[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PGx5Z-0005VJ-0l@titan.mandriva.com>
Date: Fri, 12 Nov 2010 18:07:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:230 ] poppler
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:230
http://www.mandriva.com/security/
_______________________________________________________________________
Package : poppler
Date : November 12, 2010
Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in poppler:
The Gfx::getPos function in the PDF parser in poppler, allows
context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in poppler, allows context-dependent attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a PDF
file with a crafted Type1 font that contains a negative array index,
which bypasses input validation and which triggers memory corruption
(CVE-2010-3704).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
7f53c21143c2c3b836aa7a419180ac07 2009.0/i586/libpoppler3-0.8.7-2.4mdv2009.0.i586.rpm
5b54624025b37546a2ae6ddfbff45a33 2009.0/i586/libpoppler-devel-0.8.7-2.4mdv2009.0.i586.rpm
4e5ced8bb6e8e1c4ea02569f34aa8704 2009.0/i586/libpoppler-glib3-0.8.7-2.4mdv2009.0.i586.rpm
8bc54bd621e9b5db49bcc4f2aa7f1a52 2009.0/i586/libpoppler-glib-devel-0.8.7-2.4mdv2009.0.i586.rpm
9175057b5fa8aabf684ec73a7360d600 2009.0/i586/libpoppler-qt2-0.8.7-2.4mdv2009.0.i586.rpm
d2a194c2d40c4c6b352d4798b849c846 2009.0/i586/libpoppler-qt4-3-0.8.7-2.4mdv2009.0.i586.rpm
0ab549d91bb508d9a7ced780b4b4fee6 2009.0/i586/libpoppler-qt4-devel-0.8.7-2.4mdv2009.0.i586.rpm
3a74f8ae7ff77fef26adb85490e5fc10 2009.0/i586/libpoppler-qt-devel-0.8.7-2.4mdv2009.0.i586.rpm
48c32bafa110eec3ff9d4ed810363ecb 2009.0/i586/poppler-0.8.7-2.4mdv2009.0.i586.rpm
b1d7ce86fd067dc41f504aa36ade4223 2009.0/SRPMS/poppler-0.8.7-2.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
ffd4a4dfb468756a97ec4c4adb9a62e4 2009.0/x86_64/lib64poppler3-0.8.7-2.4mdv2009.0.x86_64.rpm
8e2f1b430c8f840b25893def7dd90f4a 2009.0/x86_64/lib64poppler-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
75553f9660647f0cc16264a9ce8f6ad9 2009.0/x86_64/lib64poppler-glib3-0.8.7-2.4mdv2009.0.x86_64.rpm
a561ab974260dc5fbd315520bb9d45fa 2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
64e0b9587bd2cf93d0cc2f2cfca7568c 2009.0/x86_64/lib64poppler-qt2-0.8.7-2.4mdv2009.0.x86_64.rpm
9ccffa52814cbe649196cf7cf90320d4 2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.4mdv2009.0.x86_64.rpm
1c6073187c62534c04a26049ddc61699 2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
3900ce70f9ca7f3286cb11e78c3544e5 2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
bd1d2e1af7f2b38ae08354f269420568 2009.0/x86_64/poppler-0.8.7-2.4mdv2009.0.x86_64.rpm
b1d7ce86fd067dc41f504aa36ade4223 2009.0/SRPMS/poppler-0.8.7-2.4mdv2009.0.src.rpm
Corporate 4.0:
2b300192f7597e5f60ca9edf475ddec3 corporate/4.0/i586/libpoppler1-0.5.4-0.2.20060mlcs4.i586.rpm
595d8bf82aec0c65e15c8082b17443b0 corporate/4.0/i586/libpoppler1-devel-0.5.4-0.2.20060mlcs4.i586.rpm
cefd95b4d11aa12d40b9295479bb8677 corporate/4.0/i586/libpoppler-qt1-0.5.4-0.2.20060mlcs4.i586.rpm
a15fffdeeae2d4247a6a5e1264afd873 corporate/4.0/i586/libpoppler-qt1-devel-0.5.4-0.2.20060mlcs4.i586.rpm
c08ee1d9849f1395b5291a3eb4efbc60 corporate/4.0/i586/poppler-0.5.4-0.2.20060mlcs4.i586.rpm
824e6a23b63c19626ceed82b6a1833d7 corporate/4.0/SRPMS/poppler-0.5.4-0.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7eb91f0154cdd6536e4983ced7255886 corporate/4.0/x86_64/lib64poppler1-0.5.4-0.2.20060mlcs4.x86_64.rpm
44eedfe0a3bda8c3337af5963657fc39 corporate/4.0/x86_64/lib64poppler1-devel-0.5.4-0.2.20060mlcs4.x86_64.rpm
86def419850ec48133923d10f35a6d42 corporate/4.0/x86_64/lib64poppler-qt1-0.5.4-0.2.20060mlcs4.x86_64.rpm
1974b5ef34fb85c5762d2f3e9c0a6c4f corporate/4.0/x86_64/lib64poppler-qt1-devel-0.5.4-0.2.20060mlcs4.x86_64.rpm
aae38027a62b81cdb85bd3191cd883de corporate/4.0/x86_64/poppler-0.5.4-0.2.20060mlcs4.x86_64.rpm
824e6a23b63c19626ceed82b6a1833d7 corporate/4.0/SRPMS/poppler-0.5.4-0.2.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
ff358b8cd312fa43406ec17f8e976b03 mes5/i586/libpoppler3-0.8.7-2.4mdvmes5.1.i586.rpm
9ad843204c1c8c9e62b4f78941b0a7ac mes5/i586/libpoppler-devel-0.8.7-2.4mdvmes5.1.i586.rpm
44c3296c48916e87bf789e61932c1e08 mes5/i586/libpoppler-glib3-0.8.7-2.4mdvmes5.1.i586.rpm
cf425dae306739993430d21fed8c527c mes5/i586/libpoppler-glib-devel-0.8.7-2.4mdvmes5.1.i586.rpm
73360ccf9a496eae21850b00e0e2c5e1 mes5/i586/libpoppler-qt2-0.8.7-2.4mdvmes5.1.i586.rpm
7b1d7e8e6d9eb1e56e88ffdd76c4bad8 mes5/i586/libpoppler-qt4-3-0.8.7-2.4mdvmes5.1.i586.rpm
acdce6479ad4e3802725c0ae9bfff010 mes5/i586/libpoppler-qt4-devel-0.8.7-2.4mdvmes5.1.i586.rpm
b9ff8b6fdb43cf9a749ec4c322a84e87 mes5/i586/libpoppler-qt-devel-0.8.7-2.4mdvmes5.1.i586.rpm
7e6cd3024d650f4c25347246d4971987 mes5/i586/poppler-0.8.7-2.4mdvmes5.1.i586.rpm
144fbb9f49c87f88c0a1280f05676772 mes5/SRPMS/poppler-0.8.7-2.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
5d45bd61973734ccb8cf407cb6a61e0d mes5/x86_64/lib64poppler3-0.8.7-2.4mdvmes5.1.x86_64.rpm
7587f59b64cc25eebe9c582361e06ba3 mes5/x86_64/lib64poppler-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
9d5acb4b14e46b678310f841120ffd76 mes5/x86_64/lib64poppler-glib3-0.8.7-2.4mdvmes5.1.x86_64.rpm
47a598b51462df98ff6d03c9c9dc64ef mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
9d21844c758038cbab58acd2abdd3822 mes5/x86_64/lib64poppler-qt2-0.8.7-2.4mdvmes5.1.x86_64.rpm
e9cc526c75ba8d5977f43167fdda8a36 mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.4mdvmes5.1.x86_64.rpm
e0ff756ed0712e766a2755680b465744 mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
e825dfb741dff48d2223fed8a58c0679 mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
c67a9a725d1dba7f6273e3f8290eb524 mes5/x86_64/poppler-0.8.7-2.4mdvmes5.1.x86_64.rpm
144fbb9f49c87f88c0a1280f05676772 mes5/SRPMS/poppler-0.8.7-2.4mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM3UZPmqjQ0CJFipgRAv3/AKCXFuoZo0UB32Vmp7t9PQJ1li1c+wCg6rr4
fqNS+3MIvshZYaPRSF1I2yg=
=XNo0
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists