Test ID:	1.3.6.1.4.1.25623.1.0.59854
Category:	Fedora Local Security Checks
Title:	Fedora Core 8 FEDORA-2007-3014 (xpdf)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xpdf announced via advisory FEDORA-2007-3014. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. Update Information: Resolves: xpdf memory corruption in DCTStream::readProgressiveDataUnit() xpdf buffer overflow in DCTStream::reset() xpdf buffer overflow in CCITTFaxStream::lookChar() ChangeLog: * Fri Nov 9 2007 Tom spot Callaway 1:3.02-4 - resolve 372461, 372471, 372481 References: [ 1 ] Bug #372471 - CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Multiple xpdf vulnerabilities [f8] https://bugzilla.redhat.com/show_bug.cgi?id=372471 [ 2 ] CVE-2007-4352 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 [ 3 ] CVE-2007-5392 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 [ 4 ] CVE-2007-5393 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Updated packages: ff68b94139fbaa10d8c4cc31fd237bd6f82780ca xpdf-3.02-4.fc8.ppc64.rpm b7160ed1a321338e53322755892d9986491c2eeb xpdf-debuginfo-3.02-4.fc8.ppc64.rpm 71271def0a915869659bbdc2774e1ea9e418bffa xpdf-3.02-4.fc8.i386.rpm fec5aeca869105175bc1bc89daf4bdceb253a7f1 xpdf-debuginfo-3.02-4.fc8.i386.rpm 914dcb09f480212da136d817aed3e8fdea875990 xpdf-debuginfo-3.02-4.fc8.x86_64.rpm db7f474c2780b53e5ce969bd1436d4f323bf89a8 xpdf-3.02-4.fc8.x86_64.rpm 85dfdfdba02c999ca0405c4260620b866fdffa08 xpdf-debuginfo-3.02-4.fc8.ppc.rpm f4636894dec972d4cb12ab7ee5ac101ca5dcf5b1 xpdf-3.02-4.fc8.ppc.rpm cad54df0ef2c8c9d594e32263742adef4fcde562 xpdf-3.02-4.fc8.src.rpm This update can be installed with the yum update program. Use su -c 'yum update xpdf' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-3014 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4352 BugTraq ID: 26367 http://www.securityfocus.com/bid/26367 Bugtraq: 20071107 Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/483372 Debian Security Information: DSA-1480 (Google Search) http://www.debian.org/security/2008/dsa-1480 Debian Security Information: DSA-1509 (Google Search) http://www.debian.org/security/2008/dsa-1509 Debian Security Information: DSA-1537 (Google Search) http://www.debian.org/security/2008/dsa-1537 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html http://security.gentoo.org/glsa/glsa-200711-22.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:219 http://www.mandriva.com/security/advisories?name=MDKSA-2007:220 http://www.mandriva.com/security/advisories?name=MDKSA-2007:221 http://www.mandriva.com/security/advisories?name=MDKSA-2007:222 http://www.mandriva.com/security/advisories?name=MDKSA-2007:223 http://www.mandriva.com/security/advisories?name=MDKSA-2007:227 http://www.mandriva.com/security/advisories?name=MDKSA-2007:228 http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 http://secunia.com/secunia_research/2007-88/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979 http://www.redhat.com/support/errata/RHSA-2007-1021.html http://www.redhat.com/support/errata/RHSA-2007-1022.html http://www.redhat.com/support/errata/RHSA-2007-1024.html http://www.redhat.com/support/errata/RHSA-2007-1025.html http://www.redhat.com/support/errata/RHSA-2007-1026.html http://www.redhat.com/support/errata/RHSA-2007-1027.html http://www.redhat.com/support/errata/RHSA-2007-1029.html http://www.redhat.com/support/errata/RHSA-2007-1030.html http://www.securitytracker.com/id?1018905 http://secunia.com/advisories/26503 http://secunia.com/advisories/27260 http://secunia.com/advisories/27553 http://secunia.com/advisories/27573 http://secunia.com/advisories/27574 http://secunia.com/advisories/27575 http://secunia.com/advisories/27577 http://secunia.com/advisories/27578 http://secunia.com/advisories/27599 http://secunia.com/advisories/27615 http://secunia.com/advisories/27618 http://secunia.com/advisories/27619 http://secunia.com/advisories/27632 http://secunia.com/advisories/27634 http://secunia.com/advisories/27636 http://secunia.com/advisories/27637 http://secunia.com/advisories/27640 http://secunia.com/advisories/27641 http://secunia.com/advisories/27642 http://secunia.com/advisories/27645 http://secunia.com/advisories/27656 http://secunia.com/advisories/27658 http://secunia.com/advisories/27705 http://secunia.com/advisories/27721 http://secunia.com/advisories/27724 http://secunia.com/advisories/27743 http://secunia.com/advisories/27856 http://secunia.com/advisories/28043 http://secunia.com/advisories/28812 http://secunia.com/advisories/29104 http://secunia.com/advisories/29604 http://secunia.com/advisories/30168 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 SuSE Security Announcement: SUSE-SA:2007:060 (Google Search) http://www.novell.com/linux/security/advisories/2007_60_pdf.html http://www.ubuntu.com/usn/usn-542-1 http://www.ubuntu.com/usn/usn-542-2 http://www.vupen.com/english/advisories/2007/3774 http://www.vupen.com/english/advisories/2007/3775 http://www.vupen.com/english/advisories/2007/3776 http://www.vupen.com/english/advisories/2007/3779 http://www.vupen.com/english/advisories/2007/3786 XForce ISS Database: xpdf-dctstreamread-memory-corruption(38306) https://exchange.xforce.ibmcloud.com/vulnerabilities/38306 Common Vulnerability Exposure (CVE) ID: CVE-2007-5392 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036 XForce ISS Database: xpdf-dctstreamreset-bo(38303) https://exchange.xforce.ibmcloud.com/vulnerabilities/38303 Common Vulnerability Exposure (CVE) ID: CVE-2007-5393 Debian Security Information: DSA-1408 (Google Search) http://www.debian.org/security/2007/dsa-1408 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9839 http://www.redhat.com/support/errata/RHSA-2007-1023.html http://www.redhat.com/support/errata/RHSA-2007-1028.html http://www.redhat.com/support/errata/RHSA-2007-1031.html http://www.redhat.com/support/errata/RHSA-2007-1051.html http://secunia.com/advisories/27579 http://secunia.com/advisories/27718 http://secunia.com/advisories/27772 XForce ISS Database: xpdf-ccittfaxstreamlookchar-bo(38304) https://exchange.xforce.ibmcloud.com/vulnerabilities/38304
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.