Issued:
2008-05-08
Updated:
2008-05-08

RHSA-2008:0262 - Security Advisory

Synopsis

Important: gpdf security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated gpdf package that fixes a security issue is now available for
Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

gpdf is a GNOME-based viewer for Portable Document Format (PDF) files.

Kees Cook discovered a flaw in the way gpdf displayed malformed fonts
embedded in PDF files. An attacker could create a malicious PDF file that
would cause gpdf to crash, or, potentially, execute arbitrary code when
opened. (CVE-2008-1693)

Users of gpdf are advised to upgrade to this updated package, which
contains a backported patch to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc

Fixes

  • BZ - 441722 - CVE-2008-1693 xpdf: embedded font vulnerability

Red Hat Enterprise Linux Server 4

SRPM
gpdf-2.8.2-7.7.2.src.rpm SHA-256: f183334afa5afc83a1e547a5371136bfb3688576349edfc218bc0f9513acbc7b
x86_64
gpdf-2.8.2-7.7.2.x86_64.rpm SHA-256: 7a37efe2ac5622fbef755651ad7759c6e482313b7734938d315bd876e325d36f
gpdf-2.8.2-7.7.2.x86_64.rpm SHA-256: 7a37efe2ac5622fbef755651ad7759c6e482313b7734938d315bd876e325d36f
ia64
gpdf-2.8.2-7.7.2.ia64.rpm SHA-256: dd8c64e5437c8db6582d09dac58093ce6e97d9d058dc8660786809685efca559
gpdf-2.8.2-7.7.2.ia64.rpm SHA-256: dd8c64e5437c8db6582d09dac58093ce6e97d9d058dc8660786809685efca559
i386
gpdf-2.8.2-7.7.2.i386.rpm SHA-256: 69b42d859aa7b9ed6b77f8f3c438b05fde1ddf7dc9334299c9039b922d99a850
gpdf-2.8.2-7.7.2.i386.rpm SHA-256: 69b42d859aa7b9ed6b77f8f3c438b05fde1ddf7dc9334299c9039b922d99a850

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6

SRPM
gpdf-2.8.2-7.7.2.src.rpm SHA-256: f183334afa5afc83a1e547a5371136bfb3688576349edfc218bc0f9513acbc7b
x86_64
gpdf-2.8.2-7.7.2.x86_64.rpm SHA-256: 7a37efe2ac5622fbef755651ad7759c6e482313b7734938d315bd876e325d36f
gpdf-2.8.2-7.7.2.x86_64.rpm SHA-256: 7a37efe2ac5622fbef755651ad7759c6e482313b7734938d315bd876e325d36f
ia64
gpdf-2.8.2-7.7.2.ia64.rpm SHA-256: dd8c64e5437c8db6582d09dac58093ce6e97d9d058dc8660786809685efca559
gpdf-2.8.2-7.7.2.ia64.rpm SHA-256: dd8c64e5437c8db6582d09dac58093ce6e97d9d058dc8660786809685efca559
i386
gpdf-2.8.2-7.7.2.i386.rpm SHA-256: 69b42d859aa7b9ed6b77f8f3c438b05fde1ddf7dc9334299c9039b922d99a850
gpdf-2.8.2-7.7.2.i386.rpm SHA-256: 69b42d859aa7b9ed6b77f8f3c438b05fde1ddf7dc9334299c9039b922d99a850

Red Hat Enterprise Linux Workstation 4

SRPM
gpdf-2.8.2-7.7.2.src.rpm SHA-256: f183334afa5afc83a1e547a5371136bfb3688576349edfc218bc0f9513acbc7b
x86_64
gpdf-2.8.2-7.7.2.x86_64.rpm SHA-256: 7a37efe2ac5622fbef755651ad7759c6e482313b7734938d315bd876e325d36f
ia64
gpdf-2.8.2-7.7.2.ia64.rpm SHA-256: dd8c64e5437c8db6582d09dac58093ce6e97d9d058dc8660786809685efca559
i386
gpdf-2.8.2-7.7.2.i386.rpm SHA-256: 69b42d859aa7b9ed6b77f8f3c438b05fde1ddf7dc9334299c9039b922d99a850

Red Hat Enterprise Linux Desktop 4

SRPM
gpdf-2.8.2-7.7.2.src.rpm SHA-256: f183334afa5afc83a1e547a5371136bfb3688576349edfc218bc0f9513acbc7b
x86_64
gpdf-2.8.2-7.7.2.x86_64.rpm SHA-256: 7a37efe2ac5622fbef755651ad7759c6e482313b7734938d315bd876e325d36f
i386
gpdf-2.8.2-7.7.2.i386.rpm SHA-256: 69b42d859aa7b9ed6b77f8f3c438b05fde1ddf7dc9334299c9039b922d99a850

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
gpdf-2.8.2-7.7.2.src.rpm SHA-256: f183334afa5afc83a1e547a5371136bfb3688576349edfc218bc0f9513acbc7b
s390x
gpdf-2.8.2-7.7.2.s390x.rpm SHA-256: df79d3617e497f5071bd2d9f7cb651056fb9fbad3533d7465eee01e8796fd395
s390
gpdf-2.8.2-7.7.2.s390.rpm SHA-256: c056e0a18dbd230c8ad9ab5946ca5278e4449f264bb450e45f341897ffbaa8e0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6

SRPM
gpdf-2.8.2-7.7.2.src.rpm SHA-256: f183334afa5afc83a1e547a5371136bfb3688576349edfc218bc0f9513acbc7b
s390x
gpdf-2.8.2-7.7.2.s390x.rpm SHA-256: df79d3617e497f5071bd2d9f7cb651056fb9fbad3533d7465eee01e8796fd395
s390
gpdf-2.8.2-7.7.2.s390.rpm SHA-256: c056e0a18dbd230c8ad9ab5946ca5278e4449f264bb450e45f341897ffbaa8e0

Red Hat Enterprise Linux for Power, big endian 4

SRPM
gpdf-2.8.2-7.7.2.src.rpm SHA-256: f183334afa5afc83a1e547a5371136bfb3688576349edfc218bc0f9513acbc7b
ppc
gpdf-2.8.2-7.7.2.ppc.rpm SHA-256: 4bad722b86f3dfe6954ad722fa05d2d50e40b952de3f7f9565cbeb657ac6e026

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6

SRPM
gpdf-2.8.2-7.7.2.src.rpm SHA-256: f183334afa5afc83a1e547a5371136bfb3688576349edfc218bc0f9513acbc7b
ppc
gpdf-2.8.2-7.7.2.ppc.rpm SHA-256: 4bad722b86f3dfe6954ad722fa05d2d50e40b952de3f7f9565cbeb657ac6e026

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.