Support / Security / Advisories / Corporate Server 3.0 / MDKSA-2007:220

Package name: gpdf
Date: 2007-11-15
Advisory ID: MDKSA-2007:220
Affected versions: CS3.0 i586 , CS3.0 x86_64

Problem description

Alin Rad Pop found several flaws in how PDF files are handled in gpdf.
An attacker could create a malicious PDF file that would cause gpdf
to crash or potentially execute arbitrary code when opened.

The updated packages have been patched to correct this issue.

Updated packages

CS3.0 i586

 526dfea41ec1b8937170fdbcbf79e616  corporate/3.0/i586/gpdf-0.112-2.9.C30mdk.i586.rpm 
 1fa025a5f8dea5ec889622f8fb35af05  corporate/3.0/SRPMS/gpdf-0.112-2.9.C30mdk.src.rpm

CS3.0 x86_64

 043bd32c2f907b8f9d379d34d6b796e3  corporate/3.0/x86_64/gpdf-0.112-2.9.C30mdk.x86_64.rpm 
 1fa025a5f8dea5ec889622f8fb35af05  corporate/3.0/SRPMS/gpdf-0.112-2.9.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393