Yellow Dog Linux Security Advisory: YDU-20030620-1

Terra Soft Security Team yellowdog-updates@lists.terrasoftsolutions.com
Mon, 23 Jun 2003 16:00:53 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	xpdf
Issue Date:	Jun 20,2003
Priority:	medium
Advisory ID: 	YDU-20030620-1


1. 	Topic:

	Updated xpdf packages are available.


2. 	Problem:

	"Xpdf is an X Window System based viewer for Portable Document Format
	(PDF) files.

	Martyn Gilmore discovered a flaw in various PDF viewers and readers. An
	attacker can embed malicious external-type hyperlinks that if activated or
	followed by a victim can execute arbitrary shell commands. The Common
	Vulnerabilities and Exposures project (cve.mitre.org) has
	assigned the name CAN-2003-0434 to this issue.

	All users of Xpdf are advised to upgrade to these errata packages, which
	contain a patch to correct this issue."

	From Red Hat Advisory

3. 	Solution:

     	a) Updating via yum... [for Yellow Dog Linux 3.0]
	We suggest that you use the yum program to keep your
          system up-to-date. The following command(s) will retrieve
	and install the fixed version of this update onto your system:

		yum update xpdf

     	b) Updating via apt... [for Yellow Dog Linux 2.3]
	We suggest that you use the apt-get program to keep you
	system up-to-date. The following command(s) will retrieve
	and install the fixed version of this update onto your system:

                  apt-get update
                  apt-get install xpdf
		
	c) Updating manually...
	Download the updates below and then run the following rpm command.
     	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/xpdf-2.01-9.ppc.rpm
			ppc/xpdf-chinese-simplified-2.01-9.ppc.rpm
			ppc/xpdf-chinese-traditional-2.01-9.ppc.rpm
			ppc/xpdf-japanese-2.01-9.ppc.rpm
			ppc/xpdf-korean-2.01-9.ppc.rpm

		Yellow Dog Linux 2.3
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/xpdf-1.00-6.ppc.rpm
			ppc/xpdf-chinese-simplified-1.00-6.ppc.rpm
			ppc/xpdf-chinese-traditional-1.00-6.ppc.rpm
			ppc/xpdf-japanese-1.00-6.ppc.rpm
			ppc/xpdf-korean-1.00-6.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
4b2dab67b23c2a700ce713bf7feea8fd  SRPMS/xpdf-2.01-9.src.rpm
a4cd0fd60dd2f919cc01495fa048f1a8  ppc/xpdf-2.01-9.ppc.rpm
38d77464e3423e8712c044086c84f779  ppc/xpdf-chinese-simplified-2.01-9.ppc.rpm
bb148add0f59bb01e406b949870110c6
ppc/xpdf-chinese-traditional-2.01-9.ppc.rpm
a504d5464dd128aed90631692ae68a12  ppc/xpdf-japanese-2.01-9.ppc.rpm
94ed81db78f9880a85b01991adda11d3  ppc/xpdf-korean-2.01-9.ppc.rpm

[Yellow Dog Linux 2.3]
79ffb2553b61336f9dd41e9252cc8eae  SRPMS/xpdf-1.00-6.src.rpm
c1d7338ae5307b028785325816f4850c  ppc/xpdf-1.00-6.ppc.rpm
b5b4a532039b5ffcd0b19c8d49b1c8c6 ppc/xpdf-chinese-simplified-1.00-6.ppc.rpm
84800bddbd3e9c21558334f1ce45f153
ppc/xpdf-chinese-traditional-1.00-6.ppc.rpm
b1da18a856ef2814066ddfbacdcc3ba7  ppc/xpdf-japanese-1.00-6.ppc.rpm
f2cec39e6425afec5dcbeb6fae7e2fe5  ppc/xpdf-korean-1.00-6.ppc.rpm

If you wish to verify that each package has not been corrupted or
tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security,
bugfix, and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of yum, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml