lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PGyEC-0005cg-L3@titan.mandriva.com>
Date: Fri, 12 Nov 2010 19:20:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:231 ] poppler

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:231
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : poppler
 Date    : November 12, 2010
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in poppler:
 
 The Gfx::getPos function in the PDF parser in poppler, allows
 context-dependent attackers to cause a denial of service (crash)
 via unknown vectors that trigger an uninitialized pointer dereference
 (CVE-2010-3702).
 
 The PostScriptFunction::PostScriptFunction function in
 poppler/Function.cc in the PDF parser in poppler, allows
 context-dependent attackers to cause a denial of service (crash)
 via a PDF file that triggers an uninitialized pointer dereference
 (CVE-2010-3703).
 
 The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
 in poppler, allows context-dependent attackers to cause a denial
 of service (crash) and possibly execute arbitrary code via a PDF
 file with a crafted Type1 font that contains a negative array index,
 which bypasses input validation and which triggers memory corruption
 (CVE-2010-3704).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 f8eeb85b978e98a9bfffce7ab584e9df  2010.0/i586/libpoppler5-0.12.4-1.2mdv2010.0.i586.rpm
 11b9dfe9e37261bec174c25aae9d71b4  2010.0/i586/libpoppler-devel-0.12.4-1.2mdv2010.0.i586.rpm
 b9af206162c906094204ed13a4620318  2010.0/i586/libpoppler-glib4-0.12.4-1.2mdv2010.0.i586.rpm
 eea6fc72a55f119c2fe7aef2c37400f6  2010.0/i586/libpoppler-glib-devel-0.12.4-1.2mdv2010.0.i586.rpm
 d83f8f81d2cbb11a3a12e0654d63cd11  2010.0/i586/libpoppler-qt2-0.12.4-1.2mdv2010.0.i586.rpm
 8e1f7d0278a299b55e1b213f90462610  2010.0/i586/libpoppler-qt4-3-0.12.4-1.2mdv2010.0.i586.rpm
 6f1505518bb6a42bd017f4ed00ed5f3f  2010.0/i586/libpoppler-qt4-devel-0.12.4-1.2mdv2010.0.i586.rpm
 6bfceb4bbb5565f829c765e15d9f84f8  2010.0/i586/libpoppler-qt-devel-0.12.4-1.2mdv2010.0.i586.rpm
 69b87e12827e20261bcac5c1a9f6cc47  2010.0/i586/poppler-0.12.4-1.2mdv2010.0.i586.rpm 
 b395b580e189eac53cec4cdce2ceaeeb  2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 5ac922ba77b7e24852b032cb96d66dcc  2010.0/x86_64/lib64poppler5-0.12.4-1.2mdv2010.0.x86_64.rpm
 a35fdb10aaaeda661082eea969c8cb10  2010.0/x86_64/lib64poppler-devel-0.12.4-1.2mdv2010.0.x86_64.rpm
 be4e55287976d6d9f0bc8acdd41dc371  2010.0/x86_64/lib64poppler-glib4-0.12.4-1.2mdv2010.0.x86_64.rpm
 2e63d0dff69e958f0b926cf6d0026c61  2010.0/x86_64/lib64poppler-glib-devel-0.12.4-1.2mdv2010.0.x86_64.rpm
 b50e39d108dc2458c252fbf365e2aaff  2010.0/x86_64/lib64poppler-qt2-0.12.4-1.2mdv2010.0.x86_64.rpm
 7b249ff04f794fb6a8dc8b05564143e4  2010.0/x86_64/lib64poppler-qt4-3-0.12.4-1.2mdv2010.0.x86_64.rpm
 121f80f800f144eb489f0cdce287e7ef  2010.0/x86_64/lib64poppler-qt4-devel-0.12.4-1.2mdv2010.0.x86_64.rpm
 fb7297fbbd3758eca663813932d822fe  2010.0/x86_64/lib64poppler-qt-devel-0.12.4-1.2mdv2010.0.x86_64.rpm
 5fbd9b1cbd0c18cc7f5a77ee8c9421e8  2010.0/x86_64/poppler-0.12.4-1.2mdv2010.0.x86_64.rpm 
 b395b580e189eac53cec4cdce2ceaeeb  2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 039272fbf964bf0cda8ee8be3f73d7f0  2010.1/i586/libpoppler5-0.12.4-2.1mdv2010.1.i586.rpm
 4b8cd7ba4fcad0fdb13d498d9659353e  2010.1/i586/libpoppler-devel-0.12.4-2.1mdv2010.1.i586.rpm
 0c8ecda02ad63275628fdf7dbb886d85  2010.1/i586/libpoppler-glib4-0.12.4-2.1mdv2010.1.i586.rpm
 a899985446082afaf7a552a9d093fa7b  2010.1/i586/libpoppler-glib-devel-0.12.4-2.1mdv2010.1.i586.rpm
 98cc33b6085f8b5a3e450814217a87fc  2010.1/i586/libpoppler-qt2-0.12.4-2.1mdv2010.1.i586.rpm
 aca2798c969fe7e1ae41f8fda8c767bf  2010.1/i586/libpoppler-qt4-3-0.12.4-2.1mdv2010.1.i586.rpm
 766c5b85413728af84378f56647f3d6e  2010.1/i586/libpoppler-qt4-devel-0.12.4-2.1mdv2010.1.i586.rpm
 e1af5e2dda8be30d3ac1e009ce856588  2010.1/i586/libpoppler-qt-devel-0.12.4-2.1mdv2010.1.i586.rpm
 e2060c17f1f8ece622fbcf94e50205d7  2010.1/i586/poppler-0.12.4-2.1mdv2010.1.i586.rpm 
 a3495563ca96089190aef76b6c25df4d  2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 142bdd508c9c62480b467b3aa74a6eb1  2010.1/x86_64/lib64poppler5-0.12.4-2.1mdv2010.1.x86_64.rpm
 423f44b8802e838afbdd9be973bee11b  2010.1/x86_64/lib64poppler-devel-0.12.4-2.1mdv2010.1.x86_64.rpm
 88b25a582c2bf185196e8d68b2567bd9  2010.1/x86_64/lib64poppler-glib4-0.12.4-2.1mdv2010.1.x86_64.rpm
 5ea3f17b45cdddf438d4642348f0133d  2010.1/x86_64/lib64poppler-glib-devel-0.12.4-2.1mdv2010.1.x86_64.rpm
 11e9facfbca3b5d916f480e5053614cd  2010.1/x86_64/lib64poppler-qt2-0.12.4-2.1mdv2010.1.x86_64.rpm
 51f3818574979e270265d94947b863ff  2010.1/x86_64/lib64poppler-qt4-3-0.12.4-2.1mdv2010.1.x86_64.rpm
 d7c2b054dd96ac00eb7caf957d290cf6  2010.1/x86_64/lib64poppler-qt4-devel-0.12.4-2.1mdv2010.1.x86_64.rpm
 9533bb591cd679ba8f880b23605e837a  2010.1/x86_64/lib64poppler-qt-devel-0.12.4-2.1mdv2010.1.x86_64.rpm
 a6fd550b90857f4cbfcd97213d5e7918  2010.1/x86_64/poppler-0.12.4-2.1mdv2010.1.x86_64.rpm 
 a3495563ca96089190aef76b6c25df4d  2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM3VkMmqjQ0CJFipgRAt1ZAKDMo9oWIQ/0cZWwYHte7+QQWtASZwCfTuRR
Qp8m00pY+5aiMBWXOR3I64k=
=VPTO
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ