|
|
| Problem Description |
Alin Rad Pop found several flaws in how PDF files are handled
in pdftohtml. An attacker could create a malicious PDF file that
would cause pdftohtml to crash or potentially execute arbitrary code
when opened.
The updated packages have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2007
49fc5029a7e8269f057dfab6090ea37f 2007.0/i586/pdftohtml-0.36-5.3mdv2007.0.i586.rpm d3cc008572bf9a179f6c4d1695f7433f 2007.0/SRPMS/pdftohtml-0.36-5.3mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
11b13089a2f357f6082ffd49cf896768 2007.0/x86_64/pdftohtml-0.36-5.3mdv2007.0.x86_64.rpm d3cc008572bf9a179f6c4d1695f7433f 2007.0/SRPMS/pdftohtml-0.36-5.3mdv2007.0.src.rpm
Mandriva Linux 2007.1
ceffaf54873223fe405acfc1d62eb12e 2007.1/i586/pdftohtml-0.39-1.2mdv2007.1.i586.rpm f99c3523b19e76caf7fe0d25fac005f9 2007.1/SRPMS/pdftohtml-0.39-1.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
3d168d492c922339bd46e77d38d3ecee 2007.1/x86_64/pdftohtml-0.39-1.2mdv2007.1.x86_64.rpm f99c3523b19e76caf7fe0d25fac005f9 2007.1/SRPMS/pdftohtml-0.39-1.2mdv2007.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.