Date: 30 Dec 2004 04:02:48 -0000
From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2004:162 - Updated gpdf packages fix buffer overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gpdf
Advisory ID: MDKSA-2004:162
Date: December 29th, 2004
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
iDefense reported a buffer overflow vulnerability, which affects
versions of xpdf <= xpdf-3.0 and several programs, like gpdf,
which use embedded xpdf code. An attacker could construct a malicious
payload file which could enable arbitrary code execution on the target
system.
The updated packages are patched to protect against these
vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
1b412a5a12c8031e438c1084d2133348 10.0/RPMS/gpdf-0.112-2.4.100mdk.i586.rpm
231816d7ff5d56a10c6448097839611f 10.0/SRPMS/gpdf-0.112-2.4.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
c7d8c55b31e96c2886146eaea32df9d9 amd64/10.0/RPMS/gpdf-0.112-2.4.100mdk.amd64.rpm
231816d7ff5d56a10c6448097839611f amd64/10.0/SRPMS/gpdf-0.112-2.4.100mdk.src.rpm
Mandrakelinux 10.1:
27c2a3ae817eaf4c2485e820ae059509 10.1/RPMS/gpdf-0.132-3.3.101mdk.i586.rpm
6003054196b1d70a1faf79f54d4847ea 10.1/SRPMS/gpdf-0.132-3.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
9a5b967e7b56e53d6724ada36b9cc530 x86_64/10.1/RPMS/gpdf-0.132-3.3.101mdk.x86_64.rpm
6003054196b1d70a1faf79f54d4847ea x86_64/10.1/SRPMS/gpdf-0.132-3.3.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFB033omqjQ0CJFipgRAqoaAKDe4WQJt3V7Qcp+HcpNryw3BXC0XQCfatIQ
KR3H7he4xNL0brQQYR5Mxws=
=N4TS
-----END PGP SIGNATURE-----