Alin Rad Pop found several flaws in how PDF files are handled in gpdf.
An attacker could create a malicious PDF file that would cause gpdf
to crash or potentially execute arbitrary code when opened.
The updated packages have been patched to correct this issue.
Corporate Server 3.0
526dfea41ec1b8937170fdbcbf79e616 corporate/3.0/i586/gpdf-0.112-2.9.C30mdk.i586.rpm 1fa025a5f8dea5ec889622f8fb35af05 corporate/3.0/SRPMS/gpdf-0.112-2.9.C30mdk.src.rpm
Corporate Server 3.0/X86_64
043bd32c2f907b8f9d379d34d6b796e3 corporate/3.0/x86_64/gpdf-0.112-2.9.C30mdk.x86_64.rpm 1fa025a5f8dea5ec889622f8fb35af05 corporate/3.0/SRPMS/gpdf-0.112-2.9.C30mdk.src.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.