Test ID:	1.3.6.1.4.1.25623.1.0.58718
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:1030
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:1030. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1030.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4033 BugTraq ID: 25079 http://www.securityfocus.com/bid/25079 Bugtraq: 20070921 Re: [Full-disclosure] [USN-515-1] t1lib vulnerability (Google Search) http://www.securityfocus.com/archive/1/480239/100/100/threaded Bugtraq: 20070921 Re: [USN-515-1] t1lib vulnerability (Google Search) http://www.securityfocus.com/archive/1/480244/100/100/threaded Bugtraq: 20080105 rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi (Google Search) http://www.securityfocus.com/archive/1/485823/100/0/threaded Bugtraq: 20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts (Google Search) http://www.securityfocus.com/archive/1/487984/100/0/threaded Debian Security Information: DSA-1390 (Google Search) http://www.debian.org/security/2007/dsa-1390 https://www.exploit-db.com/exploits/4227 http://fedoranews.org/updates/FEDORA-2007-234.shtml https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html http://security.gentoo.org/glsa/glsa-200710-12.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:189 http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 http://www.bugtraq.ir/adv/t1lib.txt https://bugzilla.redhat.com/show_bug.cgi?id=303021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557 http://www.redhat.com/support/errata/RHSA-2007-1027.html http://www.redhat.com/support/errata/RHSA-2007-1030.html http://www.redhat.com/support/errata/RHSA-2007-1031.html http://www.securitytracker.com/id?1018905 http://secunia.com/advisories/26241 http://secunia.com/advisories/26901 http://secunia.com/advisories/26981 http://secunia.com/advisories/26992 http://secunia.com/advisories/27239 http://secunia.com/advisories/27297 http://secunia.com/advisories/27439 http://secunia.com/advisories/27599 http://secunia.com/advisories/27718 http://secunia.com/advisories/27743 http://secunia.com/advisories/28345 http://secunia.com/advisories/30168 SuSE Security Announcement: SUSE-SR:2007:023 (Google Search) http://www.novell.com/linux/security/advisories/2007_23_sr.html http://www.ubuntu.com/usn/usn-515-1 XForce ISS Database: php-imagepsloadfont-bo(35620) https://exchange.xforce.ibmcloud.com/vulnerabilities/35620 Common Vulnerability Exposure (CVE) ID: CVE-2007-4352 BugTraq ID: 26367 http://www.securityfocus.com/bid/26367 Bugtraq: 20071107 Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/483372 Debian Security Information: DSA-1480 (Google Search) http://www.debian.org/security/2008/dsa-1480 Debian Security Information: DSA-1509 (Google Search) http://www.debian.org/security/2008/dsa-1509 Debian Security Information: DSA-1537 (Google Search) http://www.debian.org/security/2008/dsa-1537 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html http://security.gentoo.org/glsa/glsa-200711-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:219 http://www.mandriva.com/security/advisories?name=MDKSA-2007:220 http://www.mandriva.com/security/advisories?name=MDKSA-2007:221 http://www.mandriva.com/security/advisories?name=MDKSA-2007:222 http://www.mandriva.com/security/advisories?name=MDKSA-2007:223 http://www.mandriva.com/security/advisories?name=MDKSA-2007:227 http://www.mandriva.com/security/advisories?name=MDKSA-2007:228 http://secunia.com/secunia_research/2007-88/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979 http://www.redhat.com/support/errata/RHSA-2007-1021.html http://www.redhat.com/support/errata/RHSA-2007-1022.html http://www.redhat.com/support/errata/RHSA-2007-1024.html http://www.redhat.com/support/errata/RHSA-2007-1025.html http://www.redhat.com/support/errata/RHSA-2007-1026.html http://www.redhat.com/support/errata/RHSA-2007-1029.html http://secunia.com/advisories/26503 http://secunia.com/advisories/27260 http://secunia.com/advisories/27553 http://secunia.com/advisories/27573 http://secunia.com/advisories/27574 http://secunia.com/advisories/27575 http://secunia.com/advisories/27577 http://secunia.com/advisories/27578 http://secunia.com/advisories/27615 http://secunia.com/advisories/27618 http://secunia.com/advisories/27619 http://secunia.com/advisories/27632 http://secunia.com/advisories/27634 http://secunia.com/advisories/27636 http://secunia.com/advisories/27637 http://secunia.com/advisories/27640 http://secunia.com/advisories/27641 http://secunia.com/advisories/27642 http://secunia.com/advisories/27645 http://secunia.com/advisories/27656 http://secunia.com/advisories/27658 http://secunia.com/advisories/27705 http://secunia.com/advisories/27721 http://secunia.com/advisories/27724 http://secunia.com/advisories/27856 http://secunia.com/advisories/28043 http://secunia.com/advisories/28812 http://secunia.com/advisories/29104 http://secunia.com/advisories/29604 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 SuSE Security Announcement: SUSE-SA:2007:060 (Google Search) http://www.novell.com/linux/security/advisories/2007_60_pdf.html http://www.ubuntu.com/usn/usn-542-1 http://www.ubuntu.com/usn/usn-542-2 http://www.vupen.com/english/advisories/2007/3774 http://www.vupen.com/english/advisories/2007/3775 http://www.vupen.com/english/advisories/2007/3776 http://www.vupen.com/english/advisories/2007/3779 http://www.vupen.com/english/advisories/2007/3786 XForce ISS Database: xpdf-dctstreamread-memory-corruption(38306) https://exchange.xforce.ibmcloud.com/vulnerabilities/38306 Common Vulnerability Exposure (CVE) ID: CVE-2007-5392 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036 XForce ISS Database: xpdf-dctstreamreset-bo(38303) https://exchange.xforce.ibmcloud.com/vulnerabilities/38303 Common Vulnerability Exposure (CVE) ID: CVE-2007-5393 Debian Security Information: DSA-1408 (Google Search) http://www.debian.org/security/2007/dsa-1408 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9839 http://www.redhat.com/support/errata/RHSA-2007-1023.html http://www.redhat.com/support/errata/RHSA-2007-1028.html http://www.redhat.com/support/errata/RHSA-2007-1051.html http://secunia.com/advisories/27579 http://secunia.com/advisories/27772 XForce ISS Database: xpdf-ccittfaxstreamlookchar-bo(38304) https://exchange.xforce.ibmcloud.com/vulnerabilities/38304
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.