gpdf security update

CentOS Errata and Security Advisory CESA-2009:0458

GPdf is a viewer for Portable Document Format (PDF) files.

Multiple integer overflow flaws were found in GPdf’s JBIG2 decoder. An
attacker could create a malicious PDF file that would cause GPdf to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0147,
CVE-2009-1179)

Multiple buffer overflow flaws were found in GPdf’s JBIG2 decoder. An
attacker could create a malicious PDF file that would cause GPdf to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0146,
CVE-2009-1182)

Multiple flaws were found in GPdf’s JBIG2 decoder that could lead to the
freeing of arbitrary memory. An attacker could create a malicious PDF file
that would cause GPdf to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-0166, CVE-2009-1180)

Multiple input validation flaws were found in GPdf’s JBIG2 decoder. An
attacker could create a malicious PDF file that would cause GPdf to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0800)

Multiple denial of service flaws were found in GPdf’s JBIG2 decoder. An
attacker could create a malicious PDF that would cause GPdf to crash when
opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)

Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product
Security team, and Will Dormann of the CERT/CC for responsibly reporting
these flaws.

Users are advised to upgrade to this updated package, which contains
backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-May/078002.html
https://lists.centos.org/pipermail/centos-announce/2009-May/078004.html
https://lists.centos.org/pipermail/centos-announce/2009-May/078086.html
https://lists.centos.org/pipermail/centos-announce/2009-May/078087.html

Affected packages:
gpdf

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0458