MandrivaUsers.org > Security Advisory (MDKSA-2003:071-1): xpdf

Full Version: Security Advisory (MDKSA-2003:071-1): xpdf

MandrivaUsers.org > Announcements > Mandriva Security Advisories

aru

Jul 24 2003, 02:41 AM

MandrakeSoft Security Advisory MDKSA-2003:071-1 : xpdf

July 23rd, 2003
Updated xpdf packages fix arbitrary code execution vulnerability

Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document.

[u]Update:

New packages are available as the previous patches that had been applied did not correct all possible ways of exploiting this issue.

The released versions of Mandrake GNU/Linux affected are:[list] 9.0

[*] 9.1

[*] Corporate Server 2.1 [list]
Full information about this advisory, including the [b]updated packages, is available at:
www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:071-1

Other references:
http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0434

[size=9]Posted automatically by aru (mdksec2mub v0.0.6)

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.