RHEL 4 : kdegraphics (RHSA-2005:066)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kdegraphics packages that resolve security issues in kpdf are
now available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kdegraphics packages contain applications for the K Desktop
Environment including kpdf, a pdf file viewer.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf
that also affects kpdf due to a shared codebase. An attacker could
construct a carefully crafted PDF file that could cause kpdf to crash
or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1125 to this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function
of Xpdf which also affects kpdf due to a shared codebase. An attacker
could construct a carefully crafted PDF file that could cause kpdf to
crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0064 to this issue.

During a source code audit, Chris Evans and others discovered a number
of integer overflow bugs that affected all versions of Xpdf which also
affects kpdf due to a shared codebase. An attacker could construct a
carefully crafted PDF file that could cause kpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888
to this issue.

Users should update to these erratum packages which contain backported
patches to correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0888.html
https://www.redhat.com/security/data/cve/CVE-2004-1125.html
https://www.redhat.com/security/data/cve/CVE-2005-0064.html
http://www.kde.org/info/security/advisory-20041223-1.txt
http://www.kde.org/info/security/advisory-20050119-1.txt
http://rhn.redhat.com/errata/RHSA-2005-066.html

Solution :

Update the affected kdegraphics and / or kdegraphics-devel packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17178 ()

Bugtraq ID:

CVE ID: CVE-2004-0888
CVE-2004-1125
CVE-2005-0064