Yellow Dog Linux Security Advisory: YDU-20030723-1
Terra Soft Security Team
yellowdog-updates@lists.terrasoftsolutions.com
Wed, 23 Jul 2003 16:27:11 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: xpdf
Issue Date: Jul 23,2003
Priority: medium
Advisory ID: YDU-20030723-1
1. Topic:
Updated xpdf packages are available.
2. Problem:
"Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.
Martyn Gilmore discovered a flaw in various PDF viewers and readers. An
attacker can embed malicious external-type hyperlinks that, if activated or
followed by a victim, can execute arbitrary shell commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0434 to this issue.
All users of Xpdf are advised to upgrade to these errata packages, which
contain a backported security patch that corrects this issue."
From Red Hat Advisory
3. Solution:
a) Updating via yum...
We suggest that you use the yum program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
yum update xpdf
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/xpdf-2.01-11.ppc.rpm
ppc/xpdf-chinese-simplified-2.01-11.ppc.rpm
ppc/xpdf-chinese-traditional-2.01-11.ppc.rpm
ppc/xpdf-japanese-2.01-11.ppc.rpm
ppc/xpdf-korean-2.01-11.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
a6e4755b7646b1c1f242e7f5c4782b8b SRPMS/xpdf-2.01-11.src.rpm
603203b0da7b17320ca53491f7c5ff30 xpdf-2.01-11.ppc.rpm
42f4a8aa898056e16bd633900a54a50c xpdf-chinese-simplified-2.01-11.ppc.rpm
e6e9e2bab16f23f9ec5f0791216a2eee xpdf-chinese-traditional-2.01-11.ppc.rpm
6f6d681d4176b23c67749737f15b5014 xpdf-japanese-2.01-11.ppc.rpm
37166ced18ccfdbf4ef0e52e0076ad2a xpdf-korean-2.01-11.ppc.rpm
If you wish to verify that each package has not been corrupted or
tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security,
bugfix, and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of yum, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml