Explore top 10 tips to secure your open-source projects now. Read More
×
Important: gpdf security update. Date: Thu, 7 Oct 2010 15:37:50 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: gpdf on SL4.x i386/x86_64 Comments: To: "
An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2010:0752-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0752.html Issue date: 2010-10-07 CVE Names: CVE-2010-3702 CVE-2010-3704 ==================================================================== 1. Summary: An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, whichcontains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.7.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.7.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.7.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signatureare available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3702 https://access.redhat.com/security/cve/CVE-2010-3704 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMre79XlSAg2UNWIIRArGmAJ0QrURm6TD2+aziUDDX3NExJPKSPACfY4NQ AcyqjJqWLSIzdunOYKIkbaI=3R27 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2010:0752-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0752.html Issue date: 2010-10-07 CVE Names: CVE-2010-3702 CVE-2010-3704 ==================================================================== 1. Summary: An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure allpreviously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.7.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.7.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.7.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2010-3702 https://access.redhat.com/security/cve/CVE-2010-3704 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. . An essential security advisory was issued by Red Hat concerning gpdf for RHEL 4, targeting several vulnerabilities. Users are urged to implement the update promptly.. gpdf Update, Red Hat Advisory, Important Fix. . Severity: Important. LinuxSecurity.com Team
Important: gpdf security update. Date: Wed, 16 Dec 2009 13:26:36 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: gpdf on SL4.x i386/x86_64 Comments: To: "
An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2009:1681-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1681.html Issue date: 2009-12-16 CVE Names: CVE-2009-4035 ==================================================================== 1. Summary: An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in GPdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause GPdf to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 541614 - CVE-2009-4035 xpdf: buffer overflow in FoFiType1::parse 6. PackageList: Red Hat Enterprise Linux AS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.6.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.6.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.6.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-4035 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFLKL1cXlSAg2UNWIIRApANAJ411H/LXKL/TTaoGQv2EzoU7rS/EQCgoDHj 7dNHUtI2KUlKcN9TG/Hbi5E=9A3E -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2009:1681-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1681.html Issue date: 2009-12-16 CVE Names: CVE-2009-4035 ==================================================================== 1. Summary: An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in GPdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause GPdf to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 541614 - CVE-2009-4035 xpdf: buffer overflow in FoFiType1::parse 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.6.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.6.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.6.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-4035 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. . Advisory updates gpdf package, addressing a critical buffer overflow flaw for improved security.. gpdf Security Update, Red Hat Advisory, Buffer Overflow Fix, Enterprise Linux. . Severity:Important. LinuxSecurity.com Team
Important: gpdf security update. Date: Thu, 15 Oct 2009 13:21:55 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: gpdf on SL4.x i386/x86_64 Comments: To: "
An updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2009:1503-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1503.html Issue date: 2009-10-15 CVE Names: CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3608 CVE-2009-3609 ==================================================================== 1. Summary: An updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update isavailable via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 491840 - CVE-2009-0791 xpdf: multiple integer overflows 495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.5.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.5.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.5.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.5.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.5.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.5.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm These packages are GPG signed by RedHat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-0791 https://www.cve.org/CVERecord?id=CVE-2009-1188 https://www.cve.org/CVERecord?id=CVE-2009-3604 https://www.cve.org/CVERecord?id=CVE-2009-3608 https://www.cve.org/CVERecord?id=CVE-2009-3609 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1uuXXlSAg2UNWIIRAiN0AKCS0GSuLf5yun7Ax+EtzSFUwRrr/QCgt1oZ XjZ9IY9oYVvXePMoZhmwGdc=qSsv -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Get the latest Linux and open source security news straight to your inbox.