Package name
Advisory ID
Affected versions
6.1 i586 , 6.0 i586 , 7.0 i586

Problem description

There is a potential race condation when using tmpnam() and fopen() in xpdf versions prior to 0.91. This exploit can be only used as root to overwrite arbitrary files if a symlink is created between the calls to tmpname() and fopen(). There is also a problem with malicious URL-type links in PDF documents that contain quote characters which could also potentially be used to execute arbitrary commands. This is due to xpdf calling system() with a netscape (or similar) command plus the URL. The 0.91 release of xpdf fixes both of these potential problems. Although there are no known exploits, users are encouraged to upgrade their system with these updates. Update: There was an incorrect dependancy on the t1lib package in the previous updates for xpdf for Linux-Mandrake 6.x and 7.0. This update resolves those dependancy issues.

Updated packages

6.1 i586

 552d48f5053ad5f348df823cb759a8c9  6.1/RPMS/xpdf-0.91-4mdk.i586.rpm
305a3ed2da20108baf16ce716e4f56f0  6.1/SRPMS/xpdf-0.91-4mdk.src.rpm

6.0 i586

 9210a209bbd52854078e77c5edc35158  6.0/RPMS/xpdf-0.91-4mdk.i586.rpm
305a3ed2da20108baf16ce716e4f56f0  6.0/SRPMS/xpdf-0.91-4mdk.src.rpm

7.0 i586

 8a8bca08989416014a2c91bac79eddc5  7.0/RPMS/xpdf-0.91-4mdk.i586.rpm
305a3ed2da20108baf16ce716e4f56f0  7.0/SRPMS/xpdf-0.91-4mdk.src.rpm