Test ID:	1.3.6.1.4.1.25623.1.0.67320
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:086 (kdegraphics)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kdegraphics announced via advisory MDVSA-2010:086. Multiple vulnerabilities has been found and corrected in kpdf (kdegraphics): Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read (CVE-2009-3609). The updated packages have been patched to correct thess issues. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:086 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3608 1021706 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 1023029 http://securitytracker.com/id?1023029 274030 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 36703 http://www.securityfocus.com/bid/36703 37028 http://secunia.com/advisories/37028 37034 http://secunia.com/advisories/37034 37037 http://secunia.com/advisories/37037 37043 http://secunia.com/advisories/37043 37051 http://secunia.com/advisories/37051 37053 http://secunia.com/advisories/37053 37054 http://secunia.com/advisories/37054 37061 http://secunia.com/advisories/37061 37077 http://secunia.com/advisories/37077 37079 http://secunia.com/advisories/37079 37114 http://secunia.com/advisories/37114 37159 http://secunia.com/advisories/37159 39327 http://secunia.com/advisories/39327 39938 http://secunia.com/advisories/39938 ADV-2009-2924 http://www.vupen.com/english/advisories/2009/2924 ADV-2009-2925 http://www.vupen.com/english/advisories/2009/2925 ADV-2009-2926 http://www.vupen.com/english/advisories/2009/2926 ADV-2009-2928 http://www.vupen.com/english/advisories/2009/2928 ADV-2010-0802 http://www.vupen.com/english/advisories/2010/0802 ADV-2010-1220 http://www.vupen.com/english/advisories/2010/1220 DSA-1941 http://www.debian.org/security/2009/dsa-1941 DSA-2028 http://www.debian.org/security/2010/dsa-2028 DSA-2050 http://www.debian.org/security/2010/dsa-2050 FEDORA-2009-10823 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html FEDORA-2009-10845 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html FEDORA-2010-1377 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html FEDORA-2010-1805 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html FEDORA-2010-1842 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html MDVSA-2009:287 http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 MDVSA-2009:334 http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 MDVSA-2011:175 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 RHSA-2009:1501 https://rhn.redhat.com/errata/RHSA-2009-1501.html RHSA-2009:1502 https://rhn.redhat.com/errata/RHSA-2009-1502.html RHSA-2009:1503 https://rhn.redhat.com/errata/RHSA-2009-1503.html RHSA-2009:1504 https://rhn.redhat.com/errata/RHSA-2009-1504.html RHSA-2009:1512 https://rhn.redhat.com/errata/RHSA-2009-1512.html RHSA-2009:1513 https://rhn.redhat.com/errata/RHSA-2009-1513.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html USN-850-1 http://www.ubuntu.com/usn/USN-850-1 USN-850-3 http://www.ubuntu.com/usn/USN-850-3 [oss-security] 20091130 Need more information on recent poppler issues http://www.openwall.com/lists/oss-security/2009/12/01/1 [oss-security] 20091130 Re: Need more information on recent poppler issues http://www.openwall.com/lists/oss-security/2009/12/01/5 [oss-security] 20091201 Re: Need more information on recent poppler issues http://www.openwall.com/lists/oss-security/2009/12/01/6 ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://poppler.freedesktop.org/ http://www.ocert.org/advisories/ocert-2009-016.html https://bugzilla.redhat.com/show_bug.cgi?id=526637 oval:org.mitre.oval:def:9536 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536 xpdf-objectstream-bo(53794) https://exchange.xforce.ibmcloud.com/vulnerabilities/53794 Common Vulnerability Exposure (CVE) ID: CVE-2009-3609 37023 http://secunia.com/advisories/37023 RHSA-2009:1500 https://rhn.redhat.com/errata/RHSA-2009-1500.html RHSA-2010:0755 http://www.redhat.com/support/errata/RHSA-2010-0755.html https://bugzilla.redhat.com/show_bug.cgi?id=526893 oval:org.mitre.oval:def:11043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043 oval:org.mitre.oval:def:8134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134 xpdf-imagestream-dos(53800) https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.