Red Hat Product Errata RHSA-2009:1512 - Security Advisory

Issued:: 2009-10-15
Updated:: 2009-10-15

RHSA-2009:1512 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kdegraphics security update

Type/Severity

Security Advisory: Important

Topic

Updated kdegraphics packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The kdegraphics packages contain applications for the K Desktop
Environment, including KPDF, a viewer for Portable Document Format (PDF)
files.

Multiple integer overflow flaws were found in KPDF. An attacker could
create a malicious PDF file that would cause KPDF to crash or, potentially,
execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,
CVE-2009-3604, CVE-2009-3608, CVE-2009-3609)

Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604
issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.

Users are advised to upgrade to these updated packages, which contain a
backported patch to resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc

Fixes

BZ - 491840 - CVE-2009-0791 xpdf: multiple integer overflows
BZ - 495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow
BZ - 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016)
BZ - 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow
BZ - 526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check

CVEs

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
kdegraphics-3.3.1-15.el4_8.2.src.rpm	SHA-256: 95104ddc31908c484165f07de9ce04683f89a803ff7c2a22a3bbe525149e7516
x86_64
kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 958168f4a8e432475bf89a228c0801d856520e0dbbf43cedc04aaefa8c9ec870
kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 958168f4a8e432475bf89a228c0801d856520e0dbbf43cedc04aaefa8c9ec870
kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 8de0731ca7c9734b4b1193e50175d0222cf95b4f1df3b9afe25daeacf687b238
kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 8de0731ca7c9734b4b1193e50175d0222cf95b4f1df3b9afe25daeacf687b238
ia64
kdegraphics-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: d0d2f43dc489e79160b2e16457a8d83a434ab408eb29dadd61b418a782360484
kdegraphics-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: d0d2f43dc489e79160b2e16457a8d83a434ab408eb29dadd61b418a782360484
kdegraphics-devel-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: 912af34cbcff8058343b2e03c01d23eba539113b3364f840cc60a7c2c8dd39b6
kdegraphics-devel-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: 912af34cbcff8058343b2e03c01d23eba539113b3364f840cc60a7c2c8dd39b6
i386
kdegraphics-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 6bf51068b3de807b6f70d863fb03382c45a3fa864b2de663948d2125c2a98b11
kdegraphics-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 6bf51068b3de807b6f70d863fb03382c45a3fa864b2de663948d2125c2a98b11
kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 7224d58d38e5f180813f18f6283e6cd03003ea108fa375308a9a4516706e538e
kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 7224d58d38e5f180813f18f6283e6cd03003ea108fa375308a9a4516706e538e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
kdegraphics-3.3.1-15.el4_8.2.src.rpm	SHA-256: 95104ddc31908c484165f07de9ce04683f89a803ff7c2a22a3bbe525149e7516
x86_64
kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 958168f4a8e432475bf89a228c0801d856520e0dbbf43cedc04aaefa8c9ec870
kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 958168f4a8e432475bf89a228c0801d856520e0dbbf43cedc04aaefa8c9ec870
kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 8de0731ca7c9734b4b1193e50175d0222cf95b4f1df3b9afe25daeacf687b238
kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 8de0731ca7c9734b4b1193e50175d0222cf95b4f1df3b9afe25daeacf687b238
ia64
kdegraphics-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: d0d2f43dc489e79160b2e16457a8d83a434ab408eb29dadd61b418a782360484
kdegraphics-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: d0d2f43dc489e79160b2e16457a8d83a434ab408eb29dadd61b418a782360484
kdegraphics-devel-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: 912af34cbcff8058343b2e03c01d23eba539113b3364f840cc60a7c2c8dd39b6
kdegraphics-devel-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: 912af34cbcff8058343b2e03c01d23eba539113b3364f840cc60a7c2c8dd39b6
i386
kdegraphics-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 6bf51068b3de807b6f70d863fb03382c45a3fa864b2de663948d2125c2a98b11
kdegraphics-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 6bf51068b3de807b6f70d863fb03382c45a3fa864b2de663948d2125c2a98b11
kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 7224d58d38e5f180813f18f6283e6cd03003ea108fa375308a9a4516706e538e
kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 7224d58d38e5f180813f18f6283e6cd03003ea108fa375308a9a4516706e538e

Red Hat Enterprise Linux Workstation 4

SRPM
kdegraphics-3.3.1-15.el4_8.2.src.rpm	SHA-256: 95104ddc31908c484165f07de9ce04683f89a803ff7c2a22a3bbe525149e7516
x86_64
kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 958168f4a8e432475bf89a228c0801d856520e0dbbf43cedc04aaefa8c9ec870
kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 8de0731ca7c9734b4b1193e50175d0222cf95b4f1df3b9afe25daeacf687b238
ia64
kdegraphics-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: d0d2f43dc489e79160b2e16457a8d83a434ab408eb29dadd61b418a782360484
kdegraphics-devel-3.3.1-15.el4_8.2.ia64.rpm	SHA-256: 912af34cbcff8058343b2e03c01d23eba539113b3364f840cc60a7c2c8dd39b6
i386
kdegraphics-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 6bf51068b3de807b6f70d863fb03382c45a3fa864b2de663948d2125c2a98b11
kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 7224d58d38e5f180813f18f6283e6cd03003ea108fa375308a9a4516706e538e

Red Hat Enterprise Linux Desktop 4

SRPM
kdegraphics-3.3.1-15.el4_8.2.src.rpm	SHA-256: 95104ddc31908c484165f07de9ce04683f89a803ff7c2a22a3bbe525149e7516
x86_64
kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 958168f4a8e432475bf89a228c0801d856520e0dbbf43cedc04aaefa8c9ec870
kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm	SHA-256: 8de0731ca7c9734b4b1193e50175d0222cf95b4f1df3b9afe25daeacf687b238
i386
kdegraphics-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 6bf51068b3de807b6f70d863fb03382c45a3fa864b2de663948d2125c2a98b11
kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm	SHA-256: 7224d58d38e5f180813f18f6283e6cd03003ea108fa375308a9a4516706e538e

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kdegraphics-3.3.1-15.el4_8.2.src.rpm	SHA-256: 95104ddc31908c484165f07de9ce04683f89a803ff7c2a22a3bbe525149e7516
s390x
kdegraphics-3.3.1-15.el4_8.2.s390x.rpm	SHA-256: e9017bb12e25e3c75b5199cfa9a9b4460a4bf2f08883630cf776ac3535bde133
kdegraphics-devel-3.3.1-15.el4_8.2.s390x.rpm	SHA-256: 8ab55d846d3fabd4295cc52062993204bc7cd812f460474c5692862e4f30ab5a
s390
kdegraphics-3.3.1-15.el4_8.2.s390.rpm	SHA-256: 0245e5d4314f48d67ad041366f3c4ba85df07e147e26a208de715e9f9d192836
kdegraphics-devel-3.3.1-15.el4_8.2.s390.rpm	SHA-256: 714ed99344d465bd7079d0319cf47c5adab8a644655776b9ef0c9c2b7326c636

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
kdegraphics-3.3.1-15.el4_8.2.src.rpm	SHA-256: 95104ddc31908c484165f07de9ce04683f89a803ff7c2a22a3bbe525149e7516
s390x
kdegraphics-3.3.1-15.el4_8.2.s390x.rpm	SHA-256: e9017bb12e25e3c75b5199cfa9a9b4460a4bf2f08883630cf776ac3535bde133
kdegraphics-devel-3.3.1-15.el4_8.2.s390x.rpm	SHA-256: 8ab55d846d3fabd4295cc52062993204bc7cd812f460474c5692862e4f30ab5a
s390
kdegraphics-3.3.1-15.el4_8.2.s390.rpm	SHA-256: 0245e5d4314f48d67ad041366f3c4ba85df07e147e26a208de715e9f9d192836
kdegraphics-devel-3.3.1-15.el4_8.2.s390.rpm	SHA-256: 714ed99344d465bd7079d0319cf47c5adab8a644655776b9ef0c9c2b7326c636

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kdegraphics-3.3.1-15.el4_8.2.src.rpm	SHA-256: 95104ddc31908c484165f07de9ce04683f89a803ff7c2a22a3bbe525149e7516
ppc
kdegraphics-3.3.1-15.el4_8.2.ppc.rpm	SHA-256: 55df39715deafc5ba0b34dcdcb8df425c95088c1990527cf3b9939c30b98e7f0
kdegraphics-devel-3.3.1-15.el4_8.2.ppc.rpm	SHA-256: a6b6ed0d3a9d5d3fcf24d3de36b3c200be569fbf162584c0ea73d1e64735fabb

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
kdegraphics-3.3.1-15.el4_8.2.src.rpm	SHA-256: 95104ddc31908c484165f07de9ce04683f89a803ff7c2a22a3bbe525149e7516
ppc
kdegraphics-3.3.1-15.el4_8.2.ppc.rpm	SHA-256: 55df39715deafc5ba0b34dcdcb8df425c95088c1990527cf3b9939c30b98e7f0
kdegraphics-devel-3.3.1-15.el4_8.2.ppc.rpm	SHA-256: a6b6ed0d3a9d5d3fcf24d3de36b3c200be569fbf162584c0ea73d1e64735fabb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories