fea3489797ff7f349  kdegraphics-devel-3.5.4-2.el5.i386.rpm

x86_64:
f3c5a0c8328efe296bfaa1841fafca7b  kdegraphics-3.5.4-2.el5.x86_64.rpm
82f829719f108b1046f7e1f03e282c75  kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm
6394160b918675dc57f5fb91e3a43f3c  kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm
98ce8d56bf736e4fea3489797ff7f349  kdegraphics-devel-3.5.4-2.el5.i386.rpm
72a9c49a87f2fc072084cb51c4c7caea  kdegraphics-devel-3.5.4-2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key#package

7. References:

https://www.cve.org/CVERecord?id=CVE-2007-3387
https://access.redhat.com/security/updates/classification#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://access.redhat.com/security/team/contact

Copyright 2007 Red Hat, Inc.

Red Hat: RHSA-2007:0729-01 Important: kpdf Integer Overflow Risk

red hat

July 30, 2007

Updated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5.Maurycy Prodeus discovered an integer overflow flaw ...

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

248194 - CVE-2007-3387 xpdf integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS: b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm

i386: 88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm 178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm

ia64: b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm 3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm

ppc: edab6a600164ee482d1d55171120c07b kdegraphics-3.3.1-4.RHEL4.ppc.rpm aad60b90f597ca5ecec87623632170b5 kdegraphics-debuginfo-3.3.1-4.RHEL4.ppc.rpm ca631d25d2471b473a33bde34f13d405 kdegraphics-devel-3.3.1-4.RHEL4.ppc.rpm

s390: 2cf1fe87e50f7f480ac2321e47adf907 kdegraphics-3.3.1-4.RHEL4.s390.rpm de54109ab25d76ed7c9d1f7cd52b0403 kdegraphics-debuginfo-3.3.1-4.RHEL4.s390.rpm ff1a5a0c545d4118f6aee59aaa3d57dc kdegraphics-devel-3.3.1-4.RHEL4.s390.rpm

s390x: 8eed01e12376df9e2f924338882e1e5a kdegraphics-3.3.1-4.RHEL4.s390x.rpm 450052f389766b6d58ce89fb5dac30cd kdegraphics-debuginfo-3.3.1-4.RHEL4.s390x.rpm 9361e2e1aac6fa7974e164a7a57c9688 kdegraphics-devel-3.3.1-4.RHEL4.s390x.rpm

x86_64: ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS: b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS: b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS: b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS: 449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm

i386: 26f52902c9f59744d25620f281eb47b8 kdegraphics-3.5.4-2.el5.i386.rpm 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm

x86_64: f3c5a0c8328efe296bfaa1841fafca7b kdegraphics-3.5.4-2.el5.x86_64.rpm 6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS: 449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm

i386: 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm

x86_64: 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm 72a9c49a87f2fc072084cb51c4c7caea kdegraphics-devel-3.5.4-2.el5.x86_64.rpm

RHEL Optional Productivity Applications (v. 5 server):

SRPMS: 449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm

i386: 26f52902c9f59744d25620f281eb47b8 kdegraphics-3.5.4-2.el5.i386.rpm 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm

x86_64: f3c5a0c8328efe296bfaa1841fafca7b kdegraphics-3.5.4-2.el5.x86_64.rpm 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm 72a9c49a87f2fc072084cb51c4c7caea kdegraphics-devel-3.5.4-2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

Topics Covered

security advisory Red Hat Enterprise Linux software upgrade integer overflow kdegraphics important update pdf handling

References

https://www.cve.org/CVERecord?id=CVE-2007-3387 https://access.redhat.com/security/updates/classification#important

Package List

Severity

important

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2007:0729-01

Advisory URL: https://access.redhat.com/errata/RHSA-2007:0729.html

Issue date: 2007-07-30

Updated on: 2007-07-30

Product: Red Hat Enterprise Linux

Topic

Topics Covered

security advisory Red Hat Enterprise Linux software upgrade integer overflow kdegraphics important update pdf handling

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat: RHSA-2007:0729-01 Important: kpdf Integer Overflow Risk

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Red Hat: RHSA-2007:0729-01 Important: kpdf Integer Overflow Risk

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat: RHSA-2007:0729-01 Important: kpdf Integer Overflow Risk

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Red Hat: RHSA-2007:0729-01 Important: kpdf Integer Overflow Risk

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!