Issued:
2005-08-09
Updated:
2005-08-09

RHSA-2005:671 - Security Advisory

Synopsis

kdegraphics security update

Type/Severity

Security Advisory: Moderate

Topic

Updated kdegraphics packages that resolve a security issue in kpdf are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a pdf file viewer.

A flaw was discovered in kpdf. An attacker could construct a carefully
crafted PDF file that would cause kpdf to consume all available disk space
in /tmp when opened. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-2097 to this issue.

Note this issue does not affect Red Hat Enterprise Linux 3 or 2.1.

Users of kpdf should upgrade to these updated packages, which contains a
backported patch to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

CVEs

References

(none)

Red Hat Enterprise Linux Server 4

SRPM
kdegraphics-3.3.1-3.4.src.rpm SHA-256: f03bbf608b45028f94aacf2ad43e676332dd31c01907d900449ff6f3fb3f5803
x86_64
kdegraphics-3.3.1-3.4.x86_64.rpm SHA-256: d1d89335194a8b659bdc3d7b0fa2a986d0f2228b7353a5e58fbcfe87eb17da40
kdegraphics-3.3.1-3.4.x86_64.rpm SHA-256: d1d89335194a8b659bdc3d7b0fa2a986d0f2228b7353a5e58fbcfe87eb17da40
kdegraphics-devel-3.3.1-3.4.x86_64.rpm SHA-256: 5f4892e536f5429f068bfd2585b70c813c8d737bbda2f58433a702958be25fac
kdegraphics-devel-3.3.1-3.4.x86_64.rpm SHA-256: 5f4892e536f5429f068bfd2585b70c813c8d737bbda2f58433a702958be25fac
ia64
kdegraphics-3.3.1-3.4.ia64.rpm SHA-256: a5f3ce01a3c9dd58ee821ef572bd9e8bc5a73c6f36cc9fd43e49290156226090
kdegraphics-3.3.1-3.4.ia64.rpm SHA-256: a5f3ce01a3c9dd58ee821ef572bd9e8bc5a73c6f36cc9fd43e49290156226090
kdegraphics-devel-3.3.1-3.4.ia64.rpm SHA-256: 60ef9528ab5a5ed2d0e8fc4645616c36076d59c2a15e3f2900fcab20f649cd6f
kdegraphics-devel-3.3.1-3.4.ia64.rpm SHA-256: 60ef9528ab5a5ed2d0e8fc4645616c36076d59c2a15e3f2900fcab20f649cd6f
i386
kdegraphics-3.3.1-3.4.i386.rpm SHA-256: b63e7aaaef9cf83b9ced88cfcdbd4c53dc56d8964cfb602aa7b522fe2f492ef4
kdegraphics-3.3.1-3.4.i386.rpm SHA-256: b63e7aaaef9cf83b9ced88cfcdbd4c53dc56d8964cfb602aa7b522fe2f492ef4
kdegraphics-devel-3.3.1-3.4.i386.rpm SHA-256: a7133e9044dc58c98a25854b7e533e5037d94fb225d7d6e5a3769de04536c57f
kdegraphics-devel-3.3.1-3.4.i386.rpm SHA-256: a7133e9044dc58c98a25854b7e533e5037d94fb225d7d6e5a3769de04536c57f

Red Hat Enterprise Linux Workstation 4

SRPM
kdegraphics-3.3.1-3.4.src.rpm SHA-256: f03bbf608b45028f94aacf2ad43e676332dd31c01907d900449ff6f3fb3f5803
x86_64
kdegraphics-3.3.1-3.4.x86_64.rpm SHA-256: d1d89335194a8b659bdc3d7b0fa2a986d0f2228b7353a5e58fbcfe87eb17da40
kdegraphics-devel-3.3.1-3.4.x86_64.rpm SHA-256: 5f4892e536f5429f068bfd2585b70c813c8d737bbda2f58433a702958be25fac
ia64
kdegraphics-3.3.1-3.4.ia64.rpm SHA-256: a5f3ce01a3c9dd58ee821ef572bd9e8bc5a73c6f36cc9fd43e49290156226090
kdegraphics-devel-3.3.1-3.4.ia64.rpm SHA-256: 60ef9528ab5a5ed2d0e8fc4645616c36076d59c2a15e3f2900fcab20f649cd6f
i386
kdegraphics-3.3.1-3.4.i386.rpm SHA-256: b63e7aaaef9cf83b9ced88cfcdbd4c53dc56d8964cfb602aa7b522fe2f492ef4
kdegraphics-devel-3.3.1-3.4.i386.rpm SHA-256: a7133e9044dc58c98a25854b7e533e5037d94fb225d7d6e5a3769de04536c57f

Red Hat Enterprise Linux Desktop 4

SRPM
kdegraphics-3.3.1-3.4.src.rpm SHA-256: f03bbf608b45028f94aacf2ad43e676332dd31c01907d900449ff6f3fb3f5803
x86_64
kdegraphics-3.3.1-3.4.x86_64.rpm SHA-256: d1d89335194a8b659bdc3d7b0fa2a986d0f2228b7353a5e58fbcfe87eb17da40
kdegraphics-devel-3.3.1-3.4.x86_64.rpm SHA-256: 5f4892e536f5429f068bfd2585b70c813c8d737bbda2f58433a702958be25fac
i386
kdegraphics-3.3.1-3.4.i386.rpm SHA-256: b63e7aaaef9cf83b9ced88cfcdbd4c53dc56d8964cfb602aa7b522fe2f492ef4
kdegraphics-devel-3.3.1-3.4.i386.rpm SHA-256: a7133e9044dc58c98a25854b7e533e5037d94fb225d7d6e5a3769de04536c57f

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kdegraphics-3.3.1-3.4.src.rpm SHA-256: f03bbf608b45028f94aacf2ad43e676332dd31c01907d900449ff6f3fb3f5803
s390x
kdegraphics-3.3.1-3.4.s390x.rpm SHA-256: b5d5b2edb244cbf1a9661de872618c7d7505ee9a598e6b105b0939e620f966e5
kdegraphics-devel-3.3.1-3.4.s390x.rpm SHA-256: d8c895ef61dac7c284a6f919f9248bbe1f9136c6c9f3cee20baa3b255f08c5a6
s390
kdegraphics-3.3.1-3.4.s390.rpm SHA-256: 6749722ff69c84fc99f746f89ee47e859d64132dccae657f17a3242230bc49f4
kdegraphics-devel-3.3.1-3.4.s390.rpm SHA-256: f95a3e9f4db14126830ab2c263964229bb48bcccecbc94e19b603e1bf15f143d

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kdegraphics-3.3.1-3.4.src.rpm SHA-256: f03bbf608b45028f94aacf2ad43e676332dd31c01907d900449ff6f3fb3f5803
ppc
kdegraphics-3.3.1-3.4.ppc.rpm SHA-256: bc9d2406a117ef1707c8bd990686a23a139d50c49de5e7525ef644fd881ef43a
kdegraphics-devel-3.3.1-3.4.ppc.rpm SHA-256: 7d0a8add443f9e9afaef2c6d3b120468079e280a15e969c7563d48e7eb3f9178

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.