*** This bug has been split off bug 145049 *** ------- Original comment by Josh Bressers (Security Response Team) on 2005.01.13 17:30 ------- iDEFENSE has reported a stack based buffer overflow in xpdf. The patch is here: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch The iDEFENSE advisory is attachment 109745 [details]
Jindrich, We're going to need new packages rolled for RHSA-2005:026 to include this issue.
The patch URL does not yet work. We don't have a patch from upstream yet. I'll update the bugs as soon as I know.
Now public, see URL for patch, removing embargo
Mark, I have applied my own patch that also fixes the issue. Please let me know if you're not happy with it.
Created attachment 109963 [details] The patch applied to resolve CAN-2005-0064
Packages are now added to the erratum.
downgrading to moderate severity according to http://www.redhat.com/security/updates/classification/
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-026.html