lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LfmsO-00040C-DE@titan.mandriva.com>
Date: Sat, 07 Mar 2009 04:07:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:068-1 ] poppler


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2009:068-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : poppler
 Date    : March 7, 2009
 Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A crafted PDF file that triggers a parsing error allows remote
 attackers to cause definal of service. This bug is consequence
 of a wrong processing on FormWidgetChoice::loadDefaults method
 (CVE-2009-0755).
 
 A crafted PDF file that triggers a parsing error allows remote
 attackers to cause definal of service. This bug is consequence of
 an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict
 destructor when JBIG2Stream::readSymbolDictSeg method is used
 (CVE-2009-0756).
 
 This update provides fixes for those vulnerabilities.
 
 This update does not apply for CVE-2009-0755 under Corporate Server
 4.0 libpoppler0-0.4.1-3.7.20060mlcs4.

 Update:

 The previous packages were not signed, this new update fixes that
 issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 b6be528bfc04a7128f41a034acc4c858  2008.0/i586/libpoppler2-0.6-3.4mdv2008.0.i586.rpm
 5ce11cbdf503735bbb0e7396a7c75a45  2008.0/i586/libpoppler-devel-0.6-3.4mdv2008.0.i586.rpm
 fe7b78621d225813e020d49310f23eb6  2008.0/i586/libpoppler-glib2-0.6-3.4mdv2008.0.i586.rpm
 cbb6e652f311f9f42519862a80c786d2  2008.0/i586/libpoppler-glib-devel-0.6-3.4mdv2008.0.i586.rpm
 2bedc0757e73e3da48ad92360c3570ab  2008.0/i586/libpoppler-qt2-0.6-3.4mdv2008.0.i586.rpm
 957f6eda2b9e380b31bd46da75afd237  2008.0/i586/libpoppler-qt4-2-0.6-3.4mdv2008.0.i586.rpm
 af48c284302539cbea49a105ee8c7481  2008.0/i586/libpoppler-qt4-devel-0.6-3.4mdv2008.0.i586.rpm
 9068b9dae11e3804417ce524a75e8e33  2008.0/i586/libpoppler-qt-devel-0.6-3.4mdv2008.0.i586.rpm
 8907f3fd329049680fd45319cd04d637  2008.0/i586/poppler-0.6-3.4mdv2008.0.i586.rpm 
 40695204843aca6f53ca52a6dfed30e8  2008.0/SRPMS/poppler-0.6-3.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 31ccc4965703b3e451c19f39ce7ede1d  2008.0/x86_64/lib64poppler2-0.6-3.4mdv2008.0.x86_64.rpm
 c4d067a480b6954d5325e1539b8325dd  2008.0/x86_64/lib64poppler-devel-0.6-3.4mdv2008.0.x86_64.rpm
 03748430e59d296a83c510892ce8c6f1  2008.0/x86_64/lib64poppler-glib2-0.6-3.4mdv2008.0.x86_64.rpm
 ffeee581c32036d7419ac44109e04672  2008.0/x86_64/lib64poppler-glib-devel-0.6-3.4mdv2008.0.x86_64.rpm
 c92a0ed4b729539170805381806820f3  2008.0/x86_64/lib64poppler-qt2-0.6-3.4mdv2008.0.x86_64.rpm
 0bae60ea196f598f48cfc8f1710e4647  2008.0/x86_64/lib64poppler-qt4-2-0.6-3.4mdv2008.0.x86_64.rpm
 78c077b81c87510eab6cc8bd253d6739  2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.4mdv2008.0.x86_64.rpm
 6c951f0c0b8b487d84b4e6ca1945b20c  2008.0/x86_64/lib64poppler-qt-devel-0.6-3.4mdv2008.0.x86_64.rpm
 53aa65b1208ce95929a80820fd684d42  2008.0/x86_64/poppler-0.6-3.4mdv2008.0.x86_64.rpm 
 40695204843aca6f53ca52a6dfed30e8  2008.0/SRPMS/poppler-0.6-3.4mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 e1f411a24a7158bf9aacf15f99a06347  2008.1/i586/libpoppler2-0.6.4-2.3mdv2008.1.i586.rpm
 5f6334faade2f51ad87d8ac857359814  2008.1/i586/libpoppler-devel-0.6.4-2.3mdv2008.1.i586.rpm
 208c255f0b44e7960b033cfdc5bf3e09  2008.1/i586/libpoppler-glib2-0.6.4-2.3mdv2008.1.i586.rpm
 0925993670c80eb659183306679b4aa9  2008.1/i586/libpoppler-glib-devel-0.6.4-2.3mdv2008.1.i586.rpm
 b9f79459d8eac874b46b6df38b58a6ba  2008.1/i586/libpoppler-qt2-0.6.4-2.3mdv2008.1.i586.rpm
 ede9ef27014b62f50df534e46890b59e  2008.1/i586/libpoppler-qt4-2-0.6.4-2.3mdv2008.1.i586.rpm
 81f609460ede87efb3634366ba76a9d6  2008.1/i586/libpoppler-qt4-devel-0.6.4-2.3mdv2008.1.i586.rpm
 e6d7ad4654495c67fb781bafd666d9db  2008.1/i586/libpoppler-qt-devel-0.6.4-2.3mdv2008.1.i586.rpm
 138a2302ed96ba5949d9930bc580297d  2008.1/i586/poppler-0.6.4-2.3mdv2008.1.i586.rpm 
 d644c4bbe9de2bac87910a43dcb6f8fe  2008.1/SRPMS/poppler-0.6.4-2.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 7fdf9d73576933312c32f0fe87c8c93d  2008.1/x86_64/lib64poppler2-0.6.4-2.3mdv2008.1.x86_64.rpm
 b42239fba4cbbb88188de2d5238d1c56  2008.1/x86_64/lib64poppler-devel-0.6.4-2.3mdv2008.1.x86_64.rpm
 fd9460be9227dae0ba5d9910359e858a  2008.1/x86_64/lib64poppler-glib2-0.6.4-2.3mdv2008.1.x86_64.rpm
 59d18d31ec3c82c239e548a40d72f001  2008.1/x86_64/lib64poppler-glib-devel-0.6.4-2.3mdv2008.1.x86_64.rpm
 6d487fdc80ced9ab394a8c7af8f2f9c0  2008.1/x86_64/lib64poppler-qt2-0.6.4-2.3mdv2008.1.x86_64.rpm
 7cd42a0598771e1083bb92d29f6a5584  2008.1/x86_64/lib64poppler-qt4-2-0.6.4-2.3mdv2008.1.x86_64.rpm
 197369abdaa84cd4be08233554cff37b  2008.1/x86_64/lib64poppler-qt4-devel-0.6.4-2.3mdv2008.1.x86_64.rpm
 4185e4241b95b4fcc842b245276fa6f0  2008.1/x86_64/lib64poppler-qt-devel-0.6.4-2.3mdv2008.1.x86_64.rpm
 7d67cd24cae036ca74223fb43ea23fb1  2008.1/x86_64/poppler-0.6.4-2.3mdv2008.1.x86_64.rpm 
 d644c4bbe9de2bac87910a43dcb6f8fe  2008.1/SRPMS/poppler-0.6.4-2.3mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 d4c04f004c368818d38853c92aa4bbf1  2009.0/i586/libpoppler3-0.8.7-2.2mdv2009.0.i586.rpm
 4d024506356c95c4042e9c9d5bb9bb8f  2009.0/i586/libpoppler-devel-0.8.7-2.2mdv2009.0.i586.rpm
 0554f19626cf4aa4bc5300022606b6f5  2009.0/i586/libpoppler-glib3-0.8.7-2.2mdv2009.0.i586.rpm
 1f8cddca4e8c09f3fa5f8b3fca0352ed  2009.0/i586/libpoppler-glib-devel-0.8.7-2.2mdv2009.0.i586.rpm
 5a957dd285394a3bf71ae89ba0d8a196  2009.0/i586/libpoppler-qt2-0.8.7-2.2mdv2009.0.i586.rpm
 eb72d3444d8aff20d99f55ebe4ef867d  2009.0/i586/libpoppler-qt4-3-0.8.7-2.2mdv2009.0.i586.rpm
 d694fe64d9ae60ffe966238eb6ede92b  2009.0/i586/libpoppler-qt4-devel-0.8.7-2.2mdv2009.0.i586.rpm
 153e5320ae7bed15b22e3cba09a86fb5  2009.0/i586/libpoppler-qt-devel-0.8.7-2.2mdv2009.0.i586.rpm
 4e2392ad242f0b58077f2c2e37bf6b6d  2009.0/i586/poppler-0.8.7-2.2mdv2009.0.i586.rpm 
 01446308427613f217258b52a2eee1fe  2009.0/SRPMS/poppler-0.8.7-2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 0b8f436305440047b6953576eeca371c  2009.0/x86_64/lib64poppler3-0.8.7-2.2mdv2009.0.x86_64.rpm
 81b6a315ac7b3913b5afbd64284ab8e8  2009.0/x86_64/lib64poppler-devel-0.8.7-2.2mdv2009.0.x86_64.rpm
 364c79826c466079f8b409bfec18f921  2009.0/x86_64/lib64poppler-glib3-0.8.7-2.2mdv2009.0.x86_64.rpm
 c9b69789a5477eb556033ad650080b61  2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.2mdv2009.0.x86_64.rpm
 d69621b3c07a1e0077e14c8c56d793e9  2009.0/x86_64/lib64poppler-qt2-0.8.7-2.2mdv2009.0.x86_64.rpm
 45591e111559535e3aa71f57f2f24631  2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.2mdv2009.0.x86_64.rpm
 e7afcd9689c0f7544f201e7450bbc6d3  2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.2mdv2009.0.x86_64.rpm
 4baed4c3f6707ea4e6e7f76b9794bd28  2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.2mdv2009.0.x86_64.rpm
 907eebe34e5a72b5235b2a9a9f99e86b  2009.0/x86_64/poppler-0.8.7-2.2mdv2009.0.x86_64.rpm 
 01446308427613f217258b52a2eee1fe  2009.0/SRPMS/poppler-0.8.7-2.2mdv2009.0.src.rpm

 Corporate 4.0:
 aa8ffe916c682e781401e8013be793c2  corporate/4.0/i586/libpoppler0-0.4.1-3.9.20060mlcs4.i586.rpm
 3f80ec408c7487067548f83ffc6d8024  corporate/4.0/i586/libpoppler0-devel-0.4.1-3.9.20060mlcs4.i586.rpm
 8c6bd3f578818f31e536bc3682f18a39  corporate/4.0/i586/libpoppler-qt0-0.4.1-3.9.20060mlcs4.i586.rpm
 71916f7537d1342b9a8969aa4824f7ae  corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.9.20060mlcs4.i586.rpm 
 c6e6d2856b80c65b00016acd63025604  corporate/4.0/SRPMS/poppler-0.4.1-3.9.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 369a6877b5f8ac44d69a4361c5f1a31f  corporate/4.0/x86_64/lib64poppler0-0.4.1-3.9.20060mlcs4.x86_64.rpm
 335083606b2aaeef8653f9357e813ddd  corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.9.20060mlcs4.x86_64.rpm
 1c04f33928139496cb9ba6ad5b3242c6  corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.9.20060mlcs4.x86_64.rpm
 344863bfaba9016f196c0966c831982d  corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.9.20060mlcs4.x86_64.rpm 
 c6e6d2856b80c65b00016acd63025604  corporate/4.0/SRPMS/poppler-0.4.1-3.9.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJsbd9mqjQ0CJFipgRAj+3AKDj2eclaScZokAtq97hfOQmTNiTPACgxY95
g9g7nwns0H0MBsqVm7PNI60=
=MUZQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ