CentOS Errata and Security Advisory CESA-2008:0239
Poppler is a PDF rendering library, used by applications such as Evince.
Kees Cook discovered a flaw in the way poppler displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications that use poppler -- such as Evince -- to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693)
Users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-April/014856.html http://lists.centos.org/pipermail/centos-announce/2008-April/014857.html
Affected packages: poppler poppler-devel poppler-utils
Upstream details at: https://rhn.redhat.com/errata/RHSA-2008-0239.html