Slackware has issued an advisory on August 21: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.496284 Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron. This issue also affects poppler, but it was already fixed upstream in the versions we have in Mageia 3 and Cauldron. The issue does not affect the version of poppler that we have in Mageia 2. Advisory: ======================== Updated xpdf packages fix security vulnerability: PDF files could be used to inject shell code when xpdf was run from some terminal emulators, due to the use of escape sequences in error messages (CVE-2012-2142). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142 https://bugzilla.redhat.com/show_bug.cgi?id=789936 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.496284 ======================== Updated packages in core/updates_testing: ======================== xpdf-3.03-2.1.mga2 libxpdf0-3.03-2.1.mga2 libxpdf-devel-3.03-2.1.mga2 xpdf-common-3.03-2.1.mga2 xpdf-3.03-4.1.mga3 libxpdf0-3.03-4.1.mga3 libxpdf-devel-3.03-4.1.mga3 xpdf-common-3.03-4.1.mga3 from SRPMS: xpdf-3.03-2.1.mga2.src.rpm xpdf-3.03-4.1.mga3.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA2TOO
Advisory 11061.adv uploaded to svn.
CC: (none) => davidwhodgins
MGA3-32-OK test ok in VirtualBox default install xpdf-3.03-4.mga3.i586 from core release [root@localhost wilcal]# urpmi xpdf Package xpdf-3.03-4.mga3.i586 is already installed Launch xpdf from a terminal and display a test.pdf, all seems fine. install xpdf-3.03-4.1.mga3.i586 from core updates_testing [root@localhost Downloads]# urpmi xpdf Package xpdf-3.03-4.1.mga3.i586 is already installed Launch xpdf from a terminal and display a test.pdf, all seems fine. Launch xpdf from the Menu launcher and display a test.pdf file, all seems fine. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox 4.2.16-1.mga3.x86_64.rpm
CC: (none) => wilcal.intWhiteboard: MGA2TOO => MGA2TOO MGA3-32-OK
MGA3-64-OK test ok in VirtualBox default install xpdf-3.03-4.mga3.x86_64 from core release [root@localhost wilcal]# urpmi xpdf Package xpdf-3.03-4.mga3.x86_64 is already installed Launch xpdf from a terminal and display a test.pdf, all seems fine. install xpdf-3.03-4.1.mga3.x86_64 from core updates_testing [root@localhost Documents]# urpmi xpdf Package xpdf-3.03-4.1.mga3.x86_64 is already installed Launch xpdf from a terminal and display a test.pdf, all seems fine. Launch xpdf from the Menu launcher and display a test.pdf file, all seems fine. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox 4.2.16-1.mga3.x86_64.rpm
Whiteboard: MGA2TOO MGA3-32-OK => MGA2TOO MGA3-32-OK MGA3-64-OK
Testing complete mga2 32 & 64 Validating. Could sysadmin please push from 2 & 3 core/updates_testing to updates Thanks!
Keywords: (none) => validated_updateWhiteboard: MGA2TOO MGA3-32-OK MGA3-64-OK => MGA2TOO MGA3-32-OK MGA3-64-OK mga2-64-ok mga2-32-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0261.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED