MDKSA-2004:162 - Updated gpdf packages
Posted on: 12/30/2004 03:52 AM

Updated gpdf packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: gpdf
Advisory ID: MDKSA-2004:162
Date: December 29th, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like gpdf, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system.

The updated packages are patched to protect against these
vulnerabilities.

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
1b412a5a12c8031e438c1084d2133348 10.0/RPMS/gpdf-0.112-2.4.100mdk.i586.rpm
231816d7ff5d56a10c6448097839611f 10.0/SRPMS/gpdf-0.112-2.4.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
c7d8c55b31e96c2886146eaea32df9d9 amd64/10.0/RPMS/gpdf-0.112-2.4.100mdk.amd64.rpm
231816d7ff5d56a10c6448097839611f amd64/10.0/SRPMS/gpdf-0.112-2.4.100mdk.src.rpm

Mandrakelinux 10.1:
27c2a3ae817eaf4c2485e820ae059509 10.1/RPMS/gpdf-0.132-3.3.101mdk.i586.rpm
6003054196b1d70a1faf79f54d4847ea 10.1/SRPMS/gpdf-0.132-3.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
9a5b967e7b56e53d6724ada36b9cc530 x86_64/10.1/RPMS/gpdf-0.132-3.3.101mdk.x86_64.rpm
6003054196b1d70a1faf79f54d4847ea x86_64/10.1/SRPMS/gpdf-0.132-3.3.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/mdksa_2004162__updated_gpdf_packages.html)