Yellow Dog Linux Security Advisory: YDU-20030620-1
Terra Soft Security Team
yellowdog-updates@lists.terrasoftsolutions.com
Mon, 23 Jun 2003 16:00:53 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: xpdf
Issue Date: Jun 20,2003
Priority: medium
Advisory ID: YDU-20030620-1
1. Topic:
Updated xpdf packages are available.
2. Problem:
"Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.
Martyn Gilmore discovered a flaw in various PDF viewers and readers. An
attacker can embed malicious external-type hyperlinks that if activated or
followed by a victim can execute arbitrary shell commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0434 to this issue.
All users of Xpdf are advised to upgrade to these errata packages, which
contain a patch to correct this issue."
From Red Hat Advisory
3. Solution:
a) Updating via yum... [for Yellow Dog Linux 3.0]
We suggest that you use the yum program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
yum update xpdf
b) Updating via apt... [for Yellow Dog Linux 2.3]
We suggest that you use the apt-get program to keep you
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install xpdf
c) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 3.0
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/xpdf-2.01-9.ppc.rpm
ppc/xpdf-chinese-simplified-2.01-9.ppc.rpm
ppc/xpdf-chinese-traditional-2.01-9.ppc.rpm
ppc/xpdf-japanese-2.01-9.ppc.rpm
ppc/xpdf-korean-2.01-9.ppc.rpm
Yellow Dog Linux 2.3
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
ppc/xpdf-1.00-6.ppc.rpm
ppc/xpdf-chinese-simplified-1.00-6.ppc.rpm
ppc/xpdf-chinese-traditional-1.00-6.ppc.rpm
ppc/xpdf-japanese-1.00-6.ppc.rpm
ppc/xpdf-korean-1.00-6.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 3.0]
4b2dab67b23c2a700ce713bf7feea8fd SRPMS/xpdf-2.01-9.src.rpm
a4cd0fd60dd2f919cc01495fa048f1a8 ppc/xpdf-2.01-9.ppc.rpm
38d77464e3423e8712c044086c84f779 ppc/xpdf-chinese-simplified-2.01-9.ppc.rpm
bb148add0f59bb01e406b949870110c6
ppc/xpdf-chinese-traditional-2.01-9.ppc.rpm
a504d5464dd128aed90631692ae68a12 ppc/xpdf-japanese-2.01-9.ppc.rpm
94ed81db78f9880a85b01991adda11d3 ppc/xpdf-korean-2.01-9.ppc.rpm
[Yellow Dog Linux 2.3]
79ffb2553b61336f9dd41e9252cc8eae SRPMS/xpdf-1.00-6.src.rpm
c1d7338ae5307b028785325816f4850c ppc/xpdf-1.00-6.ppc.rpm
b5b4a532039b5ffcd0b19c8d49b1c8c6 ppc/xpdf-chinese-simplified-1.00-6.ppc.rpm
84800bddbd3e9c21558334f1ce45f153
ppc/xpdf-chinese-traditional-1.00-6.ppc.rpm
b1da18a856ef2814066ddfbacdcc3ba7 ppc/xpdf-japanese-1.00-6.ppc.rpm
f2cec39e6425afec5dcbeb6fae7e2fe5 ppc/xpdf-korean-1.00-6.ppc.rpm
If you wish to verify that each package has not been corrupted or
tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security,
bugfix, and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of yum, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml