CentOS Update for xpdf CESA-2009:0430 centos3 i386

The remote host is missing an update for the 'xpdf' package(s) announced via the referenced advisory.

Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179) Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0800) Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF that would cause Xpdf to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws. Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.

xpdf on CentOS 3

Please install the updated packages.