| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2005:066.
The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a pdf file viewer.
A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that
also affects kpdf due to a shared codebase. An attacker could construct a
carefully crafted PDF file that could cause kpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to
this issue.
A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of
Xpdf which also affects kpdf due to a shared codebase. An attacker could
construct a carefully crafted PDF file that could cause kpdf to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to
this issue.
During a source code audit, Chris Evans and others discovered a number of
integer overflow bugs that affected all versions of Xpdf which also affects
kpdf due to a shared codebase. An attacker could construct a carefully
crafted PDF file that could cause kpdf to crash or possibly execute
arbitrary code when opened. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue.
Users should update to these erratum packages which contain backported
patches to correct these issues.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2005-066.html
http://www.kde.org/info/security/advisory-20041223-1.txt
http://www.kde.org/info/security/advisory-20050119-1.txt
Risk factor : Critical
CVSS Score:
10.0
|
