SciLinux: CVE-2009-4035 Important: kdegraphics SL4.x i386/x86_64
Summary
Date: Wed, 16 Dec 2009 13:27:34 -0600Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: kdegraphics on SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Important: kdegraphics security updateIssue date: 2009-12-16CVE Names: CVE-2009-4035Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in KPDF's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause KPDF to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035)SL 4.x SRPMS:kdegraphics-3.3.1-17.el4_8.1.src.rpm i386:kdegraphics-3.3.1-17.el4_8.1.i386.rpmkdegraphics-devel-3.3.1-17.el4_8.1.i386.rpm x86_64:kdegraphics-3.3.1-17.el4_8.1.x86_64.rpmkdegraphics-devel-3.3.1-17.el4_8.1.x86_64.rpm-Connie Sieh-Troy Dawson