RHEL 4 : gpdf (RHSA-2005:708)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated gpdf package that fixes a security issue is now available
for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The gpdf package is an GNOME based viewer for Portable Document Format
(PDF) files.

Marcus Meissner reported a flaw in gpdf. An attacker could construct a
carefully crafted PDF file that would cause gpdf to consume all
available disk space in /tmp when opened. The Common Vulnerabilities
and Exposures project assigned the name CVE-2005-2097 to this issue.

Note that this issue does not affect the version of gpdf in Red Hat
Enterprise Linux 3 or 2.1.

Users of gpdf should upgrade to this updated package, which contains a
backported patch to resolve this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-2097.html
http://rhn.redhat.com/errata/RHSA-2005-708.html

Solution :

Update the affected gpdf package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 19425 ()

Bugtraq ID:

CVE ID: CVE-2005-2097