BugTraq
[ MDVSA-2013:143 ] poppler Apr 15 2013 11:14AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:143
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : poppler
Date : April 15, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in poppler:

poppler before 0.22.1 allows context-dependent attackers to cause
a denial of service (crash) and possibly execute arbitrary code via
vectors that trigger an invalid memory access in (1) splash/Splash.cc,
(2) poppler/Function.cc, and (3) poppler/Stream.cc (CVE-2013-1788).

poppler/Stream.cc in poppler before 0.22.1 allows context-dependent
attackers to have an unspecified impact via vectors that trigger a
read of uninitialized memory by the CCITTFaxStream::lookChar function
(CVE-2013-1790).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
e13e7d84fb7b70dfccdfb27378402361 mes5/i586/libpoppler3-0.8.7-2.6mdvmes5.2.i586.rpm
da5189a8d65f54a22c59f020def82282 mes5/i586/libpoppler-devel-0.8.7-2.6mdvmes5.2.i586.rpm
55904ea937d3a3c11fd3d4c6bcf6b855 mes5/i586/libpoppler-glib3-0.8.7-2.6mdvmes5.2.i586.rpm
ffa8266cc4a8ac50ec1118f28bf225f7 mes5/i586/libpoppler-glib-devel-0.8.7-2.6mdvmes5.2.i586.rpm
a68d106e788196d37c95d949ed7dcf4b mes5/i586/libpoppler-qt2-0.8.7-2.6mdvmes5.2.i586.rpm
27a630a2edcbfac25dd2f1df401b41df mes5/i586/libpoppler-qt4-3-0.8.7-2.6mdvmes5.2.i586.rpm
56765c2693f2a4388a06e24e67f031ef mes5/i586/libpoppler-qt4-devel-0.8.7-2.6mdvmes5.2.i586.rpm
5a112c8ab808eef1ecef523b6d45ca48 mes5/i586/libpoppler-qt-devel-0.8.7-2.6mdvmes5.2.i586.rpm
dc0c25e172442d4c44c311cf1ed9b3a1 mes5/i586/poppler-0.8.7-2.6mdvmes5.2.i586.rpm
28bbe7bade35e37cc0e880d0f508af69 mes5/SRPMS/poppler-0.8.7-2.6mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
9f696c754f26af5b1094a7a74472de2d mes5/x86_64/lib64poppler3-0.8.7-2.6mdvmes5.2.x86_64.rpm
a08478b1c084c889b8446509085d3d71 mes5/x86_64/lib64poppler-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm
7cbf2ed46590a3bdcc935e7ef12507da mes5/x86_64/lib64poppler-glib3-0.8.7-2.6mdvmes5.2.x86_64.rpm
58c9f6b4d94621cbf7389e596ca840b1 mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm
1ac442e54148f2abba0ea1546d7d7ab6 mes5/x86_64/lib64poppler-qt2-0.8.7-2.6mdvmes5.2.x86_64.rpm
ee706d1f45a5970d8579f8d7b20b8184 mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.6mdvmes5.2.x86_64.rpm
8cd5a09280738fcdf0871a812e923c87 mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm
7033023530daa6af0518c4f22b956fca mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm
5482ec3f9cb359681eeb9b3106fe2fe3 mes5/x86_64/poppler-0.8.7-2.6mdvmes5.2.x86_64.rpm
28bbe7bade35e37cc0e880d0f508af69 mes5/SRPMS/poppler-0.8.7-2.6mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
edb6011f71f0c648e22e534c1404d1d7 mbs1/x86_64/lib64poppler19-0.18.4-3.1.mbs1.x86_64.rpm
28372765a8f012a844fad72bde53a073 mbs1/x86_64/lib64poppler-cpp0-0.18.4-3.1.mbs1.x86_64.rpm
ebe7dc4ae06f6f528f5800b03c37ee1b mbs1/x86_64/lib64poppler-cpp-devel-0.18.4-3.1.mbs1.x86_64.rpm
522fd11d40f4e38ba3906d776090844f mbs1/x86_64/lib64poppler-devel-0.18.4-3.1.mbs1.x86_64.rpm
644d8abcee07f8e4bad8f15a328bc6fb mbs1/x86_64/lib64poppler-gir0.18-0.18.4-3.1.mbs1.x86_64.rpm
62046dc5484897a29181514231b0552a mbs1/x86_64/lib64poppler-glib8-0.18.4-3.1.mbs1.x86_64.rpm
613993e0404d28ac78b65113e61e2a9c mbs1/x86_64/lib64poppler-glib-devel-0.18.4-3.1.mbs1.x86_64.rpm
786fb2041cb2ad9132379c647c42ffd1 mbs1/x86_64/poppler-0.18.4-3.1.mbs1.x86_64.rpm
ae93c00e6b93f4ebb0701274ccd55526 mbs1/SRPMS/poppler-0.18.4-3.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRa7VrmqjQ0CJFipgRAmPGAKCgCBb7fI6om9idJ+GKMPoK4LalXACdHbLS
DulHJ5gKjYy8pAsPIdzrfwU=
=JAI7
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus