VUPEN Security - Fedora Security Update Fixes Xpdf Buffer Overflow Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes Xpdf Buffer Overflow Vulnerabilities

Title : Fedora Security Update Fixes Xpdf Buffer Overflow Vulnerabilities
VUPEN ID : VUPEN/ADV-2005-2778
CVE ID : CVE-2005-3191 - CVE-2005-3192 - CVE-2005-3193
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-07

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Fedora has released updated packages to correct multiple vulnerabilities identified in Xpdf. These flaws could be exploited by remote attackers to execute arbitrary commands and take complete control of an affected system. For additional information, see : VUPEN/ADV-2005-2755

Affected Products

Fedora Core 3
Fedora Core 4

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

69dc1262d4ac1a7f706554a2aa278f1b SRPMS/xpdf-3.01-0.FC3.3.src.rpm
1c49642003d2017d0789eed36c409b8b x86_64/xpdf-3.01-0.FC3.3.x86_64.rpm
74af76cadc5d90674a21d1b0e1c245b9 x86_64/debug/xpdf-debuginfo-3.01-0.FC3.3.x86_64.rpm
e87089ed6646877e1ed54018d42dd852 i386/xpdf-3.01-0.FC3.3.i386.rpm
4ec6a4425385b8de2ff961aa738cfd65 i386/debug/xpdf-debuginfo-3.01-0.FC3.3.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

e439b80c57a6ca7d5e2b38f8ae7d276c SRPMS/xpdf-3.01-0.FC4.3.src.rpm
0ee28635d60f65d2d8acc9ae0fe5d7b2 ppc/xpdf-3.01-0.FC4.3.ppc.rpm
729d05aa72aa61af710115ea94fc6954 ppc/debug/xpdf-debuginfo-3.01-0.FC4.3.ppc.rpm
2a191c74800dd66255ac18857c12ac5d x86_64/xpdf-3.01-0.FC4.3.x86_64.rpm
ee1cd4cccec3a0b3bb72de3a72f4ce9a x86_64/debug/xpdf-debuginfo-3.01-0.FC4.3.x86_64.rpm
c7c92841cec26466b576208d14feed9e i386/xpdf-3.01-0.FC4.3.i386.rpm
9ec2d56a438aaa69029a440803f7b802 i386/debug/xpdf-debuginfo-3.01-0.FC4.3.i386.rpm

References

http://www.vupen.com/english/advisories/2005/2778
http://www.frsirt.com/english/reference/1998
http://www.frsirt.com/english/reference/1999

ChangeLog

2005-12-07 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-15

Domain Verkaus and Auktions Portal "id" SQL Injection Vulnerability

>> 2010-03-15

deV!Lz Clanportal "basePath" Parameter File Inclusion Vulnerability

>> 2010-03-15

PhpMyLogon "username" Parameter Remote SQL Injection Vulnerability

>> 2010-03-15

Azeno CMS "id" Parameter Remote SQL Injection Vulnerability

>> 2010-03-15

Geekhelps ADMP SQL Injection and Local File Inclusion Vulnerabilities

More Informations