RHEL 2.1 / 3 / 4 : xpdf (RHSA-2005:840)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated xpdf package that fixes several security issues is now
available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

[Updated 20 Dec 2005] The initial fix for these issues was incomplete.
The packages have been updated with a more complete fix.

The xpdf package is an X Window System-based viewer for Portable
Document Format (PDF) files.

Several flaws were discovered in Xpdf. An attacker could construct a
carefully crafted PDF file that could cause Xpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and
CVE-2005-3193 to these issues.

Users of Xpdf should upgrade to this updated package, which contains a
backported patch to resolve these issues.

Red Hat would like to thank Derek B. Noonburg for reporting this issue
and providing a patch.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-3191.html
https://www.redhat.com/security/data/cve/CVE-2005-3192.html
https://www.redhat.com/security/data/cve/CVE-2005-3193.html
https://www.redhat.com/security/data/cve/CVE-2005-3624.html
https://www.redhat.com/security/data/cve/CVE-2005-3625.html
https://www.redhat.com/security/data/cve/CVE-2005-3626.html
https://www.redhat.com/security/data/cve/CVE-2005-3627.html
https://www.redhat.com/security/data/cve/CVE-2005-3628.html
http://rhn.redhat.com/errata/RHSA-2005-840.html

Solution :

Update the affected xpdf package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 20268 ()

Bugtraq ID:

CVE ID: CVE-2005-3191
CVE-2005-3192
CVE-2005-3193
CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627
CVE-2005-3628