lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PGx5Z-0005VJ-0l@titan.mandriva.com>
Date: Fri, 12 Nov 2010 18:07:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:230 ] poppler

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:230
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : poppler
 Date    : November 12, 2010
 Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in poppler:
 
 The Gfx::getPos function in the PDF parser in poppler, allows
 context-dependent attackers to cause a denial of service (crash)
 via unknown vectors that trigger an uninitialized pointer dereference
 (CVE-2010-3702).
 
 The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
 in poppler, allows context-dependent attackers to cause a denial
 of service (crash) and possibly execute arbitrary code via a PDF
 file with a crafted Type1 font that contains a negative array index,
 which bypasses input validation and which triggers memory corruption
 (CVE-2010-3704).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 7f53c21143c2c3b836aa7a419180ac07  2009.0/i586/libpoppler3-0.8.7-2.4mdv2009.0.i586.rpm
 5b54624025b37546a2ae6ddfbff45a33  2009.0/i586/libpoppler-devel-0.8.7-2.4mdv2009.0.i586.rpm
 4e5ced8bb6e8e1c4ea02569f34aa8704  2009.0/i586/libpoppler-glib3-0.8.7-2.4mdv2009.0.i586.rpm
 8bc54bd621e9b5db49bcc4f2aa7f1a52  2009.0/i586/libpoppler-glib-devel-0.8.7-2.4mdv2009.0.i586.rpm
 9175057b5fa8aabf684ec73a7360d600  2009.0/i586/libpoppler-qt2-0.8.7-2.4mdv2009.0.i586.rpm
 d2a194c2d40c4c6b352d4798b849c846  2009.0/i586/libpoppler-qt4-3-0.8.7-2.4mdv2009.0.i586.rpm
 0ab549d91bb508d9a7ced780b4b4fee6  2009.0/i586/libpoppler-qt4-devel-0.8.7-2.4mdv2009.0.i586.rpm
 3a74f8ae7ff77fef26adb85490e5fc10  2009.0/i586/libpoppler-qt-devel-0.8.7-2.4mdv2009.0.i586.rpm
 48c32bafa110eec3ff9d4ed810363ecb  2009.0/i586/poppler-0.8.7-2.4mdv2009.0.i586.rpm 
 b1d7ce86fd067dc41f504aa36ade4223  2009.0/SRPMS/poppler-0.8.7-2.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 ffd4a4dfb468756a97ec4c4adb9a62e4  2009.0/x86_64/lib64poppler3-0.8.7-2.4mdv2009.0.x86_64.rpm
 8e2f1b430c8f840b25893def7dd90f4a  2009.0/x86_64/lib64poppler-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
 75553f9660647f0cc16264a9ce8f6ad9  2009.0/x86_64/lib64poppler-glib3-0.8.7-2.4mdv2009.0.x86_64.rpm
 a561ab974260dc5fbd315520bb9d45fa  2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
 64e0b9587bd2cf93d0cc2f2cfca7568c  2009.0/x86_64/lib64poppler-qt2-0.8.7-2.4mdv2009.0.x86_64.rpm
 9ccffa52814cbe649196cf7cf90320d4  2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.4mdv2009.0.x86_64.rpm
 1c6073187c62534c04a26049ddc61699  2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
 3900ce70f9ca7f3286cb11e78c3544e5  2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
 bd1d2e1af7f2b38ae08354f269420568  2009.0/x86_64/poppler-0.8.7-2.4mdv2009.0.x86_64.rpm 
 b1d7ce86fd067dc41f504aa36ade4223  2009.0/SRPMS/poppler-0.8.7-2.4mdv2009.0.src.rpm

 Corporate 4.0:
 2b300192f7597e5f60ca9edf475ddec3  corporate/4.0/i586/libpoppler1-0.5.4-0.2.20060mlcs4.i586.rpm
 595d8bf82aec0c65e15c8082b17443b0  corporate/4.0/i586/libpoppler1-devel-0.5.4-0.2.20060mlcs4.i586.rpm
 cefd95b4d11aa12d40b9295479bb8677  corporate/4.0/i586/libpoppler-qt1-0.5.4-0.2.20060mlcs4.i586.rpm
 a15fffdeeae2d4247a6a5e1264afd873  corporate/4.0/i586/libpoppler-qt1-devel-0.5.4-0.2.20060mlcs4.i586.rpm
 c08ee1d9849f1395b5291a3eb4efbc60  corporate/4.0/i586/poppler-0.5.4-0.2.20060mlcs4.i586.rpm 
 824e6a23b63c19626ceed82b6a1833d7  corporate/4.0/SRPMS/poppler-0.5.4-0.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7eb91f0154cdd6536e4983ced7255886  corporate/4.0/x86_64/lib64poppler1-0.5.4-0.2.20060mlcs4.x86_64.rpm
 44eedfe0a3bda8c3337af5963657fc39  corporate/4.0/x86_64/lib64poppler1-devel-0.5.4-0.2.20060mlcs4.x86_64.rpm
 86def419850ec48133923d10f35a6d42  corporate/4.0/x86_64/lib64poppler-qt1-0.5.4-0.2.20060mlcs4.x86_64.rpm
 1974b5ef34fb85c5762d2f3e9c0a6c4f  corporate/4.0/x86_64/lib64poppler-qt1-devel-0.5.4-0.2.20060mlcs4.x86_64.rpm
 aae38027a62b81cdb85bd3191cd883de  corporate/4.0/x86_64/poppler-0.5.4-0.2.20060mlcs4.x86_64.rpm 
 824e6a23b63c19626ceed82b6a1833d7  corporate/4.0/SRPMS/poppler-0.5.4-0.2.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 ff358b8cd312fa43406ec17f8e976b03  mes5/i586/libpoppler3-0.8.7-2.4mdvmes5.1.i586.rpm
 9ad843204c1c8c9e62b4f78941b0a7ac  mes5/i586/libpoppler-devel-0.8.7-2.4mdvmes5.1.i586.rpm
 44c3296c48916e87bf789e61932c1e08  mes5/i586/libpoppler-glib3-0.8.7-2.4mdvmes5.1.i586.rpm
 cf425dae306739993430d21fed8c527c  mes5/i586/libpoppler-glib-devel-0.8.7-2.4mdvmes5.1.i586.rpm
 73360ccf9a496eae21850b00e0e2c5e1  mes5/i586/libpoppler-qt2-0.8.7-2.4mdvmes5.1.i586.rpm
 7b1d7e8e6d9eb1e56e88ffdd76c4bad8  mes5/i586/libpoppler-qt4-3-0.8.7-2.4mdvmes5.1.i586.rpm
 acdce6479ad4e3802725c0ae9bfff010  mes5/i586/libpoppler-qt4-devel-0.8.7-2.4mdvmes5.1.i586.rpm
 b9ff8b6fdb43cf9a749ec4c322a84e87  mes5/i586/libpoppler-qt-devel-0.8.7-2.4mdvmes5.1.i586.rpm
 7e6cd3024d650f4c25347246d4971987  mes5/i586/poppler-0.8.7-2.4mdvmes5.1.i586.rpm 
 144fbb9f49c87f88c0a1280f05676772  mes5/SRPMS/poppler-0.8.7-2.4mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 5d45bd61973734ccb8cf407cb6a61e0d  mes5/x86_64/lib64poppler3-0.8.7-2.4mdvmes5.1.x86_64.rpm
 7587f59b64cc25eebe9c582361e06ba3  mes5/x86_64/lib64poppler-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
 9d5acb4b14e46b678310f841120ffd76  mes5/x86_64/lib64poppler-glib3-0.8.7-2.4mdvmes5.1.x86_64.rpm
 47a598b51462df98ff6d03c9c9dc64ef  mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
 9d21844c758038cbab58acd2abdd3822  mes5/x86_64/lib64poppler-qt2-0.8.7-2.4mdvmes5.1.x86_64.rpm
 e9cc526c75ba8d5977f43167fdda8a36  mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.4mdvmes5.1.x86_64.rpm
 e0ff756ed0712e766a2755680b465744  mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
 e825dfb741dff48d2223fed8a58c0679  mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
 c67a9a725d1dba7f6273e3f8290eb524  mes5/x86_64/poppler-0.8.7-2.4mdvmes5.1.x86_64.rpm 
 144fbb9f49c87f88c0a1280f05676772  mes5/SRPMS/poppler-0.8.7-2.4mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM3UZPmqjQ0CJFipgRAv3/AKCXFuoZo0UB32Vmp7t9PQJ1li1c+wCg6rr4
fqNS+3MIvshZYaPRSF1I2yg=
=XNo0
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ