---

Home Security

Fedora Core Advisory: xpdf

By

Fedora Update Notification
FEDORA-2004-348
2004-10-21

Product : Fedora Core 2
Name : xpdf
Version : 3.00
Release : 3.4
Summary : A PDF file viewer for the X Window System.

Description :
Xpdf is an X Window System based viewer for Portable Document
Format (PDF) files. Xpdf is a small and efficient program which
uses standard X fonts.

Update Information:

Xpdf is an X Window System based viewer for Portable Document
Format (PDF) files.

During a source code audit, Chris Evans and others discovered a
number of integer overflow bugs that affected all versions of xpdf.
An attacker could construct a carefully crafted PDF file that could
cause xpdf to crash or possibly execute arbitrary code when opened.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2004-0888 to this issue.

Users of xpdf are advised to upgrade to this errata package,
which contains a backported patch correcting these issues.

  • Thu Oct 21 2004 Than Ngo <than@redhat.com> 1:3.00-3.4
    • Apply patch to fix can-2004-0888, can-2004-0889
  • Thu Oct 21 2004 Than Ngo <than@redhat.com> 1:3.00-3.3
    • Fix xpdf crash #136633
  • Tue Oct 12 2004 Than Ngo <than@redhat.com> 1:3.00-3.2
    • Apply patch to fix can-2004-0888, can-2004-0889
    • Fix xpdf crash when selecting outline without page reference
      #134993
    • Fix locale issue #133911
    • Fix default fonts setting
  • Mon Jul 26 2004 Than Ngo <than@redhat.com> 1:3.00-3.1
    • update t1lib upstream
    • add cjk font patch, thanks to Yukihiro Nakai, bug #123540
    • fix a bug in font rasterizer, bug #125559
    • improve menue entry, bug #125850

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

9a247439c975578530b1e63252f37719 SRPMS/xpdf-3.00-3.4.src.rpm
c7a133d156e4afb06eed8e659b5f7b41
x86_64/xpdf-3.00-3.4.x86_64.rpm
0285341acf5a3492e5ecb22d1b8f66eb
x86_64/debug/xpdf-debuginfo-3.00-3.4.x86_64.rpm
4d69d5e3c58b4bc36cd02f0c5690322c i386/xpdf-3.00-3.4.i386.rpm
9a0206612ba4945ae35bd40b8bd3eecf
i386/debug/xpdf-debuginfo-3.00-3.4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.