Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 35 articles for you...
200

Scientific Linux: Important Gpdf Update Addressing Malicious PDF Threats

Important: gpdf security update. Date: Thu, 7 Oct 2010 15:37:50 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: gpdf on SL4.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Important: gpdf security update Issue date: 2010-10-07 CVE Names: CVE-2010-3702 CVE-2010-3704 An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) SL 4.x SRPMS: gpdf-2.8.2-7.7.2.el4_8.7.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm -Connie Sieh -Troy Dawson . Crucial gpdf security patch for Scientific Linux addresses vulnerabilities that could lead to system failures and unauthorized code execution via harmful PDF files.. gpdf security update, Scientific Linux, PDF exploit, important patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 07, 2010 Important Scientific Linux
98

Red Hat 4: RHSA-2010:0752-01 Important: gpdf Denial of Service Threat

An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2010:0752-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0752.html Issue date: 2010-10-07 CVE Names: CVE-2010-3702 CVE-2010-3704 ==================================================================== 1. Summary: An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, whichcontains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.7.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.7.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.7.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signatureare available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3702 https://access.redhat.com/security/cve/CVE-2010-3704 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMre79XlSAg2UNWIIRArGmAJ0QrURm6TD2+aziUDDX3NExJPKSPACfY4NQ AcyqjJqWLSIzdunOYKIkbaI=3R27 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Essential security patch for CentOS 7 responds to significant vulnerabilities, providing necessary updates to safeguard systems.. Red Hat Enterprise, gpdf security, Linux updates, system vulnerabilities, security patches. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 07, 2010 Important Red Hat
98

Red Hat Enterprise Linux 4: RHSA-2010:0752-01 critical: gpdf exec risk

An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2010:0752-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0752.html Issue date: 2010-10-07 CVE Names: CVE-2010-3702 CVE-2010-3704 ==================================================================== 1. Summary: An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure allpreviously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.7.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.7.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.7.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2010-3702 https://access.redhat.com/security/cve/CVE-2010-3704 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. . An essential security advisory was issued by Red Hat concerning gpdf for RHEL 4, targeting several vulnerabilities. Users are urged to implement the update promptly.. gpdf Update, Red Hat Advisory, Important Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 07, 2010 Important Red Hat
200

Scientific Linux 4.x: Important gpdf Security Update For Buffer Overflow

Important: gpdf security update. Date: Wed, 16 Dec 2009 13:26:36 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: gpdf on SL4.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Important: gpdf security update Issue date: 2009-12-16 CVE Names: CVE-2009-4035 Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in GPdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause GPdf to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) SL 4.x SRPMS: gpdf-2.8.2-7.7.2.el4_8.6.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm -Connie Sieh -Troy Dawson . Crucial gpdf security patch resolves severe buffer overflow vulnerabilities in Scientific Linux.. gpdf Security Update, Scientific Linux Security, Buffer Overflow Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 16, 2009 Important Scientific Linux
98

Red Hat Enterprise Linux 4: RHSA-2009-1681 Important: gpdf Buffer Overflow

An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2009:1681-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1681.html Issue date: 2009-12-16 CVE Names: CVE-2009-4035 ==================================================================== 1. Summary: An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in GPdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause GPdf to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 541614 - CVE-2009-4035 xpdf: buffer overflow in FoFiType1::parse 6. PackageList: Red Hat Enterprise Linux AS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.6.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.6.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.6.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-4035 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFLKL1cXlSAg2UNWIIRApANAJ411H/LXKL/TTaoGQv2EzoU7rS/EQCgoDHj 7dNHUtI2KUlKcN9TG/Hbi5E=9A3E -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A significant patch for the gpdf tool tackles a severe memory corruption flaw on CentOS operating system.. Red Hat Enterprise Linux, gpdf, buffer overflow, security update, software patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 16, 2009 Important Red Hat
98

Red Hat Enterprise Linux 4 RHSA-2009:1681-01 Critical: gpdf Buffer Overflow

An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2009:1681-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1681.html Issue date: 2009-12-16 CVE Names: CVE-2009-4035 ==================================================================== 1. Summary: An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in GPdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause GPdf to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 541614 - CVE-2009-4035 xpdf: buffer overflow in FoFiType1::parse 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.6.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.6.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.6.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-4035 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. . Advisory updates gpdf package, addressing a critical buffer overflow flaw for improved security.. gpdf Security Update, Red Hat Advisory, Buffer Overflow Fix, Enterprise Linux. . Severity:Important. LinuxSecurity.com Team

Calendar%202 Dec 16, 2009 Important Red Hat
200

Scientific Linux: Important GPDF Security Update SL4.x CVE-2009-0791

Important: gpdf security update. Date: Thu, 15 Oct 2009 13:21:55 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: gpdf on SL4.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Important: gpdf security update Issue date: 2009-10-15 CVE Names: CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3608 CVE-2009-3609 CVE-2009-0791 xpdf: multiple integer overflows CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) SL 4.x SRPMS: gpdf-2.8.2-7.7.2.el4_8.5.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm -Connie Sieh -Troy Dawson . Mitigating integer overflow vulnerabilities in gpdf on Scientific Linux through essential security patches.. gpdf update, scientific linux security, integer overflow fix, security update, code execution threat. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 15, 2009 Important Scientific Linux
98

Red Hat Enterprise Linux 4 RHSA-2009:1503-01 Important: gpdf Update

An updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2009:1503-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1503.html Issue date: 2009-10-15 CVE Names: CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3608 CVE-2009-3609 ==================================================================== 1. Summary: An updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update isavailable via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 491840 - CVE-2009-0791 xpdf: multiple integer overflows 495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.5.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.5.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.5.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.5.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.5.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.5.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm These packages are GPG signed by RedHat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-0791 https://www.cve.org/CVERecord?id=CVE-2009-1188 https://www.cve.org/CVERecord?id=CVE-2009-3604 https://www.cve.org/CVERecord?id=CVE-2009-3608 https://www.cve.org/CVERecord?id=CVE-2009-3609 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1uuXXlSAg2UNWIIRAiN0AKCS0GSuLf5yun7Ax+EtzSFUwRrr/QCgt1oZ XjZ9IY9oYVvXePMoZhmwGdc=qSsv -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Canonical unveils crucial ubuntu patch resolving various vulnerabilities in version 22.04. Guidance for installation offered.. gpdf Security, Red Hat Advisory, Package Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 15, 2009 Important Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200