Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > Four Fedora Legacy Update Advisories

February 2005

Four Fedora Legacy Update Advisories

ID: 00131
Ref: 114/2005
Date: 14 February 2005:14:03:03
Version: 1
Title: Four Fedora Legacy Update Advisories
Abstract:
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora
Title
=====

Three Fedora Legacy Update Advisories:

1. FLSA: 2188 - Updated gaim package resolves security issues

2. FLSA: 2252 - Updated iptables packages resolve security issues

3. FLSA: 2352 - Updated Xpdf package fixes security issues

4. FLSA: 2353 - Updated gpdf package fixes security issues


Detail
======

1. A buffer overflow has been discovered in the MSN protocol handler.
When receiving unexpected sequence of MSNSLP messages, it is possible
that an attacker could cause an internal buffer overflow, leading to a
crash or possible code execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0891
to this issue.

2. Under certain conditions, iptables did not properly load the required
modules at system startup, which caused the firewall rules to fail to
load and protect the system from remote attackers. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0986 to this issue.

3. During a source code audit, Chris Evans and others discovered a
number of integer overflow bugs that affected all versions of xpdf. An
attacker could construct a carefully crafted PDF file that could cause
xpdf to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0888 to this issue.

4. During a source code audit, Chris Evans and others discovered a
number of integer overflow bugs that affected all versions of xpdf.
These issues also affect gpdf as it is based on xpdf source code. An
attacker could construct a carefully crafted PDF file that could cause
gpdf to crash or possibly execute arbitrary code when opened. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0888 to this issue.


1.

- ---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated gaim package resolves security issues
Advisory ID: FLSA:2188
Issue date: 2005-02-10
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2188
CVE Names: CAN-2004-0891
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

An updated gaim package that fixes security issues and various bugs
is now avaliable.

The gaim application is a multi-protocol instant messaging client.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

A buffer overflow has been discovered in the MSN protocol handler.
When receiving unexpected sequence of MSNSLP messages, it is possible
that an attacker could cause an internal buffer overflow, leading to
a crash or possible code execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0891 to this issue.

This updated gaim package also fixes multiple user interface, protocol,
and error handling problems, including an ICQ communication encoding
issue.

Users of gaim are advised to upgrade to this updated package which
contains gaim version 1.0.2 and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only
those RPMs which are currently installed will be updated. Those RPMs
which are not installed but included in the list will not be updated.
Note that you can also use wildcards (*.rpm) if your current directory
*only* contains the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content. Please visit
http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2188 - gaim MSN protocol buffer overflow.

6. RPMs required:

Red Hat Linux 7.3:

SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gaim-1.0.2-0.FC0.73.0.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/gaim-1.0.2-0.FC0.73.0.legacy.i386.rpm

Red Hat Linux 9:

SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gaim-1.0.2-0.FC0.90.0.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/9/updates/i386/gaim-1.0.2-0.FC0.90.0.legacy.i386.rpm

Fedora Core 1:

SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gaim-1.0.2-0.FC1.0.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/9/updates/i386/gaim-1.0.2-0.FC1.0.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
- ---------------------------------------------------------------------

a174d3f8283b608124a7d1061d951d3f44eaf5df
redhat/7.3/updates/i386/gaim-1.0.2-0.FC0.73.0.legacy.i386.rpm
b16668fdeddf34c3534065ab971b511774c346a8
redhat/7.3/updates/SRPMS/gaim-1.0.2-0.FC0.73.0.legacy.src.rpm
4b1ebfc27b5b05868f5737064f16711d72904565
redhat/9/updates/i386/gaim-1.0.2-0.FC0.90.0.legacy.i386.rpm
23dc361672ef204e40dcdba7f5c3a395200625f4
redhat/9/updates/SRPMS/gaim-1.0.2-0.FC0.90.0.legacy.src.rpm
78e9993c468e49abf30779c99a9436046fcce426
fedora/1/updates/i386/gaim-1.0.2-0.FC1.0.legacy.i386.rpm
bed1c8a428c099d51086ddc4acf90571f3a04a98
fedora/1/updates/SRPMS/gaim-1.0.2-0.FC1.0.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key
is available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891


9. Contact:

The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------


2.

- ---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated iptables packages resolve security issues
Advisory ID: FLSA:2252
Issue date: 2005-02-10
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2252
CVE Names: CAN-2004-0986
- ---------------------------------------------------------------------

- ---------------------------------------------------------------------
1. Topic:

Updated iptables packages that correct a security problem are now
available.

The iptables utility controls the network packet filtering code in the
Linux kernel.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

Under certain conditions, iptables did not properly load the required
modules at system startup, which caused the firewall rules to fail to
load and protect the system from remote attackers. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0986 to this issue.

Users of iptables are advised to upgrade to these errata packages,
which contain backported patches correcting these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only
those RPMs which are currently installed will be updated. Those
RPMs which are not installed but included in the list will not be
updated. Note that you can also use wildcards (*.rpm) if your current
directory *only* contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2252 - iptables May Fail to
Automatically Load Some Modules

6. RPMs required:

Red Hat Linux 7.3:

SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/iptables-1.2.8-8.73.1.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/iptables-1.2.8-8.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/iptables-ipv6-1.2.8-8.73.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/iptables-1.2.8-8.90.1.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-1.2.8-8.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-ipv6-1.2.8-8.90.1.legacy.i386.rpm

Fedora Core 1:

SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/iptables-1.2.9-1.0.1.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-1.2.9-1.0.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-devel-1.2.9-1.0.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-ipv6-1.2.9-1.0.1.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
- ---------------------------------------------------------------------

83895bb3697fc2c0a6442a12a481e5670a4c4e36
redhat/7.3/updates/i386/iptables-1.2.8-8.73.1.legacy.i386.rpm
a4fbd94e3307c8f6915e9cdf23b98069e7c9e44c
redhat/7.3/updates/i386/iptables-ipv6-1.2.8-8.73.1.legacy.i386.rpm
d0630819c5a33d60976b5b3c0ed5b7e67bbfc1f6
redhat/7.3/updates/SRPMS/iptables-1.2.8-8.73.1.legacy.src.rpm
1bf551072cb97cb4dfcec90530dbe5f71d3eb4b0
redhat/9/updates/i386/iptables-1.2.8-8.90.1.legacy.i386.rpm
e80b93d0c4161576a2707253b25240a2330f7d43
redhat/9/updates/i386/iptables-ipv6-1.2.8-8.90.1.legacy.i386.rpm
5a7849fa4cc500bf6bc0d8320080fb6ba23d9e32
redhat/9/updates/SRPMS/iptables-1.2.8-8.90.1.legacy.src.rpm
87484b5ab4fed7ddaeea720d5303e7f9eca88d16
fedora/1/updates/i386/iptables-1.2.9-1.0.1.legacy.i386.rpm
6aa4eab81a36ddbbd00d4bde0280dd673dfd5324
fedora/1/updates/i386/iptables-devel-1.2.9-1.0.1.legacy.i386.rpm
4d545e88fbec8ff2371a4ed9c5bc494400db6d63
fedora/1/updates/i386/iptables-ipv6-1.2.9-1.0.1.legacy.i386.rpm
7ded8f4994d1a0017d804969318d8d0a6fa5053c
fedora/1/updates/SRPMS/iptables-1.2.9-1.0.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted
or tampered with, examine only the sha1sum with the following command:

sha1sum

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0986


9. Contact:

The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------


3.

- ---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated Xpdf package fixes security issues
Advisory ID: FLSA:2352
Issue date: 2005-02-10
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2352
CVE Names: CAN-2004-0888 CAN-2004-1125 CAN-2005-0064
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated Xpdf packages that fix several security issues are now available.

Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

During a source code audit, Chris Evans and others discovered a
number of integer overflow bugs that affected all versions of xpdf.
An attacker could construct a carefully crafted PDF file that could
cause xpdf to crash or possibly execute arbitrary code when opened.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0888 to this issue.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf.
An attacker could construct a carefully crafted PDF file that could cause
Xpdf to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1125 to this issue.

A buffer overflow flaw was found when processing the /Encrypt /Length
tag. An attacker could construct a carefully crafted PDF file that could
cause Xpdf to crash or possibly execute arbitrary code when opened. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0064 to this issue.

Users of xpdf are advised to upgrade to these errata packages, which
contain backported patches correcting these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that
you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content. Please visit
http://www fedoralegacy.org/docs for directions on how to configure yum
and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2352 - xpdf 3.00 Buffer overflow

6. RPMs required:

Red Hat Linux 7.3:

SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/xpdf-1.00-7.4.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-1.00-7.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-chinese-simplified-1.00-7.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-chinese-traditional-1.00-7.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-japanese-1.00-7.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-korean-1.00-7.4.legacy.i386.rpm

Red Hat Linux 9:

SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/xpdf-2.01-11.3.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-2.01-11.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-chinese-simplified-2.01-11.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-chinese-traditional-2.01-11.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-japanese-2.01-11.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-korean-2.01-11.3.legacy.i386.rpm

Fedora Core 1:

SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/xpdf-2.03-1.3.legacy.src.rpm

i386: http://download.fedoralegacy.org/fedora/1/updates/i386/xpdf-2.03-1.3.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
- ---------------------------------------------------------------------

423ffbb749b7ee88eeb10e6a859eeb0bf065e14f
redhat/7.3/updates/i386/xpdf-1.00-7.4.legacy.i386.rpm
c73127114f7369b5b7dc47f888bd751aff93126e
redhat/7.3/updates/i386/xpdf-chinese-simplified-1.00-7.4.legacy.i386.rpm
fc92215a4b5767adc4fc97dbdab273116ba4d633
redhat/7.3/updates/i386/xpdf-chinese-traditional-1.00-7.4.legacy.i386.rpm
f723ea683d914c4a07715a06aa986f91617bd4ea
redhat/7.3/updates/i386/xpdf-japanese-1.00-7.4.legacy.i386.rpm
81c63ff5b9f1fc0e6a9a384407a46bd699f33feb
redhat/7.3/updates/i386/xpdf-korean-1.00-7.4.legacy.i386.rpm
e4a7aabeaaac53c1773f2cee640ec1052cffb820
redhat/7.3/updates/SRPMS/xpdf-1.00-7.4.legacy.src.rpm
67e76b9214471447bf79ea1b5b191b16122ba2c0
redhat/9/updates/i386/xpdf-2.01-11.3.legacy.i386.rpm
7c6d5c6374dd7e5c952d37ead71071500ac9fda3
redhat/9/updates/i386/xpdf-chinese-simplified-2.01-11.3.legacy.i386.rpm
e351ec803bc2e7c27aa4677dcd57ad9f4772c492
redhat/9/updates/i386/xpdf-chinese-traditional-2.01-11.3.legacy.i386.rpm
fcde9f1758de64bd50e5ef003cf344c63264b940
redhat/9/updates/i386/xpdf-japanese-2.01-11.3.legacy.i386.rpm
a5e48c1ef2bca6e59b4c27f442078231d6dd68c2
redhat/9/updates/i386/xpdf-korean-2.01-11.3.legacy.i386.rpm
118304e7529774f84fd2a7ac23c4220fe5f92a52
redhat/9/updates/SRPMS/xpdf-2.01-11.3.legacy.src.rpm
604172c53feadba2f6049a41e214dd61ec24fd95
fedora/1/updates/i386/xpdf-2.03-1.3.legacy.i386.rpm
93454fd7f71a3fe88bcc89593312c6120e7168fc
fedora/1/updates/SRPMS/xpdf-2.03-1.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities

9. Contact:

The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------


4.

- ---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated gpdf package fixes security issues
Advisory ID: FLSA:2353
Issue date: 2005-02-10
Product: Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2353
CVE Names: CAN-2004-0888 CAN-2004-1125 CAN-2005-0064
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

An updated gpdf package that fixes a number of integer overflow security
flaws is now available.

GPdf is a viewer for Portable Document Format (PDF) files for GNOME.

2. Relevant releases/architectures:

Fedora Core 1 - i386

3. Problem description:

During a source code audit, Chris Evans and others discovered a number of
integer overflow bugs that affected all versions of xpdf. These issues also
affect gpdf as it is based on xpdf source code. An attacker could construct
a carefully crafted PDF file that could cause gpdf to crash or possibly execute
arbitrary code when opened. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0888 to this issue.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. This
flaw also affects gpdf as it is based on xpdf source code. An attacker could
construct a carefully crafted PDF file that could cause gpdf to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.

A buffer overflow flaw was found when processing the /Encrypt /Length tag.
An attacker could construct a carefully crafted PDF file that could cause
gpdf to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0064 to this issue.

Users of gpdf are advised to upgrade to this errata package, which contains
backported patches correcting these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs
which are currently installed will be updated. Those RPMs which are not
installed but included in the list will not be updated. Note that you can
also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via yum and apt. Many people
find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. This assumes that you have yum or apt-
get configured for obtaining Fedora Legacy content. Please visit
http://www fedoralegacy.org/docs for directions on how to configure yum and
apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2353 - xpdf buffer overflows apply to gpdf

6. RPMs required:

Fedora Core 1:

SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/gpdf-0.110-1.4.legacy.src.rpm

i386: http://download.fedoralegacy.org/fedora/1/updates/i386/gpdf-0.110-1.4.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
- ---------------------------------------------------------------------

63438a137ac33d1355bc6b8065fef0a03dde7e68
fedora/1/updates/i386/gpdf-0.110-1.4.legacy.i386.rpm
19c4e9fd40a135b4ad782c228990edcdc38dad04
fedora/1/updates/SRPMS/gpdf-0.110-1.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities

9. Contact:

The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |