Red Hat Product Errata RHSA-2007:0730 - Security Advisory
Issued:
2007-07-30
Updated:
2007-07-30

RHSA-2007:0730 - Security Advisory

Synopsis

Important: gpdf security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated kdegraphics packages that fix a security issue in PDF handling are
now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

gpdf is a GNOME based viewer for Portable Document Format (PDF) files.

Maurycy Prodeus discovered an integer overflow flaw in the processing
of PDF files. An attacker could create a malicious PDF file that would
cause gpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)

All users of gpdf should upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

Red Hat Enterprise Linux Server 4

SRPM
gpdf-2.8.2-7.7.src.rpm SHA-256: 0c5054a571aa0480eba74bc734d70b6f3f6708ddb36badd9b61bb7cabae39c39
x86_64
gpdf-2.8.2-7.7.x86_64.rpm SHA-256: 7eb655355a69146199f90246abe150273d351c80504dedb20e25b4411142fc77
gpdf-2.8.2-7.7.x86_64.rpm SHA-256: 7eb655355a69146199f90246abe150273d351c80504dedb20e25b4411142fc77
ia64
gpdf-2.8.2-7.7.ia64.rpm SHA-256: 07bbca1c6c535ee1ffb5fde21745ae3d05f2c3d64e5af4d04c004adf26f26f4e
gpdf-2.8.2-7.7.ia64.rpm SHA-256: 07bbca1c6c535ee1ffb5fde21745ae3d05f2c3d64e5af4d04c004adf26f26f4e
i386
gpdf-2.8.2-7.7.i386.rpm SHA-256: 6189f3ecd66897fe0bdcd01282c41f6293a2567be8ac0a17829cc241e5c8b852
gpdf-2.8.2-7.7.i386.rpm SHA-256: 6189f3ecd66897fe0bdcd01282c41f6293a2567be8ac0a17829cc241e5c8b852

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
gpdf-2.8.2-7.7.src.rpm SHA-256: 0c5054a571aa0480eba74bc734d70b6f3f6708ddb36badd9b61bb7cabae39c39
x86_64
gpdf-2.8.2-7.7.x86_64.rpm SHA-256: 7eb655355a69146199f90246abe150273d351c80504dedb20e25b4411142fc77
gpdf-2.8.2-7.7.x86_64.rpm SHA-256: 7eb655355a69146199f90246abe150273d351c80504dedb20e25b4411142fc77
ia64
gpdf-2.8.2-7.7.ia64.rpm SHA-256: 07bbca1c6c535ee1ffb5fde21745ae3d05f2c3d64e5af4d04c004adf26f26f4e
gpdf-2.8.2-7.7.ia64.rpm SHA-256: 07bbca1c6c535ee1ffb5fde21745ae3d05f2c3d64e5af4d04c004adf26f26f4e
i386
gpdf-2.8.2-7.7.i386.rpm SHA-256: 6189f3ecd66897fe0bdcd01282c41f6293a2567be8ac0a17829cc241e5c8b852
gpdf-2.8.2-7.7.i386.rpm SHA-256: 6189f3ecd66897fe0bdcd01282c41f6293a2567be8ac0a17829cc241e5c8b852

Red Hat Enterprise Linux Workstation 4

SRPM
gpdf-2.8.2-7.7.src.rpm SHA-256: 0c5054a571aa0480eba74bc734d70b6f3f6708ddb36badd9b61bb7cabae39c39
x86_64
gpdf-2.8.2-7.7.x86_64.rpm SHA-256: 7eb655355a69146199f90246abe150273d351c80504dedb20e25b4411142fc77
ia64
gpdf-2.8.2-7.7.ia64.rpm SHA-256: 07bbca1c6c535ee1ffb5fde21745ae3d05f2c3d64e5af4d04c004adf26f26f4e
i386
gpdf-2.8.2-7.7.i386.rpm SHA-256: 6189f3ecd66897fe0bdcd01282c41f6293a2567be8ac0a17829cc241e5c8b852

Red Hat Enterprise Linux Desktop 4

SRPM
gpdf-2.8.2-7.7.src.rpm SHA-256: 0c5054a571aa0480eba74bc734d70b6f3f6708ddb36badd9b61bb7cabae39c39
x86_64
gpdf-2.8.2-7.7.x86_64.rpm SHA-256: 7eb655355a69146199f90246abe150273d351c80504dedb20e25b4411142fc77
i386
gpdf-2.8.2-7.7.i386.rpm SHA-256: 6189f3ecd66897fe0bdcd01282c41f6293a2567be8ac0a17829cc241e5c8b852

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
gpdf-2.8.2-7.7.src.rpm SHA-256: 0c5054a571aa0480eba74bc734d70b6f3f6708ddb36badd9b61bb7cabae39c39
s390x
gpdf-2.8.2-7.7.s390x.rpm SHA-256: e998ca58a12ccf31ccb9d2534cbde7a402803ba6d3188cd2c3d216adf9cb3ba3
s390
gpdf-2.8.2-7.7.s390.rpm SHA-256: 207d8eaf2874c3650e23127ec6e72baedeb115fb5db6fb29c7e15aa8595c95a7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
gpdf-2.8.2-7.7.src.rpm SHA-256: 0c5054a571aa0480eba74bc734d70b6f3f6708ddb36badd9b61bb7cabae39c39
s390x
gpdf-2.8.2-7.7.s390x.rpm SHA-256: e998ca58a12ccf31ccb9d2534cbde7a402803ba6d3188cd2c3d216adf9cb3ba3
s390
gpdf-2.8.2-7.7.s390.rpm SHA-256: 207d8eaf2874c3650e23127ec6e72baedeb115fb5db6fb29c7e15aa8595c95a7

Red Hat Enterprise Linux for Power, big endian 4

SRPM
gpdf-2.8.2-7.7.src.rpm SHA-256: 0c5054a571aa0480eba74bc734d70b6f3f6708ddb36badd9b61bb7cabae39c39
ppc
gpdf-2.8.2-7.7.ppc.rpm SHA-256: 625c81f98d9c290e1053fbdce2416ef8886c8d40b36edfec7a2d213ec711750b

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
gpdf-2.8.2-7.7.src.rpm SHA-256: 0c5054a571aa0480eba74bc734d70b6f3f6708ddb36badd9b61bb7cabae39c39
ppc
gpdf-2.8.2-7.7.ppc.rpm SHA-256: 625c81f98d9c290e1053fbdce2416ef8886c8d40b36edfec7a2d213ec711750b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.