Test ID:	1.3.6.1.4.1.25623.1.0.59855
Category:	Fedora Local Security Checks
Title:	Fedora Core 7 FEDORA-2007-3031 (xpdf)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xpdf announced via advisory FEDORA-2007-3031. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. Update Information: Resolves: xpdf memory corruption in DCTStream::readProgressiveDataUnit() xpdf buffer overflow in DCTStream::reset() xpdf buffer overflow in CCITTFaxStream::lookChar() ChangeLog: * Fri Nov 9 2007 Tom spot Callaway 1:3.02-4 - resolve 372461, 372471, 372481 * Tue Aug 28 2007 Tom spot Callaway 1:3.02-3 - fix PDF printing on x86_64 (bz 253601) - add mouse buttons 8 and 9 (bz 255401) - add extra zoom types (bz 251855) - rebuild for BuildID * Mon Aug 6 2007 Tom spot Callaway 1:3.02-2 - fix font list parsing to squelch noise (bz 250709) - cleanup add-to-xpdfrc files, update xpdfrc to include them by default * Wed Aug 1 2007 Tom spot Callaway 1:3.02-1 - bump to 3.02 - patch in security fix - add arabic, greek, hebrew, latin2, turkish lang support References: [ 1 ] Bug #372461 - CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Multiple xpdf vulnerabilities [f7] https://bugzilla.redhat.com/show_bug.cgi?id=372461 [ 2 ] CVE-2007-4352 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 [ 3 ] CVE-2007-5392 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 [ 4 ] CVE-2007-5393 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Updated packages: cc0e4f10a1739a10b41382a977d88df1ca809f02 xpdf-debuginfo-3.02-4.fc7.ppc64.rpm f02acca00119622b0f0053498f425a89f5f6d05a xpdf-3.02-4.fc7.ppc64.rpm e2814acc1aa934fcc54c5f1dd2591df85f150846 xpdf-3.02-4.fc7.i386.rpm b4ffa0222094639cb3b803cfbf09b39dbc232c27 xpdf-debuginfo-3.02-4.fc7.i386.rpm 9c62db5aeb9c5d7951be4a6d24beeab6efd08d03 xpdf-3.02-4.fc7.x86_64.rpm 937c964cb1d35860893a3cfe86c1731eb55ff6ff xpdf-debuginfo-3.02-4.fc7.x86_64.rpm fef6a66dc9a26e9d708e72bc70821b63711ee7fa xpdf-3.02-4.fc7.ppc.rpm d344562cb961adff7941a360738d09142ecc9a65 xpdf-debuginfo-3.02-4.fc7.ppc.rpm e4793e635b4d05d80740d5955b5dbd81039baeab xpdf-3.02-4.fc7.src.rpm This update can be installed with the yum update program. Use su -c 'yum update xpdf' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2007-3031 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4352 BugTraq ID: 26367 http://www.securityfocus.com/bid/26367 Bugtraq: 20071107 Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/483372 Debian Security Information: DSA-1480 (Google Search) http://www.debian.org/security/2008/dsa-1480 Debian Security Information: DSA-1509 (Google Search) http://www.debian.org/security/2008/dsa-1509 Debian Security Information: DSA-1537 (Google Search) http://www.debian.org/security/2008/dsa-1537 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html http://security.gentoo.org/glsa/glsa-200711-22.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:219 http://www.mandriva.com/security/advisories?name=MDKSA-2007:220 http://www.mandriva.com/security/advisories?name=MDKSA-2007:221 http://www.mandriva.com/security/advisories?name=MDKSA-2007:222 http://www.mandriva.com/security/advisories?name=MDKSA-2007:223 http://www.mandriva.com/security/advisories?name=MDKSA-2007:227 http://www.mandriva.com/security/advisories?name=MDKSA-2007:228 http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 http://secunia.com/secunia_research/2007-88/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979 http://www.redhat.com/support/errata/RHSA-2007-1021.html http://www.redhat.com/support/errata/RHSA-2007-1022.html http://www.redhat.com/support/errata/RHSA-2007-1024.html http://www.redhat.com/support/errata/RHSA-2007-1025.html http://www.redhat.com/support/errata/RHSA-2007-1026.html http://www.redhat.com/support/errata/RHSA-2007-1027.html http://www.redhat.com/support/errata/RHSA-2007-1029.html http://www.redhat.com/support/errata/RHSA-2007-1030.html http://www.securitytracker.com/id?1018905 http://secunia.com/advisories/26503 http://secunia.com/advisories/27260 http://secunia.com/advisories/27553 http://secunia.com/advisories/27573 http://secunia.com/advisories/27574 http://secunia.com/advisories/27575 http://secunia.com/advisories/27577 http://secunia.com/advisories/27578 http://secunia.com/advisories/27599 http://secunia.com/advisories/27615 http://secunia.com/advisories/27618 http://secunia.com/advisories/27619 http://secunia.com/advisories/27632 http://secunia.com/advisories/27634 http://secunia.com/advisories/27636 http://secunia.com/advisories/27637 http://secunia.com/advisories/27640 http://secunia.com/advisories/27641 http://secunia.com/advisories/27642 http://secunia.com/advisories/27645 http://secunia.com/advisories/27656 http://secunia.com/advisories/27658 http://secunia.com/advisories/27705 http://secunia.com/advisories/27721 http://secunia.com/advisories/27724 http://secunia.com/advisories/27743 http://secunia.com/advisories/27856 http://secunia.com/advisories/28043 http://secunia.com/advisories/28812 http://secunia.com/advisories/29104 http://secunia.com/advisories/29604 http://secunia.com/advisories/30168 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 SuSE Security Announcement: SUSE-SA:2007:060 (Google Search) http://www.novell.com/linux/security/advisories/2007_60_pdf.html http://www.ubuntu.com/usn/usn-542-1 http://www.ubuntu.com/usn/usn-542-2 http://www.vupen.com/english/advisories/2007/3774 http://www.vupen.com/english/advisories/2007/3775 http://www.vupen.com/english/advisories/2007/3776 http://www.vupen.com/english/advisories/2007/3779 http://www.vupen.com/english/advisories/2007/3786 XForce ISS Database: xpdf-dctstreamread-memory-corruption(38306) https://exchange.xforce.ibmcloud.com/vulnerabilities/38306 Common Vulnerability Exposure (CVE) ID: CVE-2007-5392 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036 XForce ISS Database: xpdf-dctstreamreset-bo(38303) https://exchange.xforce.ibmcloud.com/vulnerabilities/38303 Common Vulnerability Exposure (CVE) ID: CVE-2007-5393 Debian Security Information: DSA-1408 (Google Search) http://www.debian.org/security/2007/dsa-1408 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9839 http://www.redhat.com/support/errata/RHSA-2007-1023.html http://www.redhat.com/support/errata/RHSA-2007-1028.html http://www.redhat.com/support/errata/RHSA-2007-1031.html http://www.redhat.com/support/errata/RHSA-2007-1051.html http://secunia.com/advisories/27579 http://secunia.com/advisories/27718 http://secunia.com/advisories/27772 XForce ISS Database: xpdf-ccittfaxstreamlookchar-bo(38304) https://exchange.xforce.ibmcloud.com/vulnerabilities/38304
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.