lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LfhYP-0007TI-0u@titan.mandriva.com>
Date: Fri, 06 Mar 2009 22:26:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:068 ] poppler


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:068
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : poppler
 Date    : March 6, 2009
 Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A crafted PDF file that triggers a parsing error allows remote
 attackers to cause definal of service. This bug is consequence
 of a wrong processing on FormWidgetChoice::loadDefaults method
 (CVE-2009-0755).
 
 A crafted PDF file that triggers a parsing error allows remote
 attackers to cause definal of service. This bug is consequence of
 an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict
 destructor when JBIG2Stream::readSymbolDictSeg method is used
 (CVE-2009-0756).
 
 This update provides fixes for those vulnerabilities.

 Update:

 This update does not apply for CVE-2009-0755 under Corporate Server
 4.0 libpoppler0-0.4.1-3.7.20060mlcs4.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 25aba85bf10c8c9ce0fee931834440a1  2008.0/i586/libpoppler2-0.6-3.3mdv2008.0.i586.rpm
 bc255af1dbbb43c06bf8af78df57d32b  2008.0/i586/libpoppler-devel-0.6-3.3mdv2008.0.i586.rpm
 a78e498d417f830237f85e311e07422e  2008.0/i586/libpoppler-glib2-0.6-3.3mdv2008.0.i586.rpm
 4b25777b3d2065ccd138a0199355c581  2008.0/i586/libpoppler-glib-devel-0.6-3.3mdv2008.0.i586.rpm
 2c76dc7bd1bef388581bb51c4a1e2586  2008.0/i586/libpoppler-qt2-0.6-3.3mdv2008.0.i586.rpm
 94f40dec0be2b78823f5b004f8d4b145  2008.0/i586/libpoppler-qt4-2-0.6-3.3mdv2008.0.i586.rpm
 c743daa88aa6c1d7d6828eb22f1a1785  2008.0/i586/libpoppler-qt4-devel-0.6-3.3mdv2008.0.i586.rpm
 f5ffa665e3ad447e1a4c957fde7c2cb6  2008.0/i586/libpoppler-qt-devel-0.6-3.3mdv2008.0.i586.rpm
 c9a73e92a2002b7b0fcaa7e23f983615  2008.0/i586/poppler-0.6-3.3mdv2008.0.i586.rpm 
 2f57c8b7f1883fc9f718e6b45a0771a8  2008.0/SRPMS/poppler-0.6-3.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 4e8fea9d6ce6a4ea106537f29fc7046e  2008.0/x86_64/lib64poppler2-0.6-3.3mdv2008.0.x86_64.rpm
 32fc22e88ea5e0a472f42961b1c90bd6  2008.0/x86_64/lib64poppler-devel-0.6-3.3mdv2008.0.x86_64.rpm
 698e83ae4307b7452590e4c171491d04  2008.0/x86_64/lib64poppler-glib2-0.6-3.3mdv2008.0.x86_64.rpm
 0eb4ca6c4924c3c07f73df39655c444e  2008.0/x86_64/lib64poppler-glib-devel-0.6-3.3mdv2008.0.x86_64.rpm
 7f09b65cfcf5ac675934d93b5235dd1c  2008.0/x86_64/lib64poppler-qt2-0.6-3.3mdv2008.0.x86_64.rpm
 9101f2cc7dc33e0a571fe11897d4892c  2008.0/x86_64/lib64poppler-qt4-2-0.6-3.3mdv2008.0.x86_64.rpm
 a11f878a4ea924c762d4f80767470973  2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.3mdv2008.0.x86_64.rpm
 5864600413af3f4dbd63910b9a84f410  2008.0/x86_64/lib64poppler-qt-devel-0.6-3.3mdv2008.0.x86_64.rpm
 b40faa6e339465968607f24633bc0eeb  2008.0/x86_64/poppler-0.6-3.3mdv2008.0.x86_64.rpm 
 2f57c8b7f1883fc9f718e6b45a0771a8  2008.0/SRPMS/poppler-0.6-3.3mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 0384b322b63dcabeb7ba0ed99f90c7ce  2008.1/i586/libpoppler2-0.6.4-2.2mdv2008.1.i586.rpm
 86f5be9bd512b0f424ee83809ea16770  2008.1/i586/libpoppler-devel-0.6.4-2.2mdv2008.1.i586.rpm
 0f820a233d9c543ec0c325d06ba1c9e2  2008.1/i586/libpoppler-glib2-0.6.4-2.2mdv2008.1.i586.rpm
 44967afd74f16abffd23cc0194d25f8f  2008.1/i586/libpoppler-glib-devel-0.6.4-2.2mdv2008.1.i586.rpm
 58e4979b5e9a74645765ae7797ac9c10  2008.1/i586/libpoppler-qt2-0.6.4-2.2mdv2008.1.i586.rpm
 2552be8e987d266bf1dde1cdb173c1d0  2008.1/i586/libpoppler-qt4-2-0.6.4-2.2mdv2008.1.i586.rpm
 68f5e36b85c38238fd71bb2efac29260  2008.1/i586/libpoppler-qt4-devel-0.6.4-2.2mdv2008.1.i586.rpm
 f134da50ab28ebee599d84cbb13fedf5  2008.1/i586/libpoppler-qt-devel-0.6.4-2.2mdv2008.1.i586.rpm
 caed58a7e42d2a27193885d9c31eca8f  2008.1/i586/poppler-0.6.4-2.2mdv2008.1.i586.rpm 
 f410bbf328d0bccce9f08cabedda8d19  2008.1/SRPMS/poppler-0.6.4-2.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 5c0fce14ebddc4b7e0fbb31d2127a238  2008.1/x86_64/lib64poppler2-0.6.4-2.2mdv2008.1.x86_64.rpm
 3a9f02d41da3688f5c231744eb5820de  2008.1/x86_64/lib64poppler-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
 4c3396ebafb43a8a34d1bd0c96aff597  2008.1/x86_64/lib64poppler-glib2-0.6.4-2.2mdv2008.1.x86_64.rpm
 834b475b34ae78583927abecff4cdb97  2008.1/x86_64/lib64poppler-glib-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
 623c2b6e0303c6ffa1f9c2abe1b9d13f  2008.1/x86_64/lib64poppler-qt2-0.6.4-2.2mdv2008.1.x86_64.rpm
 aa86340f66a4959712dce15fe5600549  2008.1/x86_64/lib64poppler-qt4-2-0.6.4-2.2mdv2008.1.x86_64.rpm
 e81a97d8721a76934cd16affffba1efb  2008.1/x86_64/lib64poppler-qt4-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
 91619e0b13b586f2f37535f0ab249902  2008.1/x86_64/lib64poppler-qt-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
 cc74a25a3f74a38a0f4c98f4bf9396ed  2008.1/x86_64/poppler-0.6.4-2.2mdv2008.1.x86_64.rpm 
 f410bbf328d0bccce9f08cabedda8d19  2008.1/SRPMS/poppler-0.6.4-2.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 ce56800f6fe4f9db33ede32ef350745c  2009.0/i586/libpoppler3-0.8.7-2.1mdv2009.0.i586.rpm
 33a1ed550b2e2c341661690a8963af24  2009.0/i586/libpoppler-devel-0.8.7-2.1mdv2009.0.i586.rpm
 a27d86ccf053000dbe6d8883be19fbdd  2009.0/i586/libpoppler-glib3-0.8.7-2.1mdv2009.0.i586.rpm
 17117d2e90eb9fe076728d0fd4a6c440  2009.0/i586/libpoppler-glib-devel-0.8.7-2.1mdv2009.0.i586.rpm
 be98bcb0d5f3f74c4bd07845bb654859  2009.0/i586/libpoppler-qt2-0.8.7-2.1mdv2009.0.i586.rpm
 49bd296742e5d1b74fe7df98636e46b4  2009.0/i586/libpoppler-qt4-3-0.8.7-2.1mdv2009.0.i586.rpm
 5e72a15c897daf4f6641bf2bf928cb80  2009.0/i586/libpoppler-qt4-devel-0.8.7-2.1mdv2009.0.i586.rpm
 20cd3595d41d4ac90c0c0285292bf009  2009.0/i586/libpoppler-qt-devel-0.8.7-2.1mdv2009.0.i586.rpm
 cb070e4dee228f58a0c64ad68ed0b1a0  2009.0/i586/poppler-0.8.7-2.1mdv2009.0.i586.rpm 
 29a47aa9fe76eeba24925f47afabf687  2009.0/SRPMS/poppler-0.8.7-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 e297ca0d8751197badc87e5a8ada7411  2009.0/x86_64/lib64poppler3-0.8.7-2.1mdv2009.0.x86_64.rpm
 8409a3a0253a81e35d5c5b84fb141ed5  2009.0/x86_64/lib64poppler-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
 898617990bb3077434d6ffe0175ab744  2009.0/x86_64/lib64poppler-glib3-0.8.7-2.1mdv2009.0.x86_64.rpm
 75199e22dad566f0b5b861d82d38c36f  2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
 3add19f10d4611723a574c4268d0870c  2009.0/x86_64/lib64poppler-qt2-0.8.7-2.1mdv2009.0.x86_64.rpm
 9d0bb0015fc420d445cf5be695cd78dc  2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.1mdv2009.0.x86_64.rpm
 025fea7ad38b1dfe1d7ef956b875fc37  2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
 4d34316ebed58bcf95801671a6c1d6f5  2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
 7483cf79ecff3b95b300d68c0ceb8455  2009.0/x86_64/poppler-0.8.7-2.1mdv2009.0.x86_64.rpm 
 29a47aa9fe76eeba24925f47afabf687  2009.0/SRPMS/poppler-0.8.7-2.1mdv2009.0.src.rpm

 Corporate 4.0:
 9168d447f8242a9acc0db3a77e309cf2  corporate/4.0/i586/libpoppler0-0.4.1-3.8.20060mlcs4.i586.rpm
 4b826fc828ec1b53b0ab28f3697e361a  corporate/4.0/i586/libpoppler0-devel-0.4.1-3.8.20060mlcs4.i586.rpm
 8f273eafc1fac62191a393a551f3b12f  corporate/4.0/i586/libpoppler-qt0-0.4.1-3.8.20060mlcs4.i586.rpm
 99320127444c2c09165c95214f15c9b0  corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.8.20060mlcs4.i586.rpm 
 714cf02d9f3af96bbf2502e48cb9cfd6  corporate/4.0/SRPMS/poppler-0.4.1-3.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 51b1fdec59aa6858a1852234b68a3acf  corporate/4.0/x86_64/lib64poppler0-0.4.1-3.8.20060mlcs4.x86_64.rpm
 51cb75f75d6b83549747da8fee86f47d  corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.8.20060mlcs4.x86_64.rpm
 8a836e5c7cc54eaa38a377ea848388e7  corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.8.20060mlcs4.x86_64.rpm
 32cbc4cdae2ffce0b27e831e61ef9bba  corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.8.20060mlcs4.x86_64.rpm 
 714cf02d9f3af96bbf2502e48cb9cfd6  corporate/4.0/SRPMS/poppler-0.4.1-3.8.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJsWfQmqjQ0CJFipgRAv1EAJ9j/II2bCCPKHom7jn7+hdEvLrMIwCgznj0
sYIwjyRykRyW3e/WXM9ofqQ=
=Lv8x
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ