Red Hat Product Errata RHSA-2006:0262 - Security Advisory

Issued:: 2006-03-09
Updated:: 2006-03-09

RHSA-2006:0262 - Security Advisory

Overview
Updated Packages

Synopsis

kdegraphics security update

Type/Severity

Security Advisory: Important

Topic

Updated kdegraphics packages that fully resolve a security issue in kpdf
are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a PDF file viewer.

Marcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627,
was incomplete. Red Hat issued kdegraphics packages with this incomplete
fix in RHSA-2005:868. An attacker could construct a carefully crafted PDF
file that could cause kpdf to crash or possibly execute arbitrary code when
opened. The Common Vulnerabilities and Exposures project assigned the name
CVE-2006-0746 to this issue.

Users of kpdf should upgrade to these updated packages, which contain a
backported patch to resolve this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 184307 - CVE-2006-0746 kpdf buffer overflow

CVEs

CVE-2006-0746

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
kdegraphics-3.3.1-3.9.src.rpm	SHA-256: 9ec11a2859ecd256ad61cc82908130ce1012a33de34632efdb9626b26b1997a5
x86_64
kdegraphics-3.3.1-3.9.x86_64.rpm	SHA-256: 0f18a9129fbda3d5717d0035458a51414cfd75ceb3a82df4bbb06dab8d81208f
kdegraphics-3.3.1-3.9.x86_64.rpm	SHA-256: 0f18a9129fbda3d5717d0035458a51414cfd75ceb3a82df4bbb06dab8d81208f
kdegraphics-devel-3.3.1-3.9.x86_64.rpm	SHA-256: 815140e3023425a35325efc5003a16b08c706abb10b72a388f703c1ceab8089e
kdegraphics-devel-3.3.1-3.9.x86_64.rpm	SHA-256: 815140e3023425a35325efc5003a16b08c706abb10b72a388f703c1ceab8089e
ia64
kdegraphics-3.3.1-3.9.ia64.rpm	SHA-256: e9ec99f6fa60a4ca6f5fe71d4f6fd5ef776c512fc069787a8bb31e8654ff8173
kdegraphics-3.3.1-3.9.ia64.rpm	SHA-256: e9ec99f6fa60a4ca6f5fe71d4f6fd5ef776c512fc069787a8bb31e8654ff8173
kdegraphics-devel-3.3.1-3.9.ia64.rpm	SHA-256: e15e0d031fd3a0907c1270a8cc9101d7ca1e427f64f319b3deb13a6b47d20fa8
kdegraphics-devel-3.3.1-3.9.ia64.rpm	SHA-256: e15e0d031fd3a0907c1270a8cc9101d7ca1e427f64f319b3deb13a6b47d20fa8
i386
kdegraphics-3.3.1-3.9.i386.rpm	SHA-256: e63f87fd3f949b8372bbdf22a048d8694d6223e4762c8d5a52040a24cd98333e
kdegraphics-3.3.1-3.9.i386.rpm	SHA-256: e63f87fd3f949b8372bbdf22a048d8694d6223e4762c8d5a52040a24cd98333e
kdegraphics-devel-3.3.1-3.9.i386.rpm	SHA-256: ff1f1d08e2bc780fdd774e04f08ab679bca6977533ae9f93cc56a047c82fbfdb
kdegraphics-devel-3.3.1-3.9.i386.rpm	SHA-256: ff1f1d08e2bc780fdd774e04f08ab679bca6977533ae9f93cc56a047c82fbfdb

Red Hat Enterprise Linux Workstation 4

SRPM
kdegraphics-3.3.1-3.9.src.rpm	SHA-256: 9ec11a2859ecd256ad61cc82908130ce1012a33de34632efdb9626b26b1997a5
x86_64
kdegraphics-3.3.1-3.9.x86_64.rpm	SHA-256: 0f18a9129fbda3d5717d0035458a51414cfd75ceb3a82df4bbb06dab8d81208f
kdegraphics-devel-3.3.1-3.9.x86_64.rpm	SHA-256: 815140e3023425a35325efc5003a16b08c706abb10b72a388f703c1ceab8089e
ia64
kdegraphics-3.3.1-3.9.ia64.rpm	SHA-256: e9ec99f6fa60a4ca6f5fe71d4f6fd5ef776c512fc069787a8bb31e8654ff8173
kdegraphics-devel-3.3.1-3.9.ia64.rpm	SHA-256: e15e0d031fd3a0907c1270a8cc9101d7ca1e427f64f319b3deb13a6b47d20fa8
i386
kdegraphics-3.3.1-3.9.i386.rpm	SHA-256: e63f87fd3f949b8372bbdf22a048d8694d6223e4762c8d5a52040a24cd98333e
kdegraphics-devel-3.3.1-3.9.i386.rpm	SHA-256: ff1f1d08e2bc780fdd774e04f08ab679bca6977533ae9f93cc56a047c82fbfdb

Red Hat Enterprise Linux Desktop 4

SRPM
kdegraphics-3.3.1-3.9.src.rpm	SHA-256: 9ec11a2859ecd256ad61cc82908130ce1012a33de34632efdb9626b26b1997a5
x86_64
kdegraphics-3.3.1-3.9.x86_64.rpm	SHA-256: 0f18a9129fbda3d5717d0035458a51414cfd75ceb3a82df4bbb06dab8d81208f
kdegraphics-devel-3.3.1-3.9.x86_64.rpm	SHA-256: 815140e3023425a35325efc5003a16b08c706abb10b72a388f703c1ceab8089e
i386
kdegraphics-3.3.1-3.9.i386.rpm	SHA-256: e63f87fd3f949b8372bbdf22a048d8694d6223e4762c8d5a52040a24cd98333e
kdegraphics-devel-3.3.1-3.9.i386.rpm	SHA-256: ff1f1d08e2bc780fdd774e04f08ab679bca6977533ae9f93cc56a047c82fbfdb

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kdegraphics-3.3.1-3.9.src.rpm	SHA-256: 9ec11a2859ecd256ad61cc82908130ce1012a33de34632efdb9626b26b1997a5
s390x
kdegraphics-3.3.1-3.9.s390x.rpm	SHA-256: 703e3b042df2b626bc8b97cbb56037f5e6730e06ca93100204997a41e8e48268
kdegraphics-devel-3.3.1-3.9.s390x.rpm	SHA-256: 4139a5ae437ee546db502aa497b2df6515b31ea7a42dde50f9160b3631be8b8c
s390
kdegraphics-3.3.1-3.9.s390.rpm	SHA-256: 6f403a309877cdc9691319667d027ddb9e97b195e26f11e88bd1c16ab8fead2c
kdegraphics-devel-3.3.1-3.9.s390.rpm	SHA-256: aaef64e0084c24d1201a4cf807dddcf8f310ef5becaf66079c29e5ffa7e9df4c

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kdegraphics-3.3.1-3.9.src.rpm	SHA-256: 9ec11a2859ecd256ad61cc82908130ce1012a33de34632efdb9626b26b1997a5
ppc
kdegraphics-3.3.1-3.9.ppc.rpm	SHA-256: 815995445f0aa705495f31a8603f2beaece74af8fd543a209854d06f9c7d4517
kdegraphics-devel-3.3.1-3.9.ppc.rpm	SHA-256: ec92c87ab02478edebc132f710352c985cf3c815738e05f878404ccbf699def1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories