SynopsisThe remote CentOS host is missing a security update.
DescriptionAn updated xpdf package that fixes several security issues is now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
[Updated 20 Dec 2005] The initial fix for these issues was incomplete.
The packages have been updated with a more complete fix.
The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files.
Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues.
Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues.
Red Hat would like to thank Derek B. Noonburg for reporting this issue and providing a patch.
SolutionUpdate the affected xpdf package.
File Name: centos_RHSA-2005-840.nasl
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure
CPE: p-cpe:/a:centos:centos:xpdf, cpe:/o:centos:centos:3, cpe:/o:centos:centos:4
Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/22/2005
Vulnerability Publication Date: 12/6/2005
CVE: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
BID: 15721, 15725, 15726, 15727