Red Hat Bugzilla – Bug 480174
pdfjam: multiple security issues (CVE-2008-5743, CVE-2008-5843)
Last modified: 2010-03-29 04:23:26 EDT
Two CVE ids were assigned for the issues discovered in pdfjam:
pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a
predictable name, which allows local users to overwrite arbitrary
files via a symlink attack.
Multiple untrusted search path vulnerabilities in pdfjam allow local
users to gain privileges via a Trojan horse program in (1) the current
working directory or (2) /var/tmp, related to the (a) pdf90, (b)
pdfjoin, and (c) pdfnup scripts.
Proposed patch to address both issue is attached in the Gentoo BZ:
pdfjam-1.21-1.fc9 has been submitted as an update for Fedora 9.
pdfjam-1.21-1.fc10 has been submitted as an update for Fedora 10.
pdfjam-1.21-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
pdfjam-1.21-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.