[ MDVSA-2008:173 ] kdegraphics
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:173
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kdegraphics
Date : August 19, 2008
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Kees Cook of Ubuntu security found a flaw in how poppler prior
to version 0.6 displayed malformed fonts embedded in PDF files.
An attacker could create a malicious PDF file that would cause
applications using poppler to crash, or possibly execute arbitrary
code when opened (CVE-2008-1693).
This vulnerability also affected older versions of kpdf, so the
updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
c48c75be77960fbb394a2b1eeac6b181
corporate/4.0/i586/kdegraphics-3.5.4-0.8.20060mlcs4.i586.rpm
7ed79b015abce818dfec06dfba1c1380
corporate/4.0/i586/kdegraphics-common-3.5.4-0.8.20060mlcs4.i586.rpm
544e0b41ae1e8a30ad8df50a078558a1
corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.8.20060mlcs4.i586.rpm
d2a9273cf9651705a5bb535a90d0136c
corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.8.20060mlcs4.i586.rpm
766e1accbc92ae47315f36c49e033fe1
corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.8.20060mlcs4.i586.rpm
028c82916bebdeaa72eef92de8e8915b
corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.8.20060mlcs4.i586.rpm
5086b22bd13361fa5dbb98b58cca326b
corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.8.20060mlcs4.i586.rpm
d2fc10f6a3692faefbd18b930ca6e8bb
corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.8.20060mlcs4.i586.rpm
b3999a4d4a09ac4287d4367739b65a4e
corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.8.20060mlcs4.i586.rpm
f340936657f82cb8cb4f9be24eb0e0b1
corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.8.20060mlcs4.i586.rpm
b284b87bbb08ee0c71a0274cbaaee22a
corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.8.20060mlcs4.i586.rpm
2d8bae2c857ffed30979aeb2b7825698
corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.8.20060mlcs4.i586.rpm
01f71322cb69831c2d85efd7c183221a
corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.8.20060mlcs4.i586.rpm
000750beeb8845c1ad83c737f43e2a7e
corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.8.20060mlcs4.i586.rpm
5129a71c61bc26bc0b840cbe1f73a4fc
corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.8.20060mlcs4.i586.rpm
af856c22dfa63a9e23374053a34b8acf
corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.8.20060mlcs4.i586.rpm
4008e583c8019451a0683b30e8edb011
corporate/4.0/i586/kdegraphics-kview-3.5.4-0.8.20060mlcs4.i586.rpm
97ae6b724e5f20dbda7e0a5e5624431a
corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.8.20060mlcs4.i586.rpm
6a6f33b0f940d78191be569dd414d67c
corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.8.20060mlcs4.i586.rpm
d212fda5331980b961d73d0c442ae628
corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.8.20060mlcs4.i586.rpm
b1d802051c290726d17dc9b643358324
corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.8.20060mlcs4.i586.rpm
d4c80288ea40e92742ac28ed99ce76c4
corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.8.20060mlcs4.i586.rpm
c61d07979ea8a97200972581b4d41702
corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.8.20060mlcs4.i586.rpm
0c7b3a2769ec6557dc08eb9575b97e57
corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.8.20060mlcs4.i586.rpm
af9abfc2e1c4e685155dc3f4eb33a2eb
corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.8.20060mlcs4.i586.rpm
98eff5d1ee0e0614bdc6a7a6bff56a1e
corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.8.20060mlcs4.i586.rpm
b015cedc70056a8603f2b0ff0d67ad5b
corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.8.20060mlcs4.i586.rpm
faaf4b28dd162997cd8f5c805ff99720
corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.8.20060mlcs4.i586.rpm
3daea8370340ca1f94f08246c1c0d5f0
corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.8.20060mlcs4.i586.rpm
aaf91d76d1a39400da63bc0fa6e4529b
corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.8.20060mlcs4.i586.rpm
2fcf66b36cc00bf5312e8672358a77f2
corporate/4.0/SRPMS/kdegraphics-3.5.4-0.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
45b1d1842cde5de28b039ea27b583258
corporate/4.0/x86_64/kdegraphics-3.5.4-0.8.20060mlcs4.x86_64.rpm
f8854845e1ec41724dd692c862ea5f2d
corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.8.20060mlcs4.x86_64.rpm
2053e876eb098bfd3e66335d1559dee0
corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.8.20060mlcs4.x86_64.rpm
0ca9ea1f23a425faf11a34aa68278fae
corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.8.20060mlcs4.x86_64.rpm
d0b3bfab1c6e06d3b280775ccb0148c4
corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.8.20060mlcs4.x86_64.rpm
de102515cd82fbb2d1a982276954a90b
corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.8.20060mlcs4.x86_64.rpm
2ab24fdd2bb4baab401adb33f0679937
corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.8.20060mlcs4.x86_64.rpm
ebb3e79e1dafdd462774b796963dbf44
corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.8.20060mlcs4.x86_64.rpm
0ed728bf9dacf3bd74a60454474a14f0
corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.8.20060mlcs4.x86_64.rpm
518e3d032f68554987e927d13eda143c
corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.8.20060mlcs4.x86_64.rpm
31e391645ccac68d5845238b5b19f5bf
corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.8.20060mlcs4.x86_64.rpm
dc8b45093d330089a51c5379f88eca27
corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.8.20060mlcs4.x86_64.rpm
301db4e99da585e2ffd70c221fac1ceb
corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.8.20060mlcs4.x86_64.rpm
0d0cf2122a0f2024253fada72c249ce5
corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.8.20060mlcs4.x86_64.rpm
61bb88e15c6236eb927b9a7ad52ec951
corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.8.20060mlcs4.x86_64.rpm
4ceccb045a409a678de85757abbb283f
corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.8.20060mlcs4.x86_64.rpm
27c0e3e413d43ea48630233166c64db8
corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.8.20060mlcs4.x86_64.rpm
7e71c8ad66d111bb5105c02bc682c985
corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.8.20060mlcs4.x86_64.rpm
f5a8505ac85a3da2763bf7cb60b5b85e
corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.8.20060mlcs4.x86_64.rpm
49ff1b79d5edce7568f6409c8eabccc9
corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
85877748738af447e2b2219e782fa988
corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.8.20060mlcs4.x86_64.rpm
ca0ed072b4f3addead66e64cf174dc42
corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
eeac9394a0ae1371086c7862d706aa2e
corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.8.20060mlcs4.x86_64.rpm
84769df4de641bc615c77e971e727403
corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
52a3ce24202e480803514108e23e5244
corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.8.20060mlcs4.x86_64.rpm
9254908e6d0f094aab5aa8433beef77a
corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
5aae3dfccff23539d4ec103d783a729d
corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.8.20060mlcs4.x86_64.rpm
82bc88d91af010a7c1c99d8c6ac2ca17
corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
47a591ec73214a9ca4a8a3e6cb71df46
corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.8.20060mlcs4.x86_64.rpm
81cb62a332322f2256fc8b425add3cff
corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm
2fcf66b36cc00bf5312e8672358a77f2
corporate/4.0/SRPMS/kdegraphics-3.5.4-0.8.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIqwY7mqjQ0CJFipgRAqUOAKCd62Jf/MyXsVBCL585A+EvkplhtACgnTck
m6L0UtTi6j93EYp+XKswP8U=
=bQn5
-----END PGP SIGNATURE-----