Advisories » MGASA-2013-0261

Updated xpdf packages fixes security vulnerability

Publication date: 26 Aug 2013
Modification date: 26 Aug 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2012-2142

Description

PDF files could be used to inject shell code when xpdf was run from some
terminal emulators, due to the use of escape sequences in error messages
(CVE-2012-2142).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11061
• https://bugzilla.redhat.com/show_bug.cgi?id=789936
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.496284
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142

SRPMS

3/core

• xpdf-3.03-4.1.mga3

2/core

• xpdf-3.03-2.1.mga2