Bug 173888
Summary: | CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Mark J. Cox <mjc> | ||||||||
Component: | xpdf | Assignee: | Than Ngo <than> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Mike McLean <mikem> | ||||||||
Severity: | high | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | 4.0 | CC: | security-response-team | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | impact=important,reported=20051103,public=20051201 | ||||||||||
Fixed In Version: | RHSA-2005-840 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2005-12-20 17:11:56 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Mark J. Cox
2005-11-22 08:42:15 UTC
Created attachment 121332 [details]
Proposed patch from Derek
This issue is now public: http://www.foolabs.com/xpdf/download.html An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-840.html The original fix for these issues was incomplete, reopening bug. Created attachment 122226 [details]
Patch from Ubuntu
Created attachment 122227 [details]
Patch from Dirk Mueller to add additional missing checks
There aren't currently any reproducers for these issues. Please note that these issues affect xpdf, kdegraphics, cups, gpdf, tetex and poppler. Some cooperation will probably make things easier. it's now fixed in xpdf-3.00-11.10 xpdf-2.02-9.8 and xpdf-0.92-17 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-840.html Adding the folling CVE ids to this errata: CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 These were all fixed in the errata RHSA-2005:840 |