lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080728221805.GB13484@outflux.net>
Date: Mon, 28 Jul 2008 15:18:05 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-631-1] poppler vulnerability

=========================================================== 
Ubuntu Security Notice USN-631-1              July 28, 2008
poppler vulnerability
CVE-2008-2950
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  libpoppler2                     0.6-0ubuntu2.3

Ubuntu 8.04 LTS:
  libpoppler2                     0.6.4-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Felipe Andres Manzano discovered that poppler did not correctly initialize
certain page widgets.  If a user were tricked into viewing a malicious
PDF file, a remote attacker could exploit this to crash applications
linked against poppler, leading to a denial of service.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6-0ubuntu2.3.diff.gz
      Size/MD5:    14304 60e84880ed135ad6962b99a2f70ece45
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6-0ubuntu2.3.dsc
      Size/MD5:     1217 b0b10708006d1ebafb6429e241d226e5
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.orig.tar.gz
      Size/MD5:  1228142 96883867572aa1e55e979ec75369c562

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6-0ubuntu2.3_amd64.deb
      Size/MD5:   944416 63ce3efe8420ef87d875d0640f7f289e
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6-0ubuntu2.3_amd64.deb
      Size/MD5:   157220 9edd733b20ab242a619922ead7c7847a
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6-0ubuntu2.3_amd64.deb
      Size/MD5:   102236 d5f03ef70234c6cbfbf8a0dd7c95cf50
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6-0ubuntu2.3_amd64.deb
      Size/MD5:    80938 2acc7fb66de4c697290ce9a8ab4b8307
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6-0ubuntu2.3_amd64.deb
      Size/MD5:    73164 7dc11aed282cac586e446a955b4dc335
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6-0ubuntu2.3_amd64.deb
      Size/MD5:   193558 ad541b22e629219c09de6869d39ad8c3
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6-0ubuntu2.3_amd64.deb
      Size/MD5:   232848 25241267bb5ef700d444a11c05b9c961
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6-0ubuntu2.3_amd64.deb
      Size/MD5:   690898 d595084121dbe420ef93d4744e3ac4f5
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6-0ubuntu2.3_amd64.deb
      Size/MD5:   126224 951f2bc9b3c53c128b9121a3c6c3d66c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6-0ubuntu2.3_i386.deb
      Size/MD5:   887734 5eb25b39ea0c22eccd5ab4af89e4e4ed
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6-0ubuntu2.3_i386.deb
      Size/MD5:   150898 e77a0a19506f8fd6e7e5fc920b5b78a4
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6-0ubuntu2.3_i386.deb
      Size/MD5:   100076 8f1d1a787234b7d644f1a1105c7e20ef
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6-0ubuntu2.3_i386.deb
      Size/MD5:    77258 7f81da7f6ae2e9fd2ac40f719d4d27e6
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6-0ubuntu2.3_i386.deb
      Size/MD5:    72698 5ef2389b711be2cecbcf853b0b691a2e
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6-0ubuntu2.3_i386.deb
      Size/MD5:   192304 aa5fec08b8f21a9e676ef7a1132b59ac
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6-0ubuntu2.3_i386.deb
      Size/MD5:   222712 b33bd5d0336c93706424f164da057c4f
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6-0ubuntu2.3_i386.deb
      Size/MD5:   668580 6ec4d78fd49e0adf8e068be8992b131b
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6-0ubuntu2.3_i386.deb
      Size/MD5:   120860 591a667e48a7ca99ed49ee01ddf86263

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6-0ubuntu2.3_lpia.deb
      Size/MD5:   904110 56b8a084f5da0ce5b483deb9145e43c8
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6-0ubuntu2.3_lpia.deb
      Size/MD5:   151646 34078b6f1c7dd03b09a9d49c5c781ca9
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6-0ubuntu2.3_lpia.deb
      Size/MD5:   100312 46c34f9b71c0d04b03326f73015db564
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6-0ubuntu2.3_lpia.deb
      Size/MD5:    77740 08b6929b3048c39df47a9502bafc31d7
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6-0ubuntu2.3_lpia.deb
      Size/MD5:    72662 2d208d0aa2e6fcc41a4124f5b1d7db2c
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6-0ubuntu2.3_lpia.deb
      Size/MD5:   195288 2031b4483879873311a73cbfdf729a28
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6-0ubuntu2.3_lpia.deb
      Size/MD5:   224464 c490f31e6a07a46edc5e1ebb9701c221
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6-0ubuntu2.3_lpia.deb
      Size/MD5:   677306 8642fd84565922b7634352db04243c32
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6-0ubuntu2.3_lpia.deb
      Size/MD5:   121850 8182b5f099f787d9ed4442bf7872bb30

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6-0ubuntu2.3_powerpc.deb
      Size/MD5:  1002844 04578e12f116e510b24b9e0d2d8ee090
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6-0ubuntu2.3_powerpc.deb
      Size/MD5:   164740 4d691d9ec4ad1087165cf11fd8e5d264
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6-0ubuntu2.3_powerpc.deb
      Size/MD5:   107298 cd6acf76d851f30182bdb1fa05bfcbc3
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6-0ubuntu2.3_powerpc.deb
      Size/MD5:    80398 81f8a5a2c956e6f828ae5cb2f9f17490
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6-0ubuntu2.3_powerpc.deb
      Size/MD5:    76332 7dc41341770257d938649c48e3d7e9fa
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6-0ubuntu2.3_powerpc.deb
      Size/MD5:   199780 6a302f61dbf30c67d98090d7d25a0dbd
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6-0ubuntu2.3_powerpc.deb
      Size/MD5:   237526 b1e2c21d1488139dced83c244a497398
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6-0ubuntu2.3_powerpc.deb
      Size/MD5:   732008 82591a4bd63db01bc91975509deb2f49
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6-0ubuntu2.3_powerpc.deb
      Size/MD5:   141004 22878d01b622f6032c912b215e1606c0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6-0ubuntu2.3_sparc.deb
      Size/MD5:   909134 c7e4204e37f323af35fdbc1d097180e1
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6-0ubuntu2.3_sparc.deb
      Size/MD5:   152728 07fc3f3bb10bb36a870253cd3f79a758
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6-0ubuntu2.3_sparc.deb
      Size/MD5:    99818 70fba1d4419ceae5c1b478119e04850f
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6-0ubuntu2.3_sparc.deb
      Size/MD5:    76632 99dd6ddc6d32465402f7bf37f9308357
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6-0ubuntu2.3_sparc.deb
      Size/MD5:    71458 18ccafdfb4dfbea92ea58264845f3e3b
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6-0ubuntu2.3_sparc.deb
      Size/MD5:   191570 673fa1300b3bc5127149e345e17751da
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6-0ubuntu2.3_sparc.deb
      Size/MD5:   226710 ae220abf8c8286b532b00b65b4c9a758
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6-0ubuntu2.3_sparc.deb
      Size/MD5:   674798 5ac9f44a610b2ff43678dec030b9eaf2
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6-0ubuntu2.3_sparc.deb
      Size/MD5:   120646 ef903a0096285b7f8787ef14c43374cc

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.1.diff.gz
      Size/MD5:    11034 801fe768d34b19c5fb5d8d876a4b4ebf
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.1.dsc
      Size/MD5:     1221 35bf3e37bcc90b9b039a173ca6a5731f
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4.orig.tar.gz
      Size/MD5:  1294481 13d12ca4e349574cfbbcf4a9b2b3ae52

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.1_amd64.deb
      Size/MD5:   892090 553ff6c4f74074e995de1c4ceadc4374
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.1_amd64.deb
      Size/MD5:   109066 9ac88a1bd737100d2e4dddcb4b4e9d03
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.1_amd64.deb
      Size/MD5:    54810 3a2895f4bfa4cb8be250ba29c98cea58
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.1_amd64.deb
      Size/MD5:    45366 8b8d9c43295b713f015973ae57701381
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.1_amd64.deb
      Size/MD5:    25526 ef379832248c2821003140c48822db9f
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.1_amd64.deb
      Size/MD5:   146692 9e77fd6a5ef457923bd773e99b6f4386
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.1_amd64.deb
      Size/MD5:   200584 942ec772345a806de5d6d61e5efe5549
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.1_amd64.deb
      Size/MD5:   644846 236a0a4d87e441b5dd8eec894d7cc208
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.1_amd64.deb
      Size/MD5:    79032 3f2b6ea555e027cef9f14e7a1d46ff76

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.1_i386.deb
      Size/MD5:   836578 16f0cc8ae631624d14091e8853422114
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.1_i386.deb
      Size/MD5:   102824 179595cf6458285e1a2fd362ed3e9341
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.1_i386.deb
      Size/MD5:    52320 6d4ed78b515b5447260fcff6abe5362a
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.1_i386.deb
      Size/MD5:    41766 0e530837303727f8e6be6fd40d0ac78c
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.1_i386.deb
      Size/MD5:    25050 ebbdc3024c22581647aa90d53ef0136c
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.1_i386.deb
      Size/MD5:   143516 ca365941effdd98ea84329b2b5581f3c
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.1_i386.deb
      Size/MD5:   189228 fc01186e6e77e1882f78de493159b36f
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.1_i386.deb
      Size/MD5:   619600 d127d527e35d947bc24c7db58d865190
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.1_i386.deb
      Size/MD5:    73694 96f3e39b06f9387cc92bc46444c24639

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.1_lpia.deb
      Size/MD5:   856586 cca2260367e4d36a776d059df1b2db57
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.1_lpia.deb
      Size/MD5:   103760 d38e753b633b9c2a1a63b06459f34099
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.1_lpia.deb
      Size/MD5:    52558 0a8f18c8ee8eb5502bd58000f975f262
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.1_lpia.deb
      Size/MD5:    42182 1d10efadc4695ebbd4ff88123d17df98
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.1_lpia.deb
      Size/MD5:    24804 f7040efc7342bcd8e1b200a74a5590e5
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.1_lpia.deb
      Size/MD5:   145074 387ed2c8f6940de89545f0c96adc606f
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.1_lpia.deb
      Size/MD5:   190472 30b8d7f1fbdb8860a24cc71c66b60aca
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.1_lpia.deb
      Size/MD5:   632768 cd3bf5d700c013b250d612c1d1db5a11
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.1_lpia.deb
      Size/MD5:    74714 2129c0ed204b2ae04bbea1a70ab43992

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.1_powerpc.deb
      Size/MD5:   955022 26ad8c76aa7d6d5baffacb0acb3565a3
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.1_powerpc.deb
      Size/MD5:   115788 a0ad5fd01421395daf4664dc00586635
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.1_powerpc.deb
      Size/MD5:    58450 a52e1f514efcbcf4ce0fe347e8c3caf3
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.1_powerpc.deb
      Size/MD5:    45298 f2f0cf3f252ce7f60876c3ec848bd885
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.1_powerpc.deb
      Size/MD5:    28864 6cf7cf00fed312d436163580434a6d21
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.1_powerpc.deb
      Size/MD5:   152688 108505a8f59556e0a7ef86a6e69853d7
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.1_powerpc.deb
      Size/MD5:   208608 77e7c025d9a6dbb7bf83586c31c94c29
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.1_powerpc.deb
      Size/MD5:   681084 8eb4095778c5696983030cb3c9398527
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.1_powerpc.deb
      Size/MD5:    94436 0cb05fa30a9f0d5beb1c04921b1b1829

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.1_sparc.deb
      Size/MD5:   857552 38149e8ecc431ca392e1d9554835860f
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.1_sparc.deb
      Size/MD5:   104088 8ac009e507e678c542d5fc099b9d847f
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.1_sparc.deb
      Size/MD5:    51390 e2d53e2d16e5b6d9157599e0d42e459e
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.1_sparc.deb
      Size/MD5:    41170 552e12af1774ae3d3eff64869cf2d692
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.1_sparc.deb
      Size/MD5:    23902 863c7c02aef704172afa53cd3f8568c5
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.1_sparc.deb
      Size/MD5:   145338 7b42f4a00d1bf8beb99dabd7eb2424cf
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.1_sparc.deb
      Size/MD5:   192370 0b530b09e35e68a135c88cc416c81eaf
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.1_sparc.deb
      Size/MD5:   628426 0a8aaa072e34985b91102732443e29d8
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.1_sparc.deb
      Size/MD5:    72988 28ca78924531b76c5c32e5da8895492a


Download attachment "signature.asc" of type "application/pgp-signature" (228 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ