lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1257198393.8372.1.camel@mdlinux.technorage.com>
Date: Mon, 02 Nov 2009 16:46:33 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-850-3] poppler vulnerabilities

===========================================================
Ubuntu Security Notice USN-850-3          November 02, 2009
poppler vulnerabilities
CVE-2009-3603, CVE-2009-3604, CVE-2009-3607, CVE-2009-3608,
CVE-2009-3609
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libpoppler-glib4                0.12.0-0ubuntu2.1
  libpoppler5                     0.12.0-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-850-1 fixed vulnerabilities in poppler. This update provides the
corresponding updates for Ubuntu 9.10.

Original advisory details:

 It was discovered that poppler contained multiple security issues when
 parsing malformed PDF documents. If a user or automated system were tricked
 into opening a crafted PDF file, an attacker could cause a denial of
 service or execute arbitrary code with privileges of the user invoking the
 program.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.1.diff.gz
      Size/MD5:    15454 48a80d636158aa98b507c85607c379c7
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.1.dsc
      Size/MD5:     1692 0e33aecf9e3c097fa1a5445bf4396f91
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0.orig.tar.gz
      Size/MD5:  1595424 399b25d9d71ad22bc9a2a9281769c49c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:  1051952 700c63d275b983dba55c6abfd9c3ec21
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:   147622 8f53a579169d196b59c865e6b34579a4
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:    75084 8d5d57f163087638bd61353fba3c82b6
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:    55886 4fb8c88e15cae8a3f2bc03a7dd564612
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:    26020 0b157d328ea46a5cd2a5a637563c01f8
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:   169760 e6a9de15ef88077713abb5486a419a06
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:   245990 72cba1a5cdf707e7cd95c8650c976ee7
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:   757804 6e2520a2a9ba32a4f3e28e39c34fead0
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:  3352280 2674ea34101cd26e76d359e4fa1ae1d0
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:    84172 d2685cf3c57bd1102c210c18f55686b5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   989336 23134e2af4161b817e87d114f36bbb11
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   140976 67cb2da532b6af1009b71825227266ec
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:    72378 2f7c93e9da887f145de10329aba0ef98
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:    53594 71e81f0cab72a786d4be9da566f57bf5
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:    25628 8068a8f5872026777b6e3c659b0f7f94
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   166224 f632da6ffcf74bd16ea244aa62d32cf8
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   231216 73f64210ed94368602bce01cb8623e9e
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   725724 47faef2db50f38de117fe8270b75d2b4
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:  3274002 0faa823f34836a3046221ea840291ac3
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:    80140 56f7601d98080759427904a5cda8fc1c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:  1004264 ab6c2ce6fca7bc156bb79ee9098db4a6
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:   142336 40691b4d045114f85022295f16bb715a
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:    72620 949aefc47f714cd6bf04b572cd64a422
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:    53838 b28eb49e9f317a3ff62dad035e3c18d2
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:    25578 6859e69db4d7b0e849c6ba0b07ceca22
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:   167256 77527ca39229b2908deac999e98feb93
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:   236556 5b472282eb85b9fd5f3f5adfe5bd579c
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:   736340 6e298d3ae22ca1e235efca71adef1e77
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:  3299736 e4317c538e932ef9f349ada04c49772e
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:    81398 c3c07e4d1ca4afd89026c2e94b32d489

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:  1132462 fe92b06a1afaee95aab8e9fee5172ebd
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   154828 e8656dcfca021f74ef74d3305a3777dd
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:    79136 43bec50dd396f4e408e439dcff4050ee
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:    56918 11e2b15a48bcd8f6dd4edf1b2a3f94f6
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:    26764 3a9015b5ef5e4456d99aed94d9795b13
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   170914 364e184c49ad48bcbcb607a754820856
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   251780 c68cee53af60cfc18123960426f71ebd
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   796134 56d908a8957794858adf9fac1f05e69d
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:  3472754 e4df589ab148c9b4e10252edbccf6d63
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:    84200 11bd5fff3480bebdf34a3f448a4e19b9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:  1024090 f0aa671a65979f05b98a68c06702577a
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:   145424 0fa9ac58cbd89b973d473ea8b8097168
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:    73066 44ea8c81756572a26c7cf91a2a28a22e
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:    53156 2d6b94d35ccd3edf77730f19ad142965
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:    24208 6a4d8c3dd160266b3626aace0eb9cb2b
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:   168684 414dea9f6db5bbe8cc1e32d7ea7b1a66
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:   244118 39b3946c546ac384cdc9552257253981
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:   749070 5f96f15d3527c3d4311d4ca3746fc5cc
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:  3243548 25690cbe96ebf2d5da437fe176fe412c
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:    80606 e56113c88e7b1144f7979e869a6f0c2f




Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ