FrSIRT - Fedora Security Update Fixes Xpdf Multiple Command Execution Issues / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Xpdf Multiple Command Execution Issues

Title : Fedora Security Update Fixes Xpdf Multiple Command Execution Issues
Advisory ID : FrSIRT/ADV-2007-3840
CVE ID : CVE-2007-4352 - CVE-2007-5392 - CVE-2007-5393
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-13

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system [...]

Solution

Upgrade the affected packages :

cc0e4f10a1739a10b41382a977d88df1ca809f02 xpdf-debuginfo-3.02-4.fc7.ppc64.rpm
f02acca00119622b0f0053498f425a89f5f6d05a xpdf-3.02-4.fc7.ppc64.rpm
e2814acc1aa934fcc54c5f1dd2591df85f150846 xpdf-3.02-4.fc7.i386.rpm
b4ffa0222094639cb3b803cfbf09b39dbc232c27 xpdf-debuginfo-3.02-4.fc7.i386.rpm
9c62db5aeb9c5d7951be4a6d24beeab6efd08d03 xpdf-3.02-4.fc7.x86_64.rpm
937c964cb1d35860893a3cfe86c1731eb55ff6ff xpdf-debuginfo-3.02-4.fc7.x86_64.rpm
fef6a66dc9a26e9d708e72bc70821b63711ee7fa xpdf-3.02-4.fc7.ppc.rpm
d344562cb961adff7941a360738d09142ecc9a65 xpdf-debuginfo-3.02-4.fc7.ppc.rpm
e4793e635b4d05d80740d5955b5dbd81039baeab xpdf-3.02-4.fc7.src.rpm

ff68b94139fbaa10d8c4cc31fd237bd6f82780ca xpdf-3.02-4.fc8.ppc64.rpm
b7160ed1a321338e53322755892d9986491c2eeb xpdf-debuginfo-3.02-4.fc8.ppc64.rpm
71271def0a915869659bbdc2774e1ea9e418bffa xpdf-3.02-4.fc8.i386.rpm
fec5aeca869105175bc1bc89daf4bdceb253a7f1 xpdf-debuginfo-3.02-4.fc8.i386.rpm
914dcb09f480212da136d817aed3e8fdea875990 xpdf-debuginfo-3.02-4.fc8.x86_64.rpm
db7f474c2780b53e5ce969bd1436d4f323bf89a8 xpdf-3.02-4.fc8.x86_64.rpm
85dfdfdba02c999ca0405c4260620b866fdffa08 xpdf-debuginfo-3.02-4.fc8.ppc.rpm
f4636894dec972d4cb12ab7ee5ac101ca5dcf5b1 xpdf-3.02-4.fc8.ppc.rpm
cad54df0ef2c8c9d594e32263742adef4fcde562 xpdf-3.02-4.fc8.src.rpm

ChangeLog

2007-11-13 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability