RHSA-2007:0729-01 Important: kdegraphics security update
Posted on: 07/30/2007 10:45 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: kdegraphics security update
Advisory ID: RHSA-2007:0729-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0729.html
Issue date: 2007-07-30
Updated on: 2007-07-30
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3387
- ---------------------------------------------------------------------

1. Summary:

Updated kdegraphics packages that fix a security issue in PDF handling are
now available for Red Hat Enterprise Linux 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64

3. Problem description:

The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a PDF file viewer.

Maurycy Prodeus discovered an integer overflow flaw in the processing
of PDF files. An attacker could create a malicious PDF file that would
cause kpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)

All users of kdegraphics should upgrade to these updated packages, which
contain a backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

248194 - CVE-2007-3387 xpdf integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-4.RHEL4.src.rpm
b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm

i386:
88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm
c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm
178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm

ia64:
b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm
db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm
3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm

ppc:
edab6a600164ee482d1d55171120c07b kdegraphics-3.3.1-4.RHEL4.ppc.rpm
aad60b90f597ca5ecec87623632170b5 kdegraphics-debuginfo-3.3.1-4.RHEL4.ppc.rpm
ca631d25d2471b473a33bde34f13d405 kdegraphics-devel-3.3.1-4.RHEL4.ppc.rpm

s390:
2cf1fe87e50f7f480ac2321e47adf907 kdegraphics-3.3.1-4.RHEL4.s390.rpm
de54109ab25d76ed7c9d1f7cd52b0403 kdegraphics-debuginfo-3.3.1-4.RHEL4.s390.rpm
ff1a5a0c545d4118f6aee59aaa3d57dc kdegraphics-devel-3.3.1-4.RHEL4.s390.rpm

s390x:
8eed01e12376df9e2f924338882e1e5a kdegraphics-3.3.1-4.RHEL4.s390x.rpm
450052f389766b6d58ce89fb5dac30cd kdegraphics-debuginfo-3.3.1-4.RHEL4.s390x.rpm
9361e2e1aac6fa7974e164a7a57c9688 kdegraphics-devel-3.3.1-4.RHEL4.s390x.rpm

x86_64:
ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm
afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm
da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-4.RHEL4.src.rpm
b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm

i386:
88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm
c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm
178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm

x86_64:
ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm
afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm
da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-4.RHEL4.src.rpm
b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm

i386:
88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm
c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm
178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm

ia64:
b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm
db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm
3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm

x86_64:
ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm
afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm
da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-4.RHEL4.src.rpm
b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm

i386:
88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm
c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm
178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm

ia64:
b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm
db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm
3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm

x86_64:
ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm
afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm
da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdegraphics-3.5.4-2.el5.src.rpm
449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm

i386:
26f52902c9f59744d25620f281eb47b8 kdegraphics-3.5.4-2.el5.i386.rpm
82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm

x86_64:
f3c5a0c8328efe296bfaa1841fafca7b kdegraphics-3.5.4-2.el5.x86_64.rpm
6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdegraphics-3.5.4-2.el5.src.rpm
449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm

i386:
82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm
98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm

x86_64:
82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm
6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm
98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm
72a9c49a87f2fc072084cb51c4c7caea kdegraphics-devel-3.5.4-2.el5.x86_64.rpm

RHEL Optional Productivity Applications (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kdegraphics-3.5.4-2.el5.src.rpm
449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm

i386:
26f52902c9f59744d25620f281eb47b8 kdegraphics-3.5.4-2.el5.i386.rpm
82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm
98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm

x86_64:
f3c5a0c8328efe296bfaa1841fafca7b kdegraphics-3.5.4-2.el5.x86_64.rpm
82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm
6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm
98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm
72a9c49a87f2fc072084cb51c4c7caea kdegraphics-devel-3.5.4-2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGrjdfXlSAg2UNWIIRAtIRAJ49v8P90xFZGVRz5QoPrNdWICuq7QCbBI8s
k9iFSnJYV+mSviTjOWdo4iU=
=8zIA
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20070729_01_important_kdegraphics_security_update.html)