Gentoo Archives: gentoo-announce

From: Thierry Carrez <koon@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] UPDATE: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
Date: Sat, 06 Nov 2004 13:32:23
Message-Id: 418CD230.5030503@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200410-30:02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
9 Date: October 28, 2004
10 Updated: November 06, 2004
11 Bugs: #68558, #68665, #68571, #69936, #69624
12 ID: 200410-30:02
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Update
17 =====
18
19 The original fix introduced new vulnerabilities on 64-bit platforms.
20 New fixed packages are available. Updated sections follow.
21
22 Affected packages
23 =================
24
25 -------------------------------------------------------------------
26 Package / Vulnerable / Unaffected
27 -------------------------------------------------------------------
28 1 app-office/koffice < 1.3.4-r1 >= 1.3.4-r1
29 *>= 1.3.3-r2
30 2 app-text/gpdf < 2.8.0-r2 >= 2.8.0-r2
31 *>= 0.132-r2
32 3 kde-base/kdegraphics < 3.3.1-r2 >= 3.3.1-r2
33 *>= 3.3.0-r2
34 *>= 3.2.3-r2
35 -------------------------------------------------------------------
36 3 affected packages on all of their supported architectures.
37 -------------------------------------------------------------------
38
39 Resolution
40 ==========
41
42 All GPdf users should upgrade to the latest version:
43
44 # emerge --sync
45 # emerge --ask --oneshot --verbose ">=app-text/gpdf-0.132-r2"
46
47 All KDE users should upgrade to the latest version of kdegraphics:
48
49 # emerge --sync
50 # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.0-r2"
51
52 All KOffice users should upgrade to the latest version:
53
54 # emerge --sync
55 # emerge --ask --oneshot --verbose ">=app-office/koffice-1.3.3-r2"
56
57 Availability
58 ============
59
60 This GLSA and any updates to it are available for viewing at
61 the Gentoo Security Website:
62
63 http://security.gentoo.org/glsa/glsa-200410-30.xml
64
65 Concerns?
66 =========
67
68 Security is a primary focus of Gentoo Linux and ensuring the
69 confidentiality and security of our users machines is of utmost
70 importance to us. Any security concerns should be addressed to
71 security@g.o or alternatively, you may file a bug at
72 http://bugs.gentoo.org.
73
74 License
75 =======
76
77 Copyright 2004 Gentoo Foundation, Inc; referenced text
78 belongs to its owner(s).
79
80 The contents of this document are licensed under the
81 Creative Commons - Attribution / Share Alike license.
82
83 http://creativecommons.org/licenses/by-sa/1.0

Attachments

File name MIME type
signature.asc application/pgp-signature