Red Hat Product Errata RHSA-2005:066 - Security Advisory

Issued:: 2005-02-15
Updated:: 2005-02-15

RHSA-2005:066 - Security Advisory

Overview
Updated Packages

Synopsis

kdegraphics security update

Type/Severity

Security Advisory: Important

Topic

Updated kdegraphics packages that resolve security issues in kpdf are now
available.

This update has been rated as having important security impact by the Red Hat
Security Response Team.

Description

The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a pdf file viewer.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that
also affects kpdf due to a shared codebase. An attacker could construct a
carefully crafted PDF file that could cause kpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to
this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of
Xpdf which also affects kpdf due to a shared codebase. An attacker could
construct a carefully crafted PDF file that could cause kpdf to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to
this issue.

During a source code audit, Chris Evans and others discovered a number of
integer overflow bugs that affected all versions of Xpdf which also affects
kpdf due to a shared codebase. An attacker could construct a carefully
crafted PDF file that could cause kpdf to crash or possibly execute
arbitrary code when opened. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue.

Users should update to these erratum packages which contain backported
patches to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 144231 - CAN-2004-1125 kpdf buffer overflows (CAN-2005-0064)
BZ - 147517 - CAN-2004-0888 xpdf integer overflows

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
kdegraphics-3.3.1-3.3.src.rpm	SHA-256: b29767c060daf7a6d1c695345016c9413eec8b41c99ea50d4c6891398a2362ee
x86_64
kdegraphics-3.3.1-3.3.x86_64.rpm	SHA-256: 0b4804c536d1cfa6569853b4886e3ffc525a0d731b5f4696468ceca0006dac11
kdegraphics-3.3.1-3.3.x86_64.rpm	SHA-256: 0b4804c536d1cfa6569853b4886e3ffc525a0d731b5f4696468ceca0006dac11
kdegraphics-devel-3.3.1-3.3.x86_64.rpm	SHA-256: 5f97b8321c830b36f4df2de24e9e76fc073ccb859872fb8191e6bf58170bfbc0
kdegraphics-devel-3.3.1-3.3.x86_64.rpm	SHA-256: 5f97b8321c830b36f4df2de24e9e76fc073ccb859872fb8191e6bf58170bfbc0
ia64
kdegraphics-3.3.1-3.3.ia64.rpm	SHA-256: 22b2800fa1cef62fddaad97447468230d0109c2bc520884bd855765ae4130673
kdegraphics-3.3.1-3.3.ia64.rpm	SHA-256: 22b2800fa1cef62fddaad97447468230d0109c2bc520884bd855765ae4130673
kdegraphics-devel-3.3.1-3.3.ia64.rpm	SHA-256: 7c229661f0ea2d131dd2d9c2fda7fe1dfe29283c60cf8284c7208fc4bafefe2b
kdegraphics-devel-3.3.1-3.3.ia64.rpm	SHA-256: 7c229661f0ea2d131dd2d9c2fda7fe1dfe29283c60cf8284c7208fc4bafefe2b
i386
kdegraphics-3.3.1-3.3.i386.rpm	SHA-256: 455bd70f764e2968f100d0f11e35106a7089ff82437fce1aa29668606080c268
kdegraphics-3.3.1-3.3.i386.rpm	SHA-256: 455bd70f764e2968f100d0f11e35106a7089ff82437fce1aa29668606080c268
kdegraphics-devel-3.3.1-3.3.i386.rpm	SHA-256: c361d332dc776e867b9d7c3d55712e1312478f4e725f7b4c9046e1acd00199f9
kdegraphics-devel-3.3.1-3.3.i386.rpm	SHA-256: c361d332dc776e867b9d7c3d55712e1312478f4e725f7b4c9046e1acd00199f9

Red Hat Enterprise Linux Workstation 4

SRPM
kdegraphics-3.3.1-3.3.src.rpm	SHA-256: b29767c060daf7a6d1c695345016c9413eec8b41c99ea50d4c6891398a2362ee
x86_64
kdegraphics-3.3.1-3.3.x86_64.rpm	SHA-256: 0b4804c536d1cfa6569853b4886e3ffc525a0d731b5f4696468ceca0006dac11
kdegraphics-devel-3.3.1-3.3.x86_64.rpm	SHA-256: 5f97b8321c830b36f4df2de24e9e76fc073ccb859872fb8191e6bf58170bfbc0
ia64
kdegraphics-3.3.1-3.3.ia64.rpm	SHA-256: 22b2800fa1cef62fddaad97447468230d0109c2bc520884bd855765ae4130673
kdegraphics-devel-3.3.1-3.3.ia64.rpm	SHA-256: 7c229661f0ea2d131dd2d9c2fda7fe1dfe29283c60cf8284c7208fc4bafefe2b
i386
kdegraphics-3.3.1-3.3.i386.rpm	SHA-256: 455bd70f764e2968f100d0f11e35106a7089ff82437fce1aa29668606080c268
kdegraphics-devel-3.3.1-3.3.i386.rpm	SHA-256: c361d332dc776e867b9d7c3d55712e1312478f4e725f7b4c9046e1acd00199f9

Red Hat Enterprise Linux Desktop 4

SRPM
kdegraphics-3.3.1-3.3.src.rpm	SHA-256: b29767c060daf7a6d1c695345016c9413eec8b41c99ea50d4c6891398a2362ee
x86_64
kdegraphics-3.3.1-3.3.x86_64.rpm	SHA-256: 0b4804c536d1cfa6569853b4886e3ffc525a0d731b5f4696468ceca0006dac11
kdegraphics-devel-3.3.1-3.3.x86_64.rpm	SHA-256: 5f97b8321c830b36f4df2de24e9e76fc073ccb859872fb8191e6bf58170bfbc0
i386
kdegraphics-3.3.1-3.3.i386.rpm	SHA-256: 455bd70f764e2968f100d0f11e35106a7089ff82437fce1aa29668606080c268
kdegraphics-devel-3.3.1-3.3.i386.rpm	SHA-256: c361d332dc776e867b9d7c3d55712e1312478f4e725f7b4c9046e1acd00199f9

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kdegraphics-3.3.1-3.3.src.rpm	SHA-256: b29767c060daf7a6d1c695345016c9413eec8b41c99ea50d4c6891398a2362ee
s390x
kdegraphics-3.3.1-3.3.s390x.rpm	SHA-256: a0bcea9482d16d987088a95d7eea70ec91bd5359ca2982fb2d1d52878fde779d
kdegraphics-devel-3.3.1-3.3.s390x.rpm	SHA-256: 1e7713a35a8965ae057a9c79315cf239d35e1366bb3f303df125b05105ce0ea2
s390
kdegraphics-3.3.1-3.3.s390.rpm	SHA-256: 096c65a565d1767db3773f8783ae6ba2c27f4aec7d61739c1e2e0c414373006a
kdegraphics-devel-3.3.1-3.3.s390.rpm	SHA-256: 62dd37801566e074ddf8862c5bb6f94c5646872d808e4f1f80e92ff544258e32

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kdegraphics-3.3.1-3.3.src.rpm	SHA-256: b29767c060daf7a6d1c695345016c9413eec8b41c99ea50d4c6891398a2362ee
ppc
kdegraphics-3.3.1-3.3.ppc.rpm	SHA-256: a63b6c0a8fc2c605c9c4b44593ef9ffe04f142a115a35e6e41e3ba9eaad4181f
kdegraphics-devel-3.3.1-3.3.ppc.rpm	SHA-256: 8bf95457d9ddc13b125bce705ce7aa3b37dc0aef6c4430a1a15110e317488c07

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories