drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberlauf in kdegraphics
Name: |
Zahlenüberlauf in kdegraphics |
|
ID: |
RHSA-2007:0729-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Mo, 30. Juli 2007, 21:46 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 |
|
Applikationen: |
KDE Software Compilation |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Important: kdegraphics security update Advisory ID: RHSA-2007:0729-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0729.html Issue date: 2007-07-30 Updated on: 2007-07-30 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3387 - ---------------------------------------------------------------------
1. Summary:
Updated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64
3. Problem description:
The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer.
Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)
All users of kdegraphics should upgrade to these updated packages, which contain a backported patch to resolve this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
248194 - CVE-2007-3387 xpdf integer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: kdegraphics-3.3.1-4.RHEL4.src.rpm b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm
i386: 88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm 178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm
ia64: b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm 3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm
ppc: edab6a600164ee482d1d55171120c07b kdegraphics-3.3.1-4.RHEL4.ppc.rpm aad60b90f597ca5ecec87623632170b5 kdegraphics-debuginfo-3.3.1-4.RHEL4.ppc.rpm ca631d25d2471b473a33bde34f13d405 kdegraphics-devel-3.3.1-4.RHEL4.ppc.rpm
s390: 2cf1fe87e50f7f480ac2321e47adf907 kdegraphics-3.3.1-4.RHEL4.s390.rpm de54109ab25d76ed7c9d1f7cd52b0403 kdegraphics-debuginfo-3.3.1-4.RHEL4.s390.rpm ff1a5a0c545d4118f6aee59aaa3d57dc kdegraphics-devel-3.3.1-4.RHEL4.s390.rpm
s390x: 8eed01e12376df9e2f924338882e1e5a kdegraphics-3.3.1-4.RHEL4.s390x.rpm 450052f389766b6d58ce89fb5dac30cd kdegraphics-debuginfo-3.3.1-4.RHEL4.s390x.rpm 9361e2e1aac6fa7974e164a7a57c9688 kdegraphics-devel-3.3.1-4.RHEL4.s390x.rpm
x86_64: ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: kdegraphics-3.3.1-4.RHEL4.src.rpm b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm
i386: 88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm 178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm
x86_64: ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: kdegraphics-3.3.1-4.RHEL4.src.rpm b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm
i386: 88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm 178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm
ia64: b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm 3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm
x86_64: ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: kdegraphics-3.3.1-4.RHEL4.src.rpm b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm
i386: 88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm 178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm
ia64: b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm 3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm
x86_64: ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS: kdegraphics-3.5.4-2.el5.src.rpm 449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm
i386: 26f52902c9f59744d25620f281eb47b8 kdegraphics-3.5.4-2.el5.i386.rpm 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm
x86_64: f3c5a0c8328efe296bfaa1841fafca7b kdegraphics-3.5.4-2.el5.x86_64.rpm 6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS: kdegraphics-3.5.4-2.el5.src.rpm 449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm
i386: 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm
x86_64: 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm 72a9c49a87f2fc072084cb51c4c7caea kdegraphics-devel-3.5.4-2.el5.x86_64.rpm
RHEL Optional Productivity Applications (v. 5 server):
SRPMS: kdegraphics-3.5.4-2.el5.src.rpm 449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm
i386: 26f52902c9f59744d25620f281eb47b8 kdegraphics-3.5.4-2.el5.i386.rpm 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm
x86_64: f3c5a0c8328efe296bfaa1841fafca7b kdegraphics-3.5.4-2.el5.x86_64.rpm 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm 72a9c49a87f2fc072084cb51c4c7caea kdegraphics-devel-3.5.4-2.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGrjdfXlSAg2UNWIIRAtIRAJ49v8P90xFZGVRz5QoPrNdWICuq7QCbBI8s k9iFSnJYV+mSviTjOWdo4iU= =8zIA -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|