Test ID:	1.3.6.1.4.1.25623.1.0.51380
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:886
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:886. xpdf[1] is a viewer for Portable Document Format (PDF) files, whose code was used by many other projects, like gpdf[2], kpdf[3], koffice[4] and cups[5]. Chris Evans discovered several integer overflows vulnerabilities in the xpdf code which can be exploited remotely by a specially crafted PDF document and may lead to the execution of arbitrary code. These vulnerabilities, CVE-2004-0888[6] for xpdf 2 and 3 and also CVE-2004-0889[7] for xpdf 3, were also inherited by gpdf, kpdf, koffice and cups. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.foolabs.com/xpdf http://www.purl.org/NET/gpdf http://www.kde.org http://koffice.kde.org http://www.cups.org http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0889 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:886 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0888 BugTraq ID: 11501 http://www.securityfocus.com/bid/11501 Conectiva Linux advisory: CLA-2004:886 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 Debian Security Information: DSA-573 (Google Search) http://www.debian.org/security/2004/dsa-573 Debian Security Information: DSA-581 (Google Search) http://www.debian.org/security/2004/dsa-581 Debian Security Information: DSA-599 (Google Search) http://www.debian.org/security/2004/dsa-599 http://marc.info/?l=bugtraq&m=110815379627883&w=2 https://bugzilla.fedora.us/show_bug.cgi?id=2353 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 http://www.mandriva.com/security/advisories?name=MDKSA-2004:114 http://www.mandriva.com/security/advisories?name=MDKSA-2004:115 http://www.mandriva.com/security/advisories?name=MDKSA-2004:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714 http://www.redhat.com/support/errata/RHSA-2004-543.html http://www.redhat.com/support/errata/RHSA-2004-592.html http://www.redhat.com/support/errata/RHSA-2005-066.html http://www.redhat.com/support/errata/RHSA-2005-354.html SuSE Security Announcement: SUSE-SA:2004:039 (Google Search) http://marc.info/?l=bugtraq&m=109880927526773&w=2 https://www.ubuntu.com/usn/usn-9-1/ XForce ISS Database: xpdf-pdf-bo(17818) https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 Common Vulnerability Exposure (CVE) ID: CVE-2004-0889 XForce ISS Database: xpdf-pdf-file-bo(17819) https://exchange.xforce.ibmcloud.com/vulnerabilities/17819
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.