-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:158 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xpdf Date : August 13, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause xpdf to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 269758a101a0b173a5cf5d77969b84e4 2007.0/i586/xpdf-3.01pl2-3.2mdv2007.0.i586.rpm f716a25908b7c51f83fc6ed2e6c430e5 2007.0/i586/xpdf-tools-3.01pl2-3.2mdv2007.0.i586.rpm a7ec337f6981c4e7f7397cff5172d6f7 2007.0/SRPMS/xpdf-3.01pl2-3.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: b79a710e2f13d81dc23be17ea24373d7 2007.0/x86_64/xpdf-3.01pl2-3.2mdv2007.0.x86_64.rpm 3b0bf52479044b0f90bef43c9a47d916 2007.0/x86_64/xpdf-tools-3.01pl2-3.2mdv2007.0.x86_64.rpm a7ec337f6981c4e7f7397cff5172d6f7 2007.0/SRPMS/xpdf-3.01pl2-3.2mdv2007.0.src.rpm Mandriva Linux 2007.1: e6d43c42af665f665a053e879382d487 2007.1/i586/xpdf-3.02-1.2mdv2007.1.i586.rpm 801976970dbb5dc4bbe5383e285a5a47 2007.1/i586/xpdf-tools-3.02-1.2mdv2007.1.i586.rpm 1ffa2c61b74cff6dc6d63d1b639e3a7d 2007.1/SRPMS/xpdf-3.02-1.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: b7232e0c216fab5c3cf0d79e6fe8556f 2007.1/x86_64/xpdf-3.02-1.2mdv2007.1.x86_64.rpm ccb70220cf4155dbe199e7740c1a706a 2007.1/x86_64/xpdf-tools-3.02-1.2mdv2007.1.x86_64.rpm 1ffa2c61b74cff6dc6d63d1b639e3a7d 2007.1/SRPMS/xpdf-3.02-1.2mdv2007.1.src.rpm Corporate 3.0: fd898bc3b8e3ad116afdbe2830151e78 corporate/3.0/i586/xpdf-3.00-5.10.C30mdk.i586.rpm 19c11694c9485188559e4d53780e89bf corporate/3.0/SRPMS/xpdf-3.00-5.10.C30mdk.src.rpm Corporate 3.0/X86_64: 4836903f1fcc94dc36b726d54e81a5df corporate/3.0/x86_64/xpdf-3.00-5.10.C30mdk.x86_64.rpm 19c11694c9485188559e4d53780e89bf corporate/3.0/SRPMS/xpdf-3.00-5.10.C30mdk.src.rpm Corporate 4.0: 2cfc84f609c24cbca54f5d7209c0afb1 corporate/4.0/i586/xpdf-3.01-1.4.20060mlcs4.i586.rpm 95fd53a24bf1c773dc3925a68b51e01b corporate/4.0/SRPMS/xpdf-3.01-1.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: b88cfde5131adf97fc654b8772fb638b corporate/4.0/x86_64/xpdf-3.01-1.4.20060mlcs4.x86_64.rpm 95fd53a24bf1c773dc3925a68b51e01b corporate/4.0/SRPMS/xpdf-3.01-1.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGwM0emqjQ0CJFipgRAu3vAKDmsiefFpqDx6azTsk+bf6bjpIEEQCeIaMz WGhfTpiOik4jsvYLU0N5Xxo= =yMmF -----END PGP SIGNATURE-----