Package name gpdf
Date November 15th, 2007
Advisory ID MDKSA-2007:220
Affected versions CS3.0
Synopsis Updated gpdf packages fix vulnerabilities

Problem Description

Alin Rad Pop found several flaws in how PDF files are handled in gpdf.
An attacker could create a malicious PDF file that would cause gpdf
to crash or potentially execute arbitrary code when opened.

The updated packages have been patched to correct this issue.

Updated Packages

Corporate Server 3.0

 526dfea41ec1b8937170fdbcbf79e616  corporate/3.0/i586/gpdf-0.112-2.9.C30mdk.i586.rpm 
 1fa025a5f8dea5ec889622f8fb35af05  corporate/3.0/SRPMS/gpdf-0.112-2.9.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 043bd32c2f907b8f9d379d34d6b796e3  corporate/3.0/x86_64/gpdf-0.112-2.9.C30mdk.x86_64.rpm 
 1fa025a5f8dea5ec889622f8fb35af05  corporate/3.0/SRPMS/gpdf-0.112-2.9.C30mdk.src.rpm



To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.