[sflack-security] xpdf (SFSA:2007-222-05)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] xpdf (SFSA:2007-222-05)

New xpdf packages are available for Sflack 11.0,
and 12.0 to fix an integer overflow.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/xpdf-3.02pl1-x86_64-1_sflack12.0.tgz:
Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly
be leveraged to run arbitrary code if a malicious PDF file is processed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/xpdf-3.02pl1-x86_64-1_sflack11.0.tgz

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/xpdf-3.02pl1-x86_64-1_sflack12.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
1e4e12f4b0bdb0d117b68b3367eefa51 xpdf-3.02pl1-x86_64-1_sflack11.0.tgz

Sflack 12.0 package:
b62b98e91103c4f9657399d3a010207d xpdf-3.02pl1-x86_64-1_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg xpdf-3.02pl1-x86_64-1_sflack12.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGvZTdw79R6/xskD8RAiy+AJ9vI7EcaHVl1UAgvVaiAI9VHJOqmgCfatOT
0TS61Folb8tNUp6nwDbj98M=
=yr9E
-----END PGP SIGNATURE-----