Red Hat Bugzilla – Bug 438336
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
Last modified: 2008-04-09 02:22:29 EDT
It was discovered that patch applied to cups packages as shipped in Red Hat
Enterprise Linux 3 and 4 to address security issues in xpdf code known as
CVE-2004-0888 / CVE-2005-0206 was incomplete.
On certain platforms, malicious pdf file could still cause a crash or possibly
cause code execution when it's processed by pdftops filter.
This issue affects 64-bit platforms. cups packages in Red Hat Enterprise Linux
5 are not affected by this problem.
This issue was addressed in:
Red Hat Enterprise Linux: