Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > August 2005 > Fedora - Six Update Notifications

August 2005

Fedora - Six Update Notifications

ID: 00685
Ref: 634/05
Date: 16 August 2005:11:42:26
Version: 1
Title: Fedora - Six Update Notifications
Abstract:
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora

Title
=====

Fedora - Six Update Notifications:
1. Fedora Core 4 Update: xpdf-3.00-20.FC4.2 [FEDORA-2005-729]
2. Fedora Core 4 Update: evolution-2.2.3-2.fc4 [FEDORA-2005-743]
3. Fedora Core 3 Update: xpdf-3.00-10.6.FC3 [FEDORA-2005-730]
4. Fedora Core 3 Update: vim-6.3.086-0.fc3.1 [FEDORA-2005-741]
5. Fedora Core 3 Update: evolution-2.0.4-6 [FEDORA-2005-742]
6. Fedora Core 3 Update: kdeedu-3.4.2-0.fc3.2 [FEDORA-2005-745]


Detail
======

Update notification summaries:

1. A flaw was discovered in Xpdf in that an attacker could
construct a carefully crafted PDF file that would cause
Xpdf to consume all available disk space in /tmp when
opened.

2. Fix for SITIC Vulnerability Advisory SA05-001

3. A flaw was discovered in Xpdf in that an attacker could
construct a carefully crafted PDF file that would cause
Xpdf to consume all available disk space in /tmp when
opened.

4. This update is supposed to fix GTK2 dependency problems of
the vim-6.3.086-0.fc3 package.

5. Fix for SITIC Vulnerability Advisory SA05-001

6. The KDE security team were notified about several tempfile
handling related vulnerabilities in langen2kvtml, a conversion
script for kvoctrain. The script must be manually invoked.


Update notification content follows:


1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-729
2005-08-15
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : xpdf
Version : 3.00
Release : 20.FC4.2
Summary : A PDF file viewer for the X Window System.
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.

- ---------------------------------------------------------------------
Update Information:

A flaw was discovered in Xpdf in that an attacker could
construct a carefully crafted PDF file that would cause
Xpdf to consume all available disk space in /tmp when
opened. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-2097 to this issue.

Users of xpdf should upgrade to this updated package, which
contains a patch to resolve this issue.
- ---------------------------------------------------------------------
* Wed Jul 27 2005 Than Ngo 1:3.00-20.FC4.2
- - better patch to fix CAN-2005-2097, #163918
- - fix build problem with gcc4

* Tue Jul 26 2005 Than Ngo 3.00-20.FC4.1
- - backport patch to fix xpdf DoS, CAN-2005-2097, #163918
- - fix xpdf crash #163807


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

45702d839a744d7e47a1fe03bf6e4e40 SRPMS/xpdf-3.00-20.FC4.2.src.rpm
1a726ed1bd8b5dc3141a1614258ebff1 ppc/xpdf-3.00-20.FC4.2.ppc.rpm
61348dbd1b1c3d798f6862446242a7ec ppc/debug/xpdf-debuginfo-3.00-20.FC4.2.ppc.rpm
ff2f134d6361527f9d18d94e46796ebf x86_64/xpdf-3.00-20.FC4.2.x86_64.rpm
11e6090deb68034abb58429a1c415d46
x86_64/debug/xpdf-debuginfo-3.00-20.FC4.2.x86_64.rpm
db028d8f8f8d8242e6ccccdeb26408c7 i386/xpdf-3.00-20.FC4.2.i386.rpm
2aafd3c99dc2931060df6e7aedacff9a i386/debug/xpdf-debuginfo-3.00-20.FC4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




2.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-743
2005-08-11
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : evolution
Version : 2.2.3
Release : 2.fc4
Summary : GNOME's next-generation groupware suite
Description :
Evolution is the GNOME collection of personal information management
(PIM) tools.

Evolution includes a mailer, calendar, contact manager and
communication facility. The tools which make up Evolution will be
tightly integrated with one another and act as a seamless personal
information-management tool.

- ---------------------------------------------------------------------
Update Information:

Fix for SITIC Vulnerability Advisory SA05-001
- ---------------------------------------------------------------------
* Wed Aug 10 2005 David Malcolm - 2.2.3-2.fc4
- - Fix format string issues (Sitic SA05-001)

* Wed Jun 29 2005 David Malcolm - 2.2.3-1.fc4
- - 2.2.3
- - Moved .conduit files to libdir/gnome-pilot/conduits, rather than beneath
datadir, to match gnome-pilot (patch 802)
- - Remove GNOME_COMPILE_WARNINGS from configure.in (since gnome-common might not
be available when we rerun the autotools; patch 803)

* Mon Jun 27 2005 David Malcolm - 2.2.2-8.fc4
- - Replaced patch to port conduits to pilot-link-0.12 with Mark G Adams's version
of same (#161817)
- - Added Mark G Adams's memory leak fix (patch 801)

* Thu May 26 2005 David Malcolm - 2.2.2-7
- - Added Akira Tagoh's patch for calendar keypress handling (#154360)

* Mon May 23 2005 David Malcolm - 2.2.2-6
- - Remove static versions of libraries


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

ccee53b0a13d204288d8809a108cb127 SRPMS/evolution-2.2.3-2.fc4.src.rpm
988d3fd22ec18bf30c4e515f9fee4b01 ppc/evolution-2.2.3-2.fc4.ppc.rpm
ec9f1921257b07e9220dc08f6a439220 ppc/evolution-devel-2.2.3-2.fc4.ppc.rpm
bf35b5a403fcc1c251b51ea27d6afc3c ppc/debug/evolution-debuginfo-2.2.3-2.fc4.ppc.rpm
1d6875b87f50308c420d9f23247751a8 x86_64/evolution-2.2.3-2.fc4.x86_64.rpm
78214e62b6b41ef1ac5dd74c09921c4c x86_64/evolution-devel-2.2.3-2.fc4.x86_64.rpm
0c62019667c5f4bce20806e4b8438799
x86_64/debug/evolution-debuginfo-2.2.3-2.fc4.x86_64.rpm
7337dd5d5b8ba3a9a67e1d67aa89c227 i386/evolution-2.2.3-2.fc4.i386.rpm
5c18b0732760fbc9e8ac62881c4ded08 i386/evolution-devel-2.2.3-2.fc4.i386.rpm
56833f31ef1bc111c44306708a0750bf
i386/debug/evolution-debuginfo-2.2.3-2.fc4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




3.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-730
2005-08-15
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : xpdf
Version : 3.00
Release : 10.6.FC3
Summary : A PDF file viewer for the X Window System.
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.

- ---------------------------------------------------------------------
Update Information:

A flaw was discovered in Xpdf in that an attacker could
construct a carefully crafted PDF file that would cause Xpdf
to consume all available disk space in /tmp when opened. The
Common Vulnerabilities and Exposures project assigned the name
CAN-2005-2097 to this issue.

Users of xpdf should upgrade to this updated package, which
contains a backported patch to resolve this issue.
- ---------------------------------------------------------------------
* Wed Jul 27 2005 Than Ngo 1:3.00-10.6.FC3
- - better patch to fix CAN-2005-2097, #163918

* Tue Jul 26 2005 Than Ngo 1:3.00-10.5.FC3
- - backport patch to fix xpdf DoS, CAN-2005-2097, #163918
- - fix xpdf crash #163807


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

f0fa9a37ace898d04be68f16b5a7bb14 SRPMS/xpdf-3.00-10.6.FC3.src.rpm
405fdeddfd2ca96646fcb2ae605f1c59 x86_64/xpdf-3.00-10.6.FC3.x86_64.rpm
f577bca35f06c9c74460ffad33665614
x86_64/debug/xpdf-debuginfo-3.00-10.6.FC3.x86_64.rpm
80095ec93707eb9b74872f9b49d1a99a i386/xpdf-3.00-10.6.FC3.i386.rpm
14798c621432d77e3a41ec594a47f545 i386/debug/xpdf-debuginfo-3.00-10.6.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




4.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-741
2005-08-15
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : vim
Version : 6.3.086
Release : 0.fc3.1
Summary : The VIM editor.
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

- ---------------------------------------------------------------------
Update Information:

CAN-2005-2368

This update is supposed to fix GTK2 dependency problems of
the vim-6.3.086-0.fc3 package.
- ---------------------------------------------------------------------

- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

e3c48fb411011ce5bb368444f6ac050d SRPMS/vim-6.3.086-0.fc3.1.src.rpm
b41241ae1cb86a03471165b979969348 x86_64/vim-common-6.3.086-0.fc3.1.x86_64.rpm
3d7dce499e60e19e3a63a2bed277ed4c x86_64/vim-minimal-6.3.086-0.fc3.1.x86_64.rpm
a1d674c5016fa76289b4105221b24b7c x86_64/vim-enhanced-6.3.086-0.fc3.1.x86_64.rpm
bc98ae67ec18d0926aa0aa54811d6fa5 x86_64/vim-X11-6.3.086-0.fc3.1.x86_64.rpm
b4bf0c75567619f48461aa2ed2041cd7
x86_64/debug/vim-debuginfo-6.3.086-0.fc3.1.x86_64.rpm
c67ee7b64220dc0521ea2b72b2e3b2c9 i386/vim-common-6.3.086-0.fc3.1.i386.rpm
cab215674875e6fa2694c23ceb4f4907 i386/vim-minimal-6.3.086-0.fc3.1.i386.rpm
b14498c851773faa41806e5a3b0ca937 i386/vim-enhanced-6.3.086-0.fc3.1.i386.rpm
1421cd29da6bf1b8ecbe84b9d0734285 i386/vim-X11-6.3.086-0.fc3.1.i386.rpm
5c192cfc430fb476d4415db4d3b314ae i386/debug/vim-debuginfo-6.3.086-0.fc3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




5.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-742
2005-08-11
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : evolution
Version : 2.0.4
Release : 6
Summary : GNOME's next-generation groupware suite
Description :
Evolution is the GNOME collection of personal information management
(PIM) tools.

Evolution includes a mailer, calendar, contact manager and
communication facility. The tools which make up Evolution will be
tightly integrated with one another and act as a seamless personal
information-management tool.

- ---------------------------------------------------------------------
Update Information:

Fix for SITIC Vulnerability Advisory SA05-001
- ---------------------------------------------------------------------
* Wed Aug 10 2005 David Malcolm - 2.0.4-6
- - Fix format string issues (Sitic SA05-001)

* Wed May 18 2005 David Malcolm - 2.0.4-5
- - Backport fix to use gnome-vfs API to launch external applications (#157767)
- - Removed explicit mozilla_build_version; instead use pkg-config to determine
the path to the NSS/NSPR headers.


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

4bb729900ab8ce3337529440e9d728b3 SRPMS/evolution-2.0.4-6.src.rpm
7998bd3fffe71e5985979b158c7971ba x86_64/evolution-2.0.4-6.x86_64.rpm
d9fb0898d26db48f83e05b3e58828cdd x86_64/evolution-devel-2.0.4-6.x86_64.rpm
e425a2930c867c9eb01d6246146c0637
x86_64/debug/evolution-debuginfo-2.0.4-6.x86_64.rpm
ac6345f4b82c0351902142f669c4e8df i386/evolution-2.0.4-6.i386.rpm
0cf6447171556ec6c93befc72569486d i386/evolution-devel-2.0.4-6.i386.rpm
ce88acc8a83c13bd3d8d05de684969b3 i386/debug/evolution-debuginfo-2.0.4-6.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




6.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-745
2005-08-15
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : kdeedu
Version : 3.4.2
Release : 0.fc3.2
Summary : Educational/Edutainment applications for KDE
Description :
Educational/Edutainment applications for KDE

- ---------------------------------------------------------------------
Update Information:

Ben Burton notified the KDE security team about several
tempfile handling related vulnerabilities in langen2kvtml,
a conversion script for kvoctrain. The script must be
manually invoked.

The script uses known filenames in /tmp which allow an local
attacker to overwrite files writeable by the user invoking the
conversion script.

This update fixes these vulnerabilities.
- ---------------------------------------------------------------------
* Tue Aug 9 2005 Than Ngo 3.4.2-0.fc3.2
- - apply patch to fix tempfile vulnerability, CAN-2005-2101, #165606


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

16f0ba99cbd812599efc87f439e3cd3e SRPMS/kdeedu-3.4.2-0.fc3.2.src.rpm
d76cb28b1363d42cc95ed2e8b6ce453f x86_64/kdeedu-3.4.2-0.fc3.2.x86_64.rpm
9e3beda785a248d2b32fda76c8274be8 x86_64/kdeedu-devel-3.4.2-0.fc3.2.x86_64.rpm
14ba8ddbcb79d5c5800024843c7dd2f7
x86_64/debug/kdeedu-debuginfo-3.4.2-0.fc3.2.x86_64.rpm
918f1d116b2b47b7fc7be55ef1ce5dd8 i386/kdeedu-3.4.2-0.fc3.2.i386.rpm
0461f594898e6caa6745cbf4017ce617 i386/kdeedu-devel-3.4.2-0.fc3.2.i386.rpm
f0a8f527a6f30c9e78118804e54b73ca i386/debug/kdeedu-debuginfo-3.4.2-0.fc3.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |