Advisories:rPSA-2007-0252

From rPath Wiki

rPath Security Advisory 2007-0252-1

Published: 2007-11-28

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

Indirect User Deterministic Unauthorized Access

Updated Versions

• cups=conary.rpath.com@rpl:1/1.1.23-14.4-1
• poppler=conary.rpath.com@rpl:1/0.4.5-1.3-1
• tetex=conary.rpath.com@rpl:1/2.0.2-28.8-1
• tetex-afm=conary.rpath.com@rpl:1/2.0.2-28.8-1
• tetex-dvips=conary.rpath.com@rpl:1/2.0.2-28.8-1
• tetex-fonts=conary.rpath.com@rpl:1/2.0.2-28.8-1
• tetex-latex=conary.rpath.com@rpl:1/2.0.2-28.8-1
• tetex-xdvi=conary.rpath.com@rpl:1/2.0.2-28.8-1

rPath Issue Tracking System

• RPL-1926

References

• CVE-2007-4352
• CVE-2007-5392
• CVE-2007-5393

Description

Previous versions of the cups, poppler, and tetex packages contain

multiple vulnerabilities due to flaws in code included from Xpdf.

These flaws allow user-assisted attackers to execute arbitrary code

using maliciously crafted PDF files.

Note that applications linked against libpoppler may also be affected

by these vulnerabilities, and will be fixed by this update.

Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html