LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2008:173 ] kdegraphics Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened (CVE-2008-1693). This vulnerability also affected older versions of kpdf, so the updated packages have been patched to correct this issue.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:173
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kdegraphics
 Date    : August 19, 2008
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Kees Cook of Ubuntu security found a flaw in how poppler prior
 to version 0.6 displayed malformed fonts embedded in PDF files.
 An attacker could create a malicious PDF file that would cause
 applications using poppler to crash, or possibly execute arbitrary
 code when opened (CVE-2008-1693).
 
 This vulnerability also affected older versions of kpdf, so the
 updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 c48c75be77960fbb394a2b1eeac6b181  corporate/4.0/i586/kdegraphics-3.5.4-0.8.20060mlcs4.i586.rpm
 7ed79b015abce818dfec06dfba1c1380  corporate/4.0/i586/kdegraphics-common-3.5.4-0.8.20060mlcs4.i586.rpm
 544e0b41ae1e8a30ad8df50a078558a1  corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.8.20060mlcs4.i586.rpm
 d2a9273cf9651705a5bb535a90d0136c  corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.8.20060mlcs4.i586.rpm
 766e1accbc92ae47315f36c49e033fe1  corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.8.20060mlcs4.i586.rpm
 028c82916bebdeaa72eef92de8e8915b  corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.8.20060mlcs4.i586.rpm
 5086b22bd13361fa5dbb98b58cca326b  corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.8.20060mlcs4.i586.rpm
 d2fc10f6a3692faefbd18b930ca6e8bb  corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.8.20060mlcs4.i586.rpm
 b3999a4d4a09ac4287d4367739b65a4e  corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.8.20060mlcs4.i586.rpm
 f340936657f82cb8cb4f9be24eb0e0b1  corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.8.20060mlcs4.i586.rpm
 b284b87bbb08ee0c71a0274cbaaee22a  corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.8.20060mlcs4.i586.rpm
 2d8bae2c857ffed30979aeb2b7825698  corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.8.20060mlcs4.i586.rpm
 01f71322cb69831c2d85efd7c183221a  corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.8.20060mlcs4.i586.rpm
 000750beeb8845c1ad83c737f43e2a7e  corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.8.20060mlcs4.i586.rpm
 5129a71c61bc26bc0b840cbe1f73a4fc  corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.8.20060mlcs4.i586.rpm
 af856c22dfa63a9e23374053a34b8acf  corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.8.20060mlcs4.i586.rpm
 4008e583c8019451a0683b30e8edb011  corporate/4.0/i586/kdegraphics-kview-3.5.4-0.8.20060mlcs4.i586.rpm
 97ae6b724e5f20dbda7e0a5e5624431a  corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.8.20060mlcs4.i586.rpm
 6a6f33b0f940d78191be569dd414d67c  corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.8.20060mlcs4.i586.rpm
 d212fda5331980b961d73d0c442ae628  corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.8.20060mlcs4.i586.rpm
 b1d802051c290726d17dc9b643358324  corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.8.20060mlcs4.i586.rpm
 d4c80288ea40e92742ac28ed99ce76c4  corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.8.20060mlcs4.i586.rpm
 c61d07979ea8a97200972581b4d41702  corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.8.20060mlcs4.i586.rpm
 0c7b3a2769ec6557dc08eb9575b97e57  corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.8.20060mlcs4.i586.rpm
 af9abfc2e1c4e685155dc3f4eb33a2eb  corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.8.20060mlcs4.i586.rpm
 98eff5d1ee0e0614bdc6a7a6bff56a1e  corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.8.20060mlcs4.i586.rpm
 b015cedc70056a8603f2b0ff0d67ad5b  corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.8.20060mlcs4.i586.rpm
 faaf4b28dd162997cd8f5c805ff99720  corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.8.20060mlcs4.i586.rpm
 3daea8370340ca1f94f08246c1c0d5f0  corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.8.20060mlcs4.i586.rpm
 aaf91d76d1a39400da63bc0fa6e4529b  corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.8.20060mlcs4.i586.rpm 
 2fcf66b36cc00bf5312e8672358a77f2  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 45b1d1842cde5de28b039ea27b583258  corporate/4.0/x86_64/kdegraphics-3.5.4-0.8.20060mlcs4.x86_64.rpm
 f8854845e1ec41724dd692c862ea5f2d  corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.8.20060mlcs4.x86_64.rpm
 2053e876eb098bfd3e66335d1559dee0  corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.8.20060mlcs4.x86_64.rpm
 0ca9ea1f23a425faf11a34aa68278fae  corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.8.20060mlcs4.x86_64.rpm
 d0b3bfab1c6e06d3b280775ccb0148c4  corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.8.20060mlcs4.x86_64.rpm
 de102515cd82fbb2d1a982276954a90b  corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.8.20060mlcs4.x86_64.rpm
 2ab24fdd2bb4baab401adb33f0679937  corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.8.20060mlcs4.x86_64.rpm
 ebb3e79e1dafdd462774b796963dbf44  corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.8.20060mlcs4.x86_64.rpm
 0ed728bf9dacf3bd74a60454474a14f0  corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.8.20060mlcs4.x86_64.rpm
 518e3d032f68554987e927d13eda143c  corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.8.20060mlcs4.x86_64.rpm
 31e391645ccac68d5845238b5b19f5bf  corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.8.20060mlcs4.x86_64.rpm
 dc8b45093d330089a51c5379f88eca27  corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.8.20060mlcs4.x86_64.rpm
 301db4e99da585e2ffd70c221fac1ceb  corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.8.20060mlcs4.x86_64.rpm
 0d0cf2122a0f2024253fada72c249ce5  corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.8.20060mlcs4.x86_64.rpm
 61bb88e15c6236eb927b9a7ad52ec951  corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.8.20060mlcs4.x86_64.rpm
 4ceccb045a409a678de85757abbb283f  corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.8.20060mlcs4.x86_64.rpm
 27c0e3e413d43ea48630233166c64db8  corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.8.20060mlcs4.x86_64.rpm
 7e71c8ad66d111bb5105c02bc682c985  corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.8.20060mlcs4.x86_64.rpm
 f5a8505ac85a3da2763bf7cb60b5b85e  corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.8.20060mlcs4.x86_64.rpm
 49ff1b79d5edce7568f6409c8eabccc9  corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
 85877748738af447e2b2219e782fa988  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.8.20060mlcs4.x86_64.rpm
 ca0ed072b4f3addead66e64cf174dc42  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
 eeac9394a0ae1371086c7862d706aa2e  corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.8.20060mlcs4.x86_64.rpm
 84769df4de641bc615c77e971e727403  corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
 52a3ce24202e480803514108e23e5244  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.8.20060mlcs4.x86_64.rpm
 9254908e6d0f094aab5aa8433beef77a  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
 5aae3dfccff23539d4ec103d783a729d  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.8.20060mlcs4.x86_64.rpm
 82bc88d91af010a7c1c99d8c6ac2ca17  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
 47a591ec73214a9ca4a8a3e6cb71df46  corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.8.20060mlcs4.x86_64.rpm
 81cb62a332322f2256fc8b425add3cff  corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm 
 2fcf66b36cc00bf5312e8672358a77f2  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.8.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
'Snowden effect' has changed cloud data security assumption, survey claims
Galaxy S5 fingerprint scanner hacked with glue mould
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.