Red Hat Product Errata RHSA-2010:0752 - Security Advisory
Issued:
2010-10-07
Updated:
2010-10-07

RHSA-2010:0752 - Security Advisory

Synopsis

Important: gpdf security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated gpdf package that fixes two security issues is now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

GPdf is a viewer for Portable Document Format (PDF) files.

An uninitialized pointer use flaw was discovered in GPdf. An attacker could
create a malicious PDF file that, when opened, would cause GPdf to crash
or, potentially, execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way GPdf parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause GPdf to crash or, potentially, execute
arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to this updated package, which contains
backported patches to correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc

Fixes

  • BZ - 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
  • BZ - 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()

Red Hat Enterprise Linux Server 4

SRPM
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
x86_64
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
ia64
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
i386
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
x86_64
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
ia64
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
i386
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248

Red Hat Enterprise Linux Workstation 4

SRPM
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
x86_64
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
ia64
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm SHA-256: a1bbdc4c267a0930413f89eb28df5bb1b4382a52e0ace5c9cdcec061ad45da14
i386
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248

Red Hat Enterprise Linux Desktop 4

SRPM
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
x86_64
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm SHA-256: 5c00c4677ada87f6adfc5577e032e94730ee2d0813cc5f2d31bdff1603ccfbe6
i386
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm SHA-256: fb8b673baa04e998b1d7b58e823b07d3b9af23a76f9149c2f88ce2103516d248

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
s390x
gpdf-2.8.2-7.7.2.el4_8.7.s390x.rpm SHA-256: e74ded2066ff99fe603d3bcac1b388fddb98d473f8fe888e36acaaefa34dcef1
s390
gpdf-2.8.2-7.7.2.el4_8.7.s390.rpm SHA-256: bd8e18e1fd45141c6e86c514840a3a615943469a43564892cf68eb1f6f0293cb

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
s390x
gpdf-2.8.2-7.7.2.el4_8.7.s390x.rpm SHA-256: e74ded2066ff99fe603d3bcac1b388fddb98d473f8fe888e36acaaefa34dcef1
s390
gpdf-2.8.2-7.7.2.el4_8.7.s390.rpm SHA-256: bd8e18e1fd45141c6e86c514840a3a615943469a43564892cf68eb1f6f0293cb

Red Hat Enterprise Linux for Power, big endian 4

SRPM
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
ppc
gpdf-2.8.2-7.7.2.el4_8.7.ppc.rpm SHA-256: 2acd88922abe3e139942efad7482ab5d9be737bbae263ab68eb2360e963fd03a

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
gpdf-2.8.2-7.7.2.el4_8.7.src.rpm SHA-256: a53055cef659e877f4819fb984d8d03addc3fc8839e41ea2735dbc8b0feb48cc
ppc
gpdf-2.8.2-7.7.2.el4_8.7.ppc.rpm SHA-256: 2acd88922abe3e139942efad7482ab5d9be737bbae263ab68eb2360e963fd03a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.