[SECURITY] Fedora Core 4 Update: xpdf-3.00-20.FC4.2
Posted on: 08/15/2005 08:56 PM

A new update is available for Fedora Core - [SECURITY] Fedora Core 4 Update: xpdf-3.00-20.FC4.2. Here the announcement:

Fedora Update Notification

Product : Fedora Core 4
Name : xpdf
Version : 3.00
Release : 20.FC4.2
Summary : A PDF file viewer for the X Window System.
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.

Update Information:

A flaw was discovered in Xpdf in that an attacker could
construct a carefully crafted PDF file that would cause
Xpdf to consume all available disk space in /tmp when
opened. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-2097 to this issue.

Users of xpdf should upgrade to this updated package, which
contains a patch to resolve this issue.
* Wed Jul 27 2005 Than Ngo <than@redhat.com> 1:3.00-20.FC4.2
- better patch to fix CAN-2005-2097, #163918
- fix build problem with gcc4

* Tue Jul 26 2005 Than Ngo <than@redhat.com> 3.00-20.FC4.1
- backport patch to fix xpdf DoS, CAN-2005-2097, #163918
- fix xpdf crash #163807

This update can be downloaded from:

45702d839a744d7e47a1fe03bf6e4e40 SRPMS/xpdf-3.00-20.FC4.2.src.rpm
1a726ed1bd8b5dc3141a1614258ebff1 ppc/xpdf-3.00-20.FC4.2.ppc.rpm
61348dbd1b1c3d798f6862446242a7ec ppc/debug/xpdf-debuginfo-3.00-20.FC4.2.ppc.rpm
ff2f134d6361527f9d18d94e46796ebf x86_64/xpdf-3.00-20.FC4.2.x86_64.rpm
db028d8f8f8d8242e6ccccdeb26408c7 i386/xpdf-3.00-20.FC4.2.i386.rpm
2aafd3c99dc2931060df6e7aedacff9a i386/debug/xpdf-debuginfo-3.00-20.FC4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_fedora_core_4_update_xpdf_300_20fc42.html)