Description: | Description: The remote host is missing an update to xpdf announced via advisory FEDORA-2009-10648.
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts.
Update Information:
- apply xpdf-3.02pl4 security patch to fix: CVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609
ChangeLog:
* Fri Oct 16 2009 Tom spot Callaway - 1:3.02-15 - apply xpdf-3.02pl4 security patch to fix: CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606 CVE-2009-3608, CVE-2009-3609
References:
[ 1 ] Bug #495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=495907 [ 2 ] Bug #526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check https://bugzilla.redhat.com/show_bug.cgi?id=526911 [ 3 ] Bug #526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526877 [ 4 ] Bug #526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) https://bugzilla.redhat.com/show_bug.cgi?id=526637 [ 5 ] Bug #526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526893
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update xpdf' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10648
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|