Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Red Hat Linux 5.2 RHSA-2000:060-03 Critical: xpdf Temp File Issue

Calendar Sep 14, 2000 User Avatar LinuxSecurity Advisories
1 - 2 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory Red Hat critical bug fix xpdf temporary file issue malicious URL
There is a security problem when using tmpnam() and fopen() in versions prior to 0.91. ` 
---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          xpdf bugfix release
Advisory ID:       RHSA-2000:060-03
Issue date:        2000-09-13
Updated on:        2000-09-13
Product:           Red Hat Linux
Keywords:          security problem in temporary file and malicious URL.
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

Security problem in temporary file and malicious URL.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc

3. Problem description:

There is a security problem when using tmpnam() and fopen() in versions
prior to 0.91. The problem is seen when a root user overwrites files
where a symlink is created between the calls to tmpname() and fopen().
 
There is also a problem with URL-type links in PDF documents that contain
quote characters which could also be used to execute arbitrary commands.
 
The xpdf-0.91 fixes both these security problems.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed  (  for more info):

N/A

6. RPMs required:

Red Hat Linux 5.2:

sparc: 
 

alpha: 
 

i386: 
 

sources: 
 

Red Hat Linux 6.2:

sparc: 
 

alpha: 
 

i386: 
 

sources: 
 

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
1ca613dc77206c3529dab585e6f4fffd  5.2/SRPMS/xpdf-0.91-1.5x.src.rpm
20632cc51819d8a277636bc7e72041ea  5.2/alpha/xpdf-0.91-1.5x.alpha.rpm
da4bfce20f17967f03697f7a141a7883  5.2/i386/xpdf-0.91-1.5x.i386.rpm
1707cdcbe06867e9d927c7c150b856e6  5.2/sparc/xpdf-0.91-1.5x.sparc.rpm
54136dd475eeea9f24bf0f7a1eb2d5d9  6.2/SRPMS/xpdf-0.91-1.6x.src.rpm
db42b309ce51cf80661b1ea43141328b  6.2/alpha/xpdf-0.91-1.6x.alpha.rpm
7a00ef826fa8f5fa37246a78f4ddcc4a  6.2/i386/xpdf-0.91-1.6x.i386.rpm
8f442274085c2bb45c72f2920d4027d3  6.2/sparc/xpdf-0.91-1.6x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
      

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 



Copyright(c) 2000 Red Hat, Inc.
`

Red Hat Linux 5.2 RHSA-2000:060-03 Critical: xpdf Temp File Issue

red hat
Calendar Grey September 14, 2000
Dist Redhat Esm H88
The critical Red Hat advisory highlights xpdf temp file issues and malicious URLs, urging immediate updates for security.
There is a security problem when using tmpnam() and fopen() in versions prior to 0.91.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

N/A

6. RPMs required:

Red Hat Linux 5.2:

sparc:


alpha:


i386:


sources:


Red Hat Linux 6.2:

sparc:


alpha:


i386:


sources:


7. Verification:

MD5 sum Package Name 1ca613dc77206c3529dab585e6f4fffd 5.2/SRPMS/xpdf-0.91-1.5x.src.rpm 20632cc51819d8a277636bc7e72041ea 5.2/alpha/xpdf-0.91-1.5x.alpha.rpm da4bfce20f17967f03697f7a141a7883 5.2/i386/xpdf-0.91-1.5x.i386.rpm 1707cdcbe06867e9d927c7c150b856e6 5.2/sparc/xpdf-0.91-1.5x.sparc.rpm 54136dd475eeea9f24bf0f7a1eb2d5d9 6.2/SRPMS/xpdf-0.91-1.6x.src.rpm db42b309ce51cf80661b1ea43141328b 6.2/alpha/xpdf-0.91-1.6x.alpha.rpm 7a00ef826fa8f5fa37246a78f4ddcc4a 6.2/i386/xpdf-0.91-1.6x.i386.rpm 8f442274085c2bb45c72f2920d4027d3 6.2/sparc/xpdf-0.91-1.6x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:


You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

Topics%20covered

Topics Covered

security advisory Red Hat critical bug fix xpdf temporary file issue malicious URL

References

Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:060-03
Issue date: 2000-09-13
Updated on: 2000-09-13
Product: Red Hat Linux
Keywords: security problem in temporary file and malicious URL.
Cross references: N/A

Topic

Topics%20covered

Topics Covered

security advisory Red Hat critical bug fix xpdf temporary file issue malicious URL

Relevant Releases Architectures

Red Hat Linux 5.2 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here