Support / Security / Advisories / Mandrakelinux 10.1 / MDKSA-2004:114

Package name: gpdf
Date: 2004-10-21
Advisory ID: MDKSA-2004:114
Affected versions: 10.0 amd64 , 10.1 i586 , 10.0 i586 , 10.1 x86_64

Problem description

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as gpdf: Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like gpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. The updated packages are patched to protect against these vulnerabilities.

Updated packages

10.0 amd64

 a83ab4bcbff0b4ddef26af27d4aa79a4  amd64/10.0/RPMS/gpdf-0.112-2.2.100mdk.amd64.rpm
53052a1b9209ff77cf38aa15a7210e7c  amd64/10.0/SRPMS/gpdf-0.112-2.2.100mdk.src.rpm

10.1 i586

 39b3d03f4a698046c337178a7311d0c0  10.1/RPMS/gpdf-0.132-3.1.101mdk.i586.rpm
a740d1999f4c85bdf24b648afc2729a4  10.1/SRPMS/gpdf-0.132-3.1.101mdk.src.rpm

10.0 i586

 133d3df8bdbbb8853ed5540df8587608  10.0/RPMS/gpdf-0.112-2.2.100mdk.i586.rpm
53052a1b9209ff77cf38aa15a7210e7c  10.0/SRPMS/gpdf-0.112-2.2.100mdk.src.rpm

10.1 x86_64

 e6857a005c2d8d6cc616507d349276f0  x86_64/10.1/RPMS/gpdf-0.132-3.1.101mdk.x86_64.rpm
a740d1999f4c85bdf24b648afc2729a4  x86_64/10.1/SRPMS/gpdf-0.132-3.1.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888