Red Hat Product Errata RHSA-2011:0009 - Security Advisory

Issued:: 2011-01-06
Updated:: 2011-01-06

RHSA-2011:0009 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: evince security update

Type/Severity

Security Advisory: Moderate

Topic

Updated evince packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Evince is a document viewer.

An array index error was found in the DeVice Independent (DVI) renderer's
PK and VF font file parsers. A DVI file that references a specially-crafted
font file could, when opened, cause Evince to crash or, potentially,
execute arbitrary code with the privileges of the user running Evince.
(CVE-2010-2640, CVE-2010-2641)

A heap-based buffer overflow flaw was found in the DVI renderer's AFM font
file parser. A DVI file that references a specially-crafted font file
could, when opened, cause Evince to crash or, potentially, execute
arbitrary code with the privileges of the user running Evince.
(CVE-2010-2642)

An integer overflow flaw was found in the DVI renderer's TFM font file
parser. A DVI file that references a specially-crafted font file could,
when opened, cause Evince to crash or, potentially, execute arbitrary code
with the privileges of the user running Evince. (CVE-2010-2643)

Note: The above issues are not exploitable unless an attacker can trick the
user into installing a malicious font file.

Red Hat would like to thank the Evince development team for reporting these
issues. Upstream acknowledges Jon Larimer of IBM X-Force as the original
reporter of these issues.

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

BZ - 666313 - CVE-2010-2640 evince: Array index errror in DVI file PK font parser
BZ - 666314 - CVE-2010-2641 evince: Array index errror in DVI file VF font parser
BZ - 666318 - CVE-2010-2642 evince: Heap based buffer overflow in DVI file AFM font parser
BZ - 666321 - CVE-2010-2643 evince: Integer overflow in DVI file TFM font parser

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
evince-2.28.2-14.el6_0.1.src.rpm	SHA-256: dfec53d873ff6808b08ae56a5c45e1c0929c8060e6e1cf7d4478d7ff8f0bd828
x86_64
evince-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: fcdfeda539a5a15aaa375b499b6ca63e834823ca164a2e46a3624a23d25e7ead
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 5f19fe0ecad22c9a1488a7fa11e7866680011e8e134677e8d199ccc68bc1d678
evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 5f19fe0ecad22c9a1488a7fa11e7866680011e8e134677e8d199ccc68bc1d678
evince-devel-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 860fd51b394a5d9acc4e5348a772f9d312d9d0837a326f37883748b875259101
evince-devel-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 09d315b067b3df6e722f57560f956a8ba83994c54e180d0495e758f0ccae5ec4
evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 6f2b101b7124cda92c1e3a373515e88ec5861cfbf97cbede6f97eb43d0edc288
evince-libs-2.28.2-14.el6_0.1.i686.rpm	SHA-256: c9ee6d6f0feb1afc3ad0f10cc973606296b9cb173d9a5f014b8f99805efc9f07
evince-libs-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 664d3409467b3cf8c4f6e79f22340fe5bfcb61b8d29b9662a8c983cf54e936c0
i386
evince-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 4a8b8baec0297330c30b9864deb151af5f201d8538cd273cc65035084750f596
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-devel-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 860fd51b394a5d9acc4e5348a772f9d312d9d0837a326f37883748b875259101
evince-dvi-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 363cb5f3c1a2216f92c2a8e54816a0f77c2ef93b4129919c07aa487fb2ba0370
evince-libs-2.28.2-14.el6_0.1.i686.rpm	SHA-256: c9ee6d6f0feb1afc3ad0f10cc973606296b9cb173d9a5f014b8f99805efc9f07

Red Hat Enterprise Linux Workstation 6

SRPM
evince-2.28.2-14.el6_0.1.src.rpm	SHA-256: dfec53d873ff6808b08ae56a5c45e1c0929c8060e6e1cf7d4478d7ff8f0bd828
x86_64
evince-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: fcdfeda539a5a15aaa375b499b6ca63e834823ca164a2e46a3624a23d25e7ead
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 5f19fe0ecad22c9a1488a7fa11e7866680011e8e134677e8d199ccc68bc1d678
evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 5f19fe0ecad22c9a1488a7fa11e7866680011e8e134677e8d199ccc68bc1d678
evince-devel-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 860fd51b394a5d9acc4e5348a772f9d312d9d0837a326f37883748b875259101
evince-devel-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 09d315b067b3df6e722f57560f956a8ba83994c54e180d0495e758f0ccae5ec4
evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 6f2b101b7124cda92c1e3a373515e88ec5861cfbf97cbede6f97eb43d0edc288
evince-libs-2.28.2-14.el6_0.1.i686.rpm	SHA-256: c9ee6d6f0feb1afc3ad0f10cc973606296b9cb173d9a5f014b8f99805efc9f07
evince-libs-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 664d3409467b3cf8c4f6e79f22340fe5bfcb61b8d29b9662a8c983cf54e936c0
i386
evince-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 4a8b8baec0297330c30b9864deb151af5f201d8538cd273cc65035084750f596
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-devel-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 860fd51b394a5d9acc4e5348a772f9d312d9d0837a326f37883748b875259101
evince-dvi-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 363cb5f3c1a2216f92c2a8e54816a0f77c2ef93b4129919c07aa487fb2ba0370
evince-libs-2.28.2-14.el6_0.1.i686.rpm	SHA-256: c9ee6d6f0feb1afc3ad0f10cc973606296b9cb173d9a5f014b8f99805efc9f07

Red Hat Enterprise Linux Desktop 6

SRPM
evince-2.28.2-14.el6_0.1.src.rpm	SHA-256: dfec53d873ff6808b08ae56a5c45e1c0929c8060e6e1cf7d4478d7ff8f0bd828
x86_64
evince-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: fcdfeda539a5a15aaa375b499b6ca63e834823ca164a2e46a3624a23d25e7ead
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 5f19fe0ecad22c9a1488a7fa11e7866680011e8e134677e8d199ccc68bc1d678
evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 5f19fe0ecad22c9a1488a7fa11e7866680011e8e134677e8d199ccc68bc1d678
evince-devel-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 860fd51b394a5d9acc4e5348a772f9d312d9d0837a326f37883748b875259101
evince-devel-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 09d315b067b3df6e722f57560f956a8ba83994c54e180d0495e758f0ccae5ec4
evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 6f2b101b7124cda92c1e3a373515e88ec5861cfbf97cbede6f97eb43d0edc288
evince-libs-2.28.2-14.el6_0.1.i686.rpm	SHA-256: c9ee6d6f0feb1afc3ad0f10cc973606296b9cb173d9a5f014b8f99805efc9f07
evince-libs-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 664d3409467b3cf8c4f6e79f22340fe5bfcb61b8d29b9662a8c983cf54e936c0
i386
evince-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 4a8b8baec0297330c30b9864deb151af5f201d8538cd273cc65035084750f596
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-devel-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 860fd51b394a5d9acc4e5348a772f9d312d9d0837a326f37883748b875259101
evince-dvi-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 363cb5f3c1a2216f92c2a8e54816a0f77c2ef93b4129919c07aa487fb2ba0370
evince-libs-2.28.2-14.el6_0.1.i686.rpm	SHA-256: c9ee6d6f0feb1afc3ad0f10cc973606296b9cb173d9a5f014b8f99805efc9f07

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
evince-2.28.2-14.el6_0.1.src.rpm	SHA-256: dfec53d873ff6808b08ae56a5c45e1c0929c8060e6e1cf7d4478d7ff8f0bd828
s390x
evince-2.28.2-14.el6_0.1.s390x.rpm	SHA-256: 40bcaa792631fe411b44eb066c80fa882ba7b18f202fcf93f19ad558d74d7427
evince-debuginfo-2.28.2-14.el6_0.1.s390.rpm	SHA-256: aa117ff0963e7becc6873f4176f4feb91881d9e835025358bfa36f31ed43567e
evince-debuginfo-2.28.2-14.el6_0.1.s390.rpm	SHA-256: aa117ff0963e7becc6873f4176f4feb91881d9e835025358bfa36f31ed43567e
evince-debuginfo-2.28.2-14.el6_0.1.s390x.rpm	SHA-256: 4a7caf90e917589ce3eab6dcf23b74060982b52aafe1b5085b87b6818dd88726
evince-debuginfo-2.28.2-14.el6_0.1.s390x.rpm	SHA-256: 4a7caf90e917589ce3eab6dcf23b74060982b52aafe1b5085b87b6818dd88726
evince-devel-2.28.2-14.el6_0.1.s390.rpm	SHA-256: 8c32b63f75bf52ca8c0d484d727c560f7b5508586d5a0b97ddf9723c4ae04d20
evince-devel-2.28.2-14.el6_0.1.s390x.rpm	SHA-256: 23c53b006fb0f57181064e43af45b2e7c807033b735e6b2a0c1410678fef465a
evince-dvi-2.28.2-14.el6_0.1.s390x.rpm	SHA-256: 446a9836a5367c7a23d74d29eb776198621e70642b6a7d684b52f8790b87e04b
evince-libs-2.28.2-14.el6_0.1.s390.rpm	SHA-256: 5379d01cec7e9ae19a09750a9f9de066a80d719cb17e3ce4c802f8c2ea7a0b9a
evince-libs-2.28.2-14.el6_0.1.s390x.rpm	SHA-256: 30f0b1445f5c39ff0eb316a0d5bc2bf1f9aaa80e2829b2e8ca6b866e0e59757a

Red Hat Enterprise Linux for Power, big endian 6

SRPM
evince-2.28.2-14.el6_0.1.src.rpm	SHA-256: dfec53d873ff6808b08ae56a5c45e1c0929c8060e6e1cf7d4478d7ff8f0bd828
ppc64
evince-2.28.2-14.el6_0.1.ppc64.rpm	SHA-256: ae163e2b8df12620a8876e4e33919c33e9bcb4e54c39861d9f0ea870728138e5
evince-debuginfo-2.28.2-14.el6_0.1.ppc.rpm	SHA-256: ec06ff6cc6526f57c8fd9cb379195bbc72f26686f1631adbf575d17f4a8d3f6d
evince-debuginfo-2.28.2-14.el6_0.1.ppc.rpm	SHA-256: ec06ff6cc6526f57c8fd9cb379195bbc72f26686f1631adbf575d17f4a8d3f6d
evince-debuginfo-2.28.2-14.el6_0.1.ppc64.rpm	SHA-256: 4e7590ca2f5681d58d97d2d8159269eb442451f48b65a7cb84681ca974f4636b
evince-debuginfo-2.28.2-14.el6_0.1.ppc64.rpm	SHA-256: 4e7590ca2f5681d58d97d2d8159269eb442451f48b65a7cb84681ca974f4636b
evince-devel-2.28.2-14.el6_0.1.ppc.rpm	SHA-256: 04f66de2733fa651e063909ae2244e9990c07021487b614ba2158fc888b76daa
evince-devel-2.28.2-14.el6_0.1.ppc64.rpm	SHA-256: 14488b303b3192701c5c373acc12fbbd0330306060e714152f37fcb24aa9a7c9
evince-dvi-2.28.2-14.el6_0.1.ppc64.rpm	SHA-256: ba0681dd2110a3fdb3da7ed7224131abc9f607bdf8340a1b35c4ceae5b84fcd7
evince-libs-2.28.2-14.el6_0.1.ppc.rpm	SHA-256: 98b90d388920a5fb0ffdbdf64c71dba0627177e2f44ffbeadeb78914a24b2b35
evince-libs-2.28.2-14.el6_0.1.ppc64.rpm	SHA-256: fa1ae24cedf2db6a54172f2c8ba518fad0db754f1e74d03e6407a4711595d942

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
evince-2.28.2-14.el6_0.1.src.rpm	SHA-256: dfec53d873ff6808b08ae56a5c45e1c0929c8060e6e1cf7d4478d7ff8f0bd828
x86_64
evince-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: fcdfeda539a5a15aaa375b499b6ca63e834823ca164a2e46a3624a23d25e7ead
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 5f19fe0ecad22c9a1488a7fa11e7866680011e8e134677e8d199ccc68bc1d678
evince-devel-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 860fd51b394a5d9acc4e5348a772f9d312d9d0837a326f37883748b875259101
evince-devel-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 09d315b067b3df6e722f57560f956a8ba83994c54e180d0495e758f0ccae5ec4
evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 6f2b101b7124cda92c1e3a373515e88ec5861cfbf97cbede6f97eb43d0edc288
evince-libs-2.28.2-14.el6_0.1.i686.rpm	SHA-256: c9ee6d6f0feb1afc3ad0f10cc973606296b9cb173d9a5f014b8f99805efc9f07
evince-libs-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 664d3409467b3cf8c4f6e79f22340fe5bfcb61b8d29b9662a8c983cf54e936c0

Red Hat Enterprise Linux Server from RHUI 6

SRPM
evince-2.28.2-14.el6_0.1.src.rpm	SHA-256: dfec53d873ff6808b08ae56a5c45e1c0929c8060e6e1cf7d4478d7ff8f0bd828
x86_64
evince-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: fcdfeda539a5a15aaa375b499b6ca63e834823ca164a2e46a3624a23d25e7ead
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 5f19fe0ecad22c9a1488a7fa11e7866680011e8e134677e8d199ccc68bc1d678
evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 5f19fe0ecad22c9a1488a7fa11e7866680011e8e134677e8d199ccc68bc1d678
evince-devel-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 860fd51b394a5d9acc4e5348a772f9d312d9d0837a326f37883748b875259101
evince-devel-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 09d315b067b3df6e722f57560f956a8ba83994c54e180d0495e758f0ccae5ec4
evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 6f2b101b7124cda92c1e3a373515e88ec5861cfbf97cbede6f97eb43d0edc288
evince-libs-2.28.2-14.el6_0.1.i686.rpm	SHA-256: c9ee6d6f0feb1afc3ad0f10cc973606296b9cb173d9a5f014b8f99805efc9f07
evince-libs-2.28.2-14.el6_0.1.x86_64.rpm	SHA-256: 664d3409467b3cf8c4f6e79f22340fe5bfcb61b8d29b9662a8c983cf54e936c0
i386
evince-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 4a8b8baec0297330c30b9864deb151af5f201d8538cd273cc65035084750f596
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm	SHA-256: ee1a42af65ac9865472b6308d74ca25f1cd172ebd6bc940f21a06fb5509a479e
evince-devel-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 860fd51b394a5d9acc4e5348a772f9d312d9d0837a326f37883748b875259101
evince-dvi-2.28.2-14.el6_0.1.i686.rpm	SHA-256: 363cb5f3c1a2216f92c2a8e54816a0f77c2ef93b4129919c07aa487fb2ba0370
evince-libs-2.28.2-14.el6_0.1.i686.rpm	SHA-256: c9ee6d6f0feb1afc3ad0f10cc973606296b9cb173d9a5f014b8f99805efc9f07

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories