User: Password:
Subscribe / Log in / New account

Yellow Dog alert YDU-20030620-1 (xpdf)

From:  Terra Soft Security Team <>
Subject:  Yellow Dog Linux Security Advisory: YDU-20030620-1
Date:  Mon, 23 Jun 2003 16:00:53 -0600

Yellow Dog Linux Security Announcement -------------------------------------- Package: xpdf Issue Date: Jun 20,2003 Priority: medium Advisory ID: YDU-20030620-1 1. Topic: Updated xpdf packages are available. 2. Problem: "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Martyn Gilmore discovered a flaw in various PDF viewers and readers. An attacker can embed malicious external-type hyperlinks that if activated or followed by a victim can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2003-0434 to this issue. All users of Xpdf are advised to upgrade to these errata packages, which contain a patch to correct this issue." From Red Hat Advisory 3. Solution: a) Updating via yum... [for Yellow Dog Linux 3.0] We suggest that you use the yum program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: yum update xpdf b) Updating via apt... [for Yellow Dog Linux 2.3] We suggest that you use the apt-get program to keep you system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install xpdf c) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] Yellow Dog Linux 3.0 ppc/xpdf-2.01-9.ppc.rpm ppc/xpdf-chinese-simplified-2.01-9.ppc.rpm ppc/xpdf-chinese-traditional-2.01-9.ppc.rpm ppc/xpdf-japanese-2.01-9.ppc.rpm ppc/xpdf-korean-2.01-9.ppc.rpm Yellow Dog Linux 2.3 ppc/xpdf-1.00-6.ppc.rpm ppc/xpdf-chinese-simplified-1.00-6.ppc.rpm ppc/xpdf-chinese-traditional-1.00-6.ppc.rpm ppc/xpdf-japanese-1.00-6.ppc.rpm ppc/xpdf-korean-1.00-6.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- [Yellow Dog Linux 3.0] 4b2dab67b23c2a700ce713bf7feea8fd SRPMS/xpdf-2.01-9.src.rpm a4cd0fd60dd2f919cc01495fa048f1a8 ppc/xpdf-2.01-9.ppc.rpm 38d77464e3423e8712c044086c84f779 ppc/xpdf-chinese-simplified-2.01-9.ppc.rpm bb148add0f59bb01e406b949870110c6 ppc/xpdf-chinese-traditional-2.01-9.ppc.rpm a504d5464dd128aed90631692ae68a12 ppc/xpdf-japanese-2.01-9.ppc.rpm 94ed81db78f9880a85b01991adda11d3 ppc/xpdf-korean-2.01-9.ppc.rpm [Yellow Dog Linux 2.3] 79ffb2553b61336f9dd41e9252cc8eae SRPMS/xpdf-1.00-6.src.rpm c1d7338ae5307b028785325816f4850c ppc/xpdf-1.00-6.ppc.rpm b5b4a532039b5ffcd0b19c8d49b1c8c6 ppc/xpdf-chinese-simplified-1.00-6.ppc.rpm 84800bddbd3e9c21558334f1ce45f153 ppc/xpdf-chinese-traditional-1.00-6.ppc.rpm b1da18a856ef2814066ddfbacdcc3ba7 ppc/xpdf-japanese-1.00-6.ppc.rpm f2cec39e6425afec5dcbeb6fae7e2fe5 ppc/xpdf-korean-1.00-6.ppc.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: md5sum <filename> 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See for more information. For information regarding the usage of yum, see: _______________________________________________ yellowdog-updates mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds