Package name
Advisory ID
Affected versions
6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

There is a potential race condation when using tmpnam() and fopen() in xpdf versions prior to 0.91. This exploit can be only used as root to overwrite arbitrary files if a symlink is created between the calls to tmpname() and fopen(). There is also a problem with malicious URL-type links in PDF documents that contain quote characters which could also potentially be used to execute arbitrary commands. This is due to xpdf calling system() with a netscape (or similar) command plus the URL. The 0.91 release of xpdf fixes both of these potential problems. Although there are no known exploits, users are encouraged to upgrade their system with these updates.

Updated packages

6.1 i586

 37e41179955b5e36dcd873449274e57a  6.1/RPMS/xpdf-0.91-2mdk.i586.rpm
a7e0a28dec18bf6b568aed6457b7d1d4  6.1/SRPMS/xpdf-0.91-2mdk.src.rpm

6.0 i586

 db2848a72dc63c924d649d0cd08b57b5  6.0/RPMS/xpdf-0.91-2mdk.i586.rpm
a7e0a28dec18bf6b568aed6457b7d1d4  6.0/SRPMS/xpdf-0.91-2mdk.src.rpm

7.0 i586

 79ec9e813bd183a544ae439078f8326b  7.0/RPMS/xpdf-0.91-2mdk.i586.rpm
a7e0a28dec18bf6b568aed6457b7d1d4  7.0/SRPMS/xpdf-0.91-2mdk.src.rpm

7.1 i586

 3bb4134dece9deb3190e1fbf0de0159d  7.1/RPMS/xpdf-0.91-3mdk.i586.rpm
8648f98a0a8927e039fddcb50b57eca8  7.1/SRPMS/xpdf-0.91-3mdk.src.rpm