-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:159 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gpdf Date : August 13, 2007 Affected: Corporate 3.0 _______________________________________________________________________ Problem Description: Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause gpdf to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 _______________________________________________________________________ Updated Packages: Corporate 3.0: 4cd42c64b35c4eccdcb85de2a0889876 corporate/3.0/i586/gpdf-0.112-2.8.C30mdk.i586.rpm 5eaf44a638c77c2b6b9f99c81a8bd00a corporate/3.0/SRPMS/gpdf-0.112-2.8.C30mdk.src.rpm Corporate 3.0/X86_64: a994aae5759655c0b8dffa064c5f83a8 corporate/3.0/x86_64/gpdf-0.112-2.8.C30mdk.x86_64.rpm 5eaf44a638c77c2b6b9f99c81a8bd00a corporate/3.0/SRPMS/gpdf-0.112-2.8.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGwM1tmqjQ0CJFipgRAolJAKC/iV/5iLoYDqPdKiC0GLwIimv12gCeKNeQ eWAqWhjy8op4OcX/HcXsVLc= =D53g -----END PGP SIGNATURE-----