Red Hat Product Errata RHSA-2007:1078 - Security Advisory

Issued:: 2007-11-29
Updated:: 2007-11-29

RHSA-2007:1078 - Security Advisory

Overview
Updated Packages

Synopsis

Important: cairo security update

Type/Severity

Security Advisory: Important

Topic

Updated Cairo packages that resolve a security issue are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Cairo is a vector graphics library designed to provide high-quality display
and print output.

An integer overflow flaw was found in the way Cairo processes PNG images.
If an application linked against Cairo processes a malicious PNG image, it
is possible to execute arbitrary code as the user running the application.
(CVE-2007-5503)

Users of Cairo are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.1 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.1 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.1 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 387431 - CVE-2007-5503 cairo integer overflow

CVEs

CVE-2007-5503

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
cairo-1.2.4-3.el5_1.src.rpm	SHA-256: 69761523a12e3d1a209f0de4ad77f8f3e45fc8866bde92390e1c6b2191b02fd7
x86_64
cairo-1.2.4-3.el5_1.i386.rpm	SHA-256: 690d68bf559fe7d15826164168332a8360de17c7d2beffa33d2871c44cccef16
cairo-1.2.4-3.el5_1.x86_64.rpm	SHA-256: 7fed9bc0d9bae4ee3573951fc3a44e6c0d3e161a6e0cd426537f03bbc88c25de
cairo-devel-1.2.4-3.el5_1.i386.rpm	SHA-256: 9d584bb89358087768469c025629830204c09520b75360b5b94aa9120b8eb911
cairo-devel-1.2.4-3.el5_1.x86_64.rpm	SHA-256: 2889cc8597e88ce7446845faf363ddba7b6c10f5cf4a73a2f8ad41e4b65b7755
ia64
cairo-1.2.4-3.el5_1.i386.rpm	SHA-256: 690d68bf559fe7d15826164168332a8360de17c7d2beffa33d2871c44cccef16
cairo-1.2.4-3.el5_1.ia64.rpm	SHA-256: 3a34e3f4bcbf8cc8c5f6ccfb41ee8f55de37d71c2094855a47f045b0142ba82d
cairo-devel-1.2.4-3.el5_1.ia64.rpm	SHA-256: 7b4f8585ed4a9b37662d8fa10cfb0310dacc9488a3624f39c5e554da1d4fc18c
i386
cairo-1.2.4-3.el5_1.i386.rpm	SHA-256: 690d68bf559fe7d15826164168332a8360de17c7d2beffa33d2871c44cccef16
cairo-devel-1.2.4-3.el5_1.i386.rpm	SHA-256: 9d584bb89358087768469c025629830204c09520b75360b5b94aa9120b8eb911

Red Hat Enterprise Linux Workstation 5

SRPM
cairo-1.2.4-3.el5_1.src.rpm	SHA-256: 69761523a12e3d1a209f0de4ad77f8f3e45fc8866bde92390e1c6b2191b02fd7
x86_64
cairo-1.2.4-3.el5_1.i386.rpm	SHA-256: 690d68bf559fe7d15826164168332a8360de17c7d2beffa33d2871c44cccef16
cairo-1.2.4-3.el5_1.x86_64.rpm	SHA-256: 7fed9bc0d9bae4ee3573951fc3a44e6c0d3e161a6e0cd426537f03bbc88c25de
cairo-devel-1.2.4-3.el5_1.i386.rpm	SHA-256: 9d584bb89358087768469c025629830204c09520b75360b5b94aa9120b8eb911
cairo-devel-1.2.4-3.el5_1.x86_64.rpm	SHA-256: 2889cc8597e88ce7446845faf363ddba7b6c10f5cf4a73a2f8ad41e4b65b7755
i386
cairo-1.2.4-3.el5_1.i386.rpm	SHA-256: 690d68bf559fe7d15826164168332a8360de17c7d2beffa33d2871c44cccef16
cairo-devel-1.2.4-3.el5_1.i386.rpm	SHA-256: 9d584bb89358087768469c025629830204c09520b75360b5b94aa9120b8eb911

Red Hat Enterprise Linux Desktop 5

SRPM
cairo-1.2.4-3.el5_1.src.rpm	SHA-256: 69761523a12e3d1a209f0de4ad77f8f3e45fc8866bde92390e1c6b2191b02fd7
x86_64
cairo-1.2.4-3.el5_1.i386.rpm	SHA-256: 690d68bf559fe7d15826164168332a8360de17c7d2beffa33d2871c44cccef16
cairo-1.2.4-3.el5_1.x86_64.rpm	SHA-256: 7fed9bc0d9bae4ee3573951fc3a44e6c0d3e161a6e0cd426537f03bbc88c25de
i386
cairo-1.2.4-3.el5_1.i386.rpm	SHA-256: 690d68bf559fe7d15826164168332a8360de17c7d2beffa33d2871c44cccef16

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
cairo-1.2.4-3.el5_1.src.rpm	SHA-256: 69761523a12e3d1a209f0de4ad77f8f3e45fc8866bde92390e1c6b2191b02fd7
s390x
cairo-1.2.4-3.el5_1.s390.rpm	SHA-256: e23046cd2b8cb067bedc7c45189a0d5809667813718b2447a29c6f03503e333c
cairo-1.2.4-3.el5_1.s390x.rpm	SHA-256: 827aa7f8b6f906725abdac7bcc144317e33720634e90972d1e610e7e6d9dc735
cairo-devel-1.2.4-3.el5_1.s390.rpm	SHA-256: 0761dfad3980b5e2e9ef7d6199ef757df37a6beaf138e0ef231db14da51f1720
cairo-devel-1.2.4-3.el5_1.s390x.rpm	SHA-256: 228c111a8f543cb95ac421715839d0aa6b00ba369bb04ee2257ba87c41cbe0dc

Red Hat Enterprise Linux for Power, big endian 5

SRPM
cairo-1.2.4-3.el5_1.src.rpm	SHA-256: 69761523a12e3d1a209f0de4ad77f8f3e45fc8866bde92390e1c6b2191b02fd7
ppc
cairo-1.2.4-3.el5_1.ppc.rpm	SHA-256: d959976cf455af12fa6b9115e488333d8934b93fc9545e65ff3e67e4d337f240
cairo-1.2.4-3.el5_1.ppc64.rpm	SHA-256: 77e468c87d1136c6c47d0c38fa94dc8b116ddf17b6977a62b2d4c141ce1cfd51
cairo-devel-1.2.4-3.el5_1.ppc.rpm	SHA-256: 2bc4c9938f35b7d04bddaf504c2eefed4b64a2281bef2e6f4131e9d1924e3f2c
cairo-devel-1.2.4-3.el5_1.ppc64.rpm	SHA-256: 3539eceac094604563fcc31a13c722ce1b4c20067ce26f71d6056fe94b2b4ac5

Red Hat Enterprise Linux Server from RHUI 5

SRPM
cairo-1.2.4-3.el5_1.src.rpm	SHA-256: 69761523a12e3d1a209f0de4ad77f8f3e45fc8866bde92390e1c6b2191b02fd7
x86_64
cairo-1.2.4-3.el5_1.i386.rpm	SHA-256: 690d68bf559fe7d15826164168332a8360de17c7d2beffa33d2871c44cccef16
cairo-1.2.4-3.el5_1.x86_64.rpm	SHA-256: 7fed9bc0d9bae4ee3573951fc3a44e6c0d3e161a6e0cd426537f03bbc88c25de
cairo-devel-1.2.4-3.el5_1.i386.rpm	SHA-256: 9d584bb89358087768469c025629830204c09520b75360b5b94aa9120b8eb911
cairo-devel-1.2.4-3.el5_1.x86_64.rpm	SHA-256: 2889cc8597e88ce7446845faf363ddba7b6c10f5cf4a73a2f8ad41e4b65b7755
i386
cairo-1.2.4-3.el5_1.i386.rpm	SHA-256: 690d68bf559fe7d15826164168332a8360de17c7d2beffa33d2871c44cccef16
cairo-devel-1.2.4-3.el5_1.i386.rpm	SHA-256: 9d584bb89358087768469c025629830204c09520b75360b5b94aa9120b8eb911

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories