Red Hat Product Errata RHSA-2008:0240 - Security Advisory
Issued:
2008-04-17
Updated:
2008-04-17

RHSA-2008:0240 - Security Advisory

Synopsis

Important: xpdf security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated xpdf packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Xpdf is an X Window System-based viewer for Portable Document Format (PDF)
files.

Kees Cook discovered a flaw in the way xpdf displayed malformed fonts
embedded in PDF files. An attacker could create a malicious PDF file that
would cause xpdf to crash, or, potentially, execute arbitrary code when
opened. (CVE-2008-1693)

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc

Fixes

(none)

Red Hat Enterprise Linux Server 4

SRPM
xpdf-3.00-16.el4.src.rpm SHA-256: 792564cf3197018c9a713668681f5c03c4a3fbf0474cdea331c3ec5531cdb66d
x86_64
xpdf-3.00-16.el4.x86_64.rpm SHA-256: d5e8f3a8b6b88c6a443bc8308998b432c89d46d3ebbb981a92e207b64436ff4e
xpdf-3.00-16.el4.x86_64.rpm SHA-256: d5e8f3a8b6b88c6a443bc8308998b432c89d46d3ebbb981a92e207b64436ff4e
ia64
xpdf-3.00-16.el4.ia64.rpm SHA-256: 1a540cf9b1bbdab6ab3026474b05adf67e7c483c8362427ae0578c9a122c58d3
xpdf-3.00-16.el4.ia64.rpm SHA-256: 1a540cf9b1bbdab6ab3026474b05adf67e7c483c8362427ae0578c9a122c58d3
i386
xpdf-3.00-16.el4.i386.rpm SHA-256: ebcfdf157cea896bffa2e3e7b7fdf169862da74379f85b8877215cdf479aba5f
xpdf-3.00-16.el4.i386.rpm SHA-256: ebcfdf157cea896bffa2e3e7b7fdf169862da74379f85b8877215cdf479aba5f

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6

SRPM
xpdf-3.00-16.el4.src.rpm SHA-256: 792564cf3197018c9a713668681f5c03c4a3fbf0474cdea331c3ec5531cdb66d
x86_64
xpdf-3.00-16.el4.x86_64.rpm SHA-256: d5e8f3a8b6b88c6a443bc8308998b432c89d46d3ebbb981a92e207b64436ff4e
xpdf-3.00-16.el4.x86_64.rpm SHA-256: d5e8f3a8b6b88c6a443bc8308998b432c89d46d3ebbb981a92e207b64436ff4e
ia64
xpdf-3.00-16.el4.ia64.rpm SHA-256: 1a540cf9b1bbdab6ab3026474b05adf67e7c483c8362427ae0578c9a122c58d3
xpdf-3.00-16.el4.ia64.rpm SHA-256: 1a540cf9b1bbdab6ab3026474b05adf67e7c483c8362427ae0578c9a122c58d3
i386
xpdf-3.00-16.el4.i386.rpm SHA-256: ebcfdf157cea896bffa2e3e7b7fdf169862da74379f85b8877215cdf479aba5f
xpdf-3.00-16.el4.i386.rpm SHA-256: ebcfdf157cea896bffa2e3e7b7fdf169862da74379f85b8877215cdf479aba5f

Red Hat Enterprise Linux Workstation 4

SRPM
xpdf-3.00-16.el4.src.rpm SHA-256: 792564cf3197018c9a713668681f5c03c4a3fbf0474cdea331c3ec5531cdb66d
x86_64
xpdf-3.00-16.el4.x86_64.rpm SHA-256: d5e8f3a8b6b88c6a443bc8308998b432c89d46d3ebbb981a92e207b64436ff4e
ia64
xpdf-3.00-16.el4.ia64.rpm SHA-256: 1a540cf9b1bbdab6ab3026474b05adf67e7c483c8362427ae0578c9a122c58d3
i386
xpdf-3.00-16.el4.i386.rpm SHA-256: ebcfdf157cea896bffa2e3e7b7fdf169862da74379f85b8877215cdf479aba5f

Red Hat Enterprise Linux Desktop 4

SRPM
xpdf-3.00-16.el4.src.rpm SHA-256: 792564cf3197018c9a713668681f5c03c4a3fbf0474cdea331c3ec5531cdb66d
x86_64
xpdf-3.00-16.el4.x86_64.rpm SHA-256: d5e8f3a8b6b88c6a443bc8308998b432c89d46d3ebbb981a92e207b64436ff4e
i386
xpdf-3.00-16.el4.i386.rpm SHA-256: ebcfdf157cea896bffa2e3e7b7fdf169862da74379f85b8877215cdf479aba5f

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
xpdf-3.00-16.el4.src.rpm SHA-256: 792564cf3197018c9a713668681f5c03c4a3fbf0474cdea331c3ec5531cdb66d
s390x
xpdf-3.00-16.el4.s390x.rpm SHA-256: 02e57557dcc8f440d07df3a5b1f19ec4fdd88018866bfc794c9e4085f5e11aab
s390
xpdf-3.00-16.el4.s390.rpm SHA-256: 2eb47bf141c3608e3949814c22dd11869e73ae82511d310835e3cf16d1b2f9e0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6

SRPM
xpdf-3.00-16.el4.src.rpm SHA-256: 792564cf3197018c9a713668681f5c03c4a3fbf0474cdea331c3ec5531cdb66d
s390x
xpdf-3.00-16.el4.s390x.rpm SHA-256: 02e57557dcc8f440d07df3a5b1f19ec4fdd88018866bfc794c9e4085f5e11aab
s390
xpdf-3.00-16.el4.s390.rpm SHA-256: 2eb47bf141c3608e3949814c22dd11869e73ae82511d310835e3cf16d1b2f9e0

Red Hat Enterprise Linux for Power, big endian 4

SRPM
xpdf-3.00-16.el4.src.rpm SHA-256: 792564cf3197018c9a713668681f5c03c4a3fbf0474cdea331c3ec5531cdb66d
ppc
xpdf-3.00-16.el4.ppc.rpm SHA-256: b015ca4f64fa94dbd726f2332849600bd9dd33812bcfc8a161fc8668d6afb7b5

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6

SRPM
xpdf-3.00-16.el4.src.rpm SHA-256: 792564cf3197018c9a713668681f5c03c4a3fbf0474cdea331c3ec5531cdb66d
ppc
xpdf-3.00-16.el4.ppc.rpm SHA-256: b015ca4f64fa94dbd726f2332849600bd9dd33812bcfc8a161fc8668d6afb7b5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.