full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [ MDVSA-2008:173 ] kdegrap

[Full-disclosure] [ MDVSA-2008:173 ] kdegraphics

From: <security_at_nospam>
Date: Tue Aug 19 2008 - 20:46:00 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2008:173  http://www.mandriva.com/security/
Package : kdegraphics Date : August 19, 2008 Affected: Corporate 4.0
_______________________________________________________________________

 Problem Description:

 Kees Cook of Ubuntu security found a flaw in how poppler prior  to version 0.6 displayed malformed fonts embedded in PDF files.  An attacker could create a malicious PDF file that would cause  applications using poppler to crash, or possibly execute arbitrary  code when opened (CVE-2008-1693).  

 This vulnerability also affected older versions of kpdf, so the  updated packages have been patched to correct this issue.


 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693


 Updated Packages:

 Corporate 4.0: c48c75be77960fbb394a2b1eeac6b181 corporate/4.0/i586/kdegraphics-3.5.4-0.8.20060mlcs4.i586.rpm 7ed79b015abce818dfec06dfba1c1380 corporate/4.0/i586/kdegraphics-common-3.5.4-0.8.20060mlcs4.i586.rpm 544e0b41ae1e8a30ad8df50a078558a1 corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.8.20060mlcs4.i586.rpm d2a9273cf9651705a5bb535a90d0136c corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.8.20060mlcs4.i586.rpm 766e1accbc92ae47315f36c49e033fe1 corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.8.20060mlcs4.i586.rpm 028c82916bebdeaa72eef92de8e8915b corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.8.20060mlcs4.i586.rpm 5086b22bd13361fa5dbb98b58cca326b corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.8.20060mlcs4.i586.rpm d2fc10f6a3692faefbd18b930ca6e8bb corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.8.20060mlcs4.i586.rpm b3999a4d4a09ac4287d4367739b65a4e corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.8.20060mlcs4.i586.rpm f340936657f82cb8cb4f9be24eb0e0b1 corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.8.20060mlcs4.i586.rpm b284b87bbb08ee0c71a0274cbaaee22a corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.8.20060mlcs4.i586.rpm 2d8bae2c857ffed30979aeb2b7825698 corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.8.20060mlcs4.i586.rpm 01f71322cb69831c2d85efd7c183221a corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.8.20060mlcs4.i586.rpm 000750beeb8845c1ad83c737f43e2a7e corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.8.20060mlcs4.i586.rpm 5129a71c61bc26bc0b840cbe1f73a4fc corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.8.20060mlcs4.i586.rpm af856c22dfa63a9e23374053a34b8acf corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.8.20060mlcs4.i586.rpm 4008e583c8019451a0683b30e8edb011 corporate/4.0/i586/kdegraphics-kview-3.5.4-0.8.20060mlcs4.i586.rpm 97ae6b724e5f20dbda7e0a5e5624431a corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.8.20060mlcs4.i586.rpm 6a6f33b0f940d78191be569dd414d67c corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.8.20060mlcs4.i586.rpm d212fda5331980b961d73d0c442ae628 corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.8.20060mlcs4.i586.rpm b1d802051c290726d17dc9b643358324 corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.8.20060mlcs4.i586.rpm d4c80288ea40e92742ac28ed99ce76c4 corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.8.20060mlcs4.i586.rpm c61d07979ea8a97200972581b4d41702 corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.8.20060mlcs4.i586.rpm 0c7b3a2769ec6557dc08eb9575b97e57 corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.8.20060mlcs4.i586.rpm af9abfc2e1c4e685155dc3f4eb33a2eb corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.8.20060mlcs4.i586.rpm 98eff5d1ee0e0614bdc6a7a6bff56a1e corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.8.20060mlcs4.i586.rpm b015cedc70056a8603f2b0ff0d67ad5b corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.8.20060mlcs4.i586.rpm faaf4b28dd162997cd8f5c805ff99720 corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.8.20060mlcs4.i586.rpm 3daea8370340ca1f94f08246c1c0d5f0 corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.8.20060mlcs4.i586.rpm aaf91d76d1a39400da63bc0fa6e4529b corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.8.20060mlcs4.i586.rpm 2fcf66b36cc00bf5312e8672358a77f2 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64: 45b1d1842cde5de28b039ea27b583258 corporate/4.0/x86_64/kdegraphics-3.5.4-0.8.20060mlcs4.x86_64.rpm f8854845e1ec41724dd692c862ea5f2d corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.8.20060mlcs4.x86_64.rpm 2053e876eb098bfd3e66335d1559dee0 corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.8.20060mlcs4.x86_64.rpm 0ca9ea1f23a425faf11a34aa68278fae corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.8.20060mlcs4.x86_64.rpm d0b3bfab1c6e06d3b280775ccb0148c4 corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.8.20060mlcs4.x86_64.rpm de102515cd82fbb2d1a982276954a90b corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.8.20060mlcs4.x86_64.rpm 2ab24fdd2bb4baab401adb33f0679937 corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.8.20060mlcs4.x86_64.rpm ebb3e79e1dafdd462774b796963dbf44 corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.8.20060mlcs4.x86_64.rpm 0ed728bf9dacf3bd74a60454474a14f0 corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.8.20060mlcs4.x86_64.rpm 518e3d032f68554987e927d13eda143c corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.8.20060mlcs4.x86_64.rpm 31e391645ccac68d5845238b5b19f5bf corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.8.20060mlcs4.x86_64.rpm dc8b45093d330089a51c5379f88eca27 corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.8.20060mlcs4.x86_64.rpm 301db4e99da585e2ffd70c221fac1ceb corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.8.20060mlcs4.x86_64.rpm 0d0cf2122a0f2024253fada72c249ce5 corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.8.20060mlcs4.x86_64.rpm 61bb88e15c6236eb927b9a7ad52ec951 corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.8.20060mlcs4.x86_64.rpm 4ceccb045a409a678de85757abbb283f corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.8.20060mlcs4.x86_64.rpm 27c0e3e413d43ea48630233166c64db8 corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.8.20060mlcs4.x86_64.rpm 7e71c8ad66d111bb5105c02bc682c985 corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.8.20060mlcs4.x86_64.rpm f5a8505ac85a3da2763bf7cb60b5b85e corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.8.20060mlcs4.x86_64.rpm 49ff1b79d5edce7568f6409c8eabccc9 corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm 85877748738af447e2b2219e782fa988 corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.8.20060mlcs4.x86_64.rpm ca0ed072b4f3addead66e64cf174dc42 corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm eeac9394a0ae1371086c7862d706aa2e corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.8.20060mlcs4.x86_64.rpm 84769df4de641bc615c77e971e727403 corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm 52a3ce24202e480803514108e23e5244 corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.8.20060mlcs4.x86_64.rpm 9254908e6d0f094aab5aa8433beef77a corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm 5aae3dfccff23539d4ec103d783a729d corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.8.20060mlcs4.x86_64.rpm 82bc88d91af010a7c1c99d8c6ac2ca17 corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm 47a591ec73214a9ca4a8a3e6cb71df46 corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.8.20060mlcs4.x86_64.rpm 81cb62a332322f2256fc8b425add3cff corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.8.20060mlcs4.x86_64.rpm 2fcf66b36cc00bf5312e8672358a77f2 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.8.20060mlcs4.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIqwY7mqjQ0CJFipgRAqUOAKCd62Jf/MyXsVBCL585A+EvkplhtACgnTck m6L0UtTi6j93EYp+XKswP8U=
=bQn5
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/