From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4 Description of problem: 05.49.8 CVE: CAN-2005-3191 Platform: Linux Title: XPDF DCTStream Baseline Remote Heap Buffer Overflow Description: XPDF is an open source PDF viewer. It is reported prone to a remote buffer overflow vulnerability in the "CTStream::readBaselineSOF" function residing in the "xpdf/Stream.cc" file. This issue is reported to affect XPDF version 3.01. Applications using embedded XPDF code may be vulnerable to this issue as well. Ref: http://www.securityfocus.com/bid/15727 Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info:
05.49.19 CVE: CAN-2005-3193 Platform: Cross Platform Title: XPDF Remote Heap Buffer Overflow Description: XPDF is an open source PDF viewer. It is vulnerable to a remote buffer overflow issue due to insufficient boundary check with the "JPXStream::readCodestream" function. XPDF versions 3.01 and earlier are vulnerable. Ref: http://rhn.redhat.com/errata/RHSA-2005-840.html 05.49.20 CVE: CAN-2005-3192 Platform: Cross Platform Title: XPDF StreamPredictor Remote Heap Buffer Overflow Description: XPDF is an open source PDF viewer. It is reported prone to a remote buffer overflow vulnerability due to improper boundary checks before copying user-supplied data into process buffers. It is reported that this issue presents itself in the "StreamPredictor::StreamPredictor" function residing in the "xpdf/Stream.cc" file. This issue is reported to affect XPDF versions 3.01-pl3 and earlier. Ref: http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
On 12/20/2005, Red Hat (re)issued advisory RHSA-2005:840 for this issue. http://rhn.redhat.com/errata/RHSA-2005-840.html "This update has been rated as having important security impact by the Red Hat Security Response Team." According to Josh Bressers in Bug #173888, these issues affect xpdf, kdegraphics, cups, gpdf, tetex and poppler.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated xpdf packages to QA. rh7.3: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628 rh9: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628 fc1: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628 fc2: CVE-2005-2097, CVE-2005-3191, CVE-2005-3192, CVE-2005-3193 CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 CVE-2005-3628, CVE-2006-0301 fc3: CVE-2006-0301 9da32c36e4a6cb0ef5bc97ae330a4b4fd0267963 7.3/xpdf-1.00-7.5.legacy.src.rpm 84d8c49c3d2178da51f7c5da330dae399a910a6b 9/xpdf-2.01-11.4.legacy.src.rpm b8b923254760db567ff247a6c684c261dcf5b6d2 1/xpdf-2.03-1.4.legacy.src.rpm 1b7f801dd81ddd434af622cb39a730bc39262fda 2/xpdf-3.00-3.8.1.legacy.src.rpm 0dc50026b2dfec8e9dace0ef127fca23af707f64 3/xpdf-3.01-0.FC3.5.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/xpdf-1.00-7.5.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/xpdf-2.01-11.4.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/xpdf-2.03-1.4.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/xpdf-3.00-3.8.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/3/xpdf-3.01-0.FC3.5.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFD+JnZLMAs/0C4zNoRAgjvAKCZr/Z796yoFakDlLaVrz44aMrANwCeP7EG Ju5ueZGrMjrcRcC22YLQokQ= =AY9r -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patches verified to come from upstream or be with minor mods. One spotted issue: was there a reason why the earlier patch was not bumped to -135393.patch in RHL73? +PUBLISH RHL9, FC1, FC2, FC3 9da32c36e4a6cb0ef5bc97ae330a4b4fd0267963 xpdf-1.00-7.5.legacy.src.rpm 84d8c49c3d2178da51f7c5da330dae399a910a6b xpdf-2.01-11.4.legacy.src.rpm b8b923254760db567ff247a6c684c261dcf5b6d2 xpdf-2.03-1.4.legacy.src.rpm 1b7f801dd81ddd434af622cb39a730bc39262fda xpdf-3.00-3.8.1.legacy.src.rpm 0dc50026b2dfec8e9dace0ef127fca23af707f64 xpdf-3.01-0.FC3.5.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFD+V3zGHbTkzxSL7QRAiZwAJ4iYfybeNoqgYchuBgWNZtj1DA00ACcDUeA d+RyT3a0guGaynDglKXUj/4= =QNQq -----END PGP SIGNATURE-----
in rh7.3, the code is different, and the earlier patch for 7.3 looks like it covers the issues as well as the 135393 patch does. The other ones had incomplete patches that I replaced with 135393.
I noticed that RHEL 2.1 has adapted the 135393 patch though?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You're right Pekka, thanks. For some reason, I didn't think rhel21 had xpdf. Here are updated packages for rh7.3. The xpdf-0.92 patch from rhel21 was incomplete for xpdf-1.00, so I added the missing section in. 95a0e6b4ce12d14d02bb684f9869f006520bd9c9 7.3/xpdf-1.00-7.6.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/xpdf-1.00-7.6.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFD+loZLMAs/0C4zNoRAjAVAKC70s05zLfpIxQSoz7CLFDkk9ZSmQCgr7w2 eMFIjxNTI87jI1EOnLUG0pQ= =wvdY -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patch mostly like RHEL21, with the one added segment which seems OK +PUBLISH RHL73 95a0e6b4ce12d14d02bb684f9869f006520bd9c9 xpdf-1.00-7.6.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFD+rceGHbTkzxSL7QRAnJWAJ9W+fj3RW51RhXh2e4MQe7JuNopzwCgpGEz MvfORN0f2VL95sCF0Xy06TQ= =0hKY -----END PGP SIGNATURE-----
Packages were released to updates-testing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9. Signatures OK, upgrades OK. Opened a couple of PDF's fine. +VERIFY RHL9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFEBVDvGHbTkzxSL7QRAvTCAJ4/fuYgJS953ZrCVi5uldRFVnIlOwCgmDk4 tVCDe48yRK8cqWL5iiDwJ90= =EndE -----END PGP SIGNATURE-----
Btw, I also did rpm-build-compare.sh on the binary compared to the original Red Hat version (xpdf-2.01-8.i386.rpm), and I noticed that our version is also linking against libfreetype.so.6. I don't know at which point this has come in, or whether it's intentional, but I don't think it hurts in any case..
Timeout over..
Packages were pushed to updates.