![]() |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
Test ID: | 1.3.6.1.4.1.25623.1.0.50420 |
Category: | Fedora Local Security Checks |
Title: | Fedora Core 2 FEDORA-2004-348 (xpdf) |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing an update to xpdf announced via advisory FEDORA-2004-348. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. Update Information: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users of xpdf are advised to upgrade to this errata package, which contains a backported patch correcting these issues. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 9a247439c975578530b1e63252f37719 SRPMS/xpdf-3.00-3.4.src.rpm c7a133d156e4afb06eed8e659b5f7b41 x86_64/xpdf-3.00-3.4.x86_64.rpm 0285341acf5a3492e5ecb22d1b8f66eb x86_64/debug/xpdf-debuginfo-3.00-3.4.x86_64.rpm 4d69d5e3c58b4bc36cd02f0c5690322c i386/xpdf-3.00-3.4.i386.rpm 9a0206612ba4945ae35bd40b8bd3eecf i386/debug/xpdf-debuginfo-3.00-3.4.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-348.shtml Risk factor : Critical CVSS Score: 10.0 |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0888 BugTraq ID: 11501 http://www.securityfocus.com/bid/11501 Conectiva Linux advisory: CLA-2004:886 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 Debian Security Information: DSA-573 (Google Search) http://www.debian.org/security/2004/dsa-573 Debian Security Information: DSA-581 (Google Search) http://www.debian.org/security/2004/dsa-581 Debian Security Information: DSA-599 (Google Search) http://www.debian.org/security/2004/dsa-599 http://marc.info/?l=bugtraq&m=110815379627883&w=2 https://bugzilla.fedora.us/show_bug.cgi?id=2353 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 http://www.mandriva.com/security/advisories?name=MDKSA-2004:114 http://www.mandriva.com/security/advisories?name=MDKSA-2004:115 http://www.mandriva.com/security/advisories?name=MDKSA-2004:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714 http://www.redhat.com/support/errata/RHSA-2004-543.html http://www.redhat.com/support/errata/RHSA-2004-592.html http://www.redhat.com/support/errata/RHSA-2005-066.html http://www.redhat.com/support/errata/RHSA-2005-354.html SuSE Security Announcement: SUSE-SA:2004:039 (Google Search) http://marc.info/?l=bugtraq&m=109880927526773&w=2 https://www.ubuntu.com/usn/usn-9-1/ XForce ISS Database: xpdf-pdf-bo(17818) https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |