Yellow Dog Linux Security Advisory: YDU-20030723-1

Terra Soft Security Team yellowdog-updates@lists.terrasoftsolutions.com
Wed, 23 Jul 2003 16:27:11 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	xpdf
Issue Date:	Jul 23,2003
Priority:	medium
Advisory ID: 	YDU-20030723-1


1. 	Topic:

	Updated xpdf packages are available.


2. 	Problem:

	"Xpdf is an X Window System based viewer for Portable Document Format
	(PDF) files.

	Martyn Gilmore discovered a flaw in various PDF viewers and readers. An
	attacker can embed malicious external-type hyperlinks that, if activated or
	followed by a victim, can execute arbitrary shell commands. The Common
	Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
	CAN-2003-0434 to this issue.

	All users of Xpdf are advised to upgrade to these errata packages, which
	contain a backported security patch that corrects this issue."

	From Red Hat Advisory


3. 	Solution:

    	a) Updating via yum...
	We suggest that you use the yum program to keep your
         system up-to-date. The following command(s) will retrieve
	and install the fixed version of this update onto your system:

		yum update xpdf

	b) Updating manually...
	Download the updates below and then run the following rpm command.
    	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/xpdf-2.01-11.ppc.rpm
			ppc/xpdf-chinese-simplified-2.01-11.ppc.rpm
			ppc/xpdf-chinese-traditional-2.01-11.ppc.rpm
			ppc/xpdf-japanese-2.01-11.ppc.rpm
			ppc/xpdf-korean-2.01-11.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
a6e4755b7646b1c1f242e7f5c4782b8b  SRPMS/xpdf-2.01-11.src.rpm
603203b0da7b17320ca53491f7c5ff30  xpdf-2.01-11.ppc.rpm
42f4a8aa898056e16bd633900a54a50c  xpdf-chinese-simplified-2.01-11.ppc.rpm
e6e9e2bab16f23f9ec5f0791216a2eee  xpdf-chinese-traditional-2.01-11.ppc.rpm
6f6d681d4176b23c67749737f15b5014  xpdf-japanese-2.01-11.ppc.rpm
37166ced18ccfdbf4ef0e52e0076ad2a  xpdf-korean-2.01-11.ppc.rpm


If you wish to verify that each package has not been corrupted or 
tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, 
bugfix, and package
enhancement announcements will be posted. See 
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of yum, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml