To: [email protected]Subject: [ MDVSA-2009:068 ] poppler
Date: Fri, 06 Mar 2009 22:26:00 +0100
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1LfhYP-0007TI-0u@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:068
http://www.mandriva.com/security/
_______________________________________________________________________
Package : poppler
Date : March 6, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A crafted PDF file that triggers a parsing error allows remote
attackers to cause definal of service. This bug is consequence
of a wrong processing on FormWidgetChoice::loadDefaults method
(CVE-2009-0755).
A crafted PDF file that triggers a parsing error allows remote
attackers to cause definal of service. This bug is consequence of
an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict
destructor when JBIG2Stream::readSymbolDictSeg method is used
(CVE-2009-0756).
This update provides fixes for those vulnerabilities.
Update:
This update does not apply for CVE-2009-0755 under Corporate Server
4.0 libpoppler0-0.4.1-3.7.20060mlcs4.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
25aba85bf10c8c9ce0fee931834440a1 2008.0/i586/libpoppler2-0.6-3.3mdv2008.0.i586.rpm
bc255af1dbbb43c06bf8af78df57d32b 2008.0/i586/libpoppler-devel-0.6-3.3mdv2008.0.i586.rpm
a78e498d417f830237f85e311e07422e 2008.0/i586/libpoppler-glib2-0.6-3.3mdv2008.0.i586.rpm
4b25777b3d2065ccd138a0199355c581 2008.0/i586/libpoppler-glib-devel-0.6-3.3mdv2008.0.i586.rpm
2c76dc7bd1bef388581bb51c4a1e2586 2008.0/i586/libpoppler-qt2-0.6-3.3mdv2008.0.i586.rpm
94f40dec0be2b78823f5b004f8d4b145 2008.0/i586/libpoppler-qt4-2-0.6-3.3mdv2008.0.i586.rpm
c743daa88aa6c1d7d6828eb22f1a1785 2008.0/i586/libpoppler-qt4-devel-0.6-3.3mdv2008.0.i586.rpm
f5ffa665e3ad447e1a4c957fde7c2cb6 2008.0/i586/libpoppler-qt-devel-0.6-3.3mdv2008.0.i586.rpm
c9a73e92a2002b7b0fcaa7e23f983615 2008.0/i586/poppler-0.6-3.3mdv2008.0.i586.rpm
2f57c8b7f1883fc9f718e6b45a0771a8 2008.0/SRPMS/poppler-0.6-3.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
4e8fea9d6ce6a4ea106537f29fc7046e 2008.0/x86_64/lib64poppler2-0.6-3.3mdv2008.0.x86_64.rpm
32fc22e88ea5e0a472f42961b1c90bd6 2008.0/x86_64/lib64poppler-devel-0.6-3.3mdv2008.0.x86_64.rpm
698e83ae4307b7452590e4c171491d04 2008.0/x86_64/lib64poppler-glib2-0.6-3.3mdv2008.0.x86_64.rpm
0eb4ca6c4924c3c07f73df39655c444e 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.3mdv2008.0.x86_64.rpm
7f09b65cfcf5ac675934d93b5235dd1c 2008.0/x86_64/lib64poppler-qt2-0.6-3.3mdv2008.0.x86_64.rpm
9101f2cc7dc33e0a571fe11897d4892c 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.3mdv2008.0.x86_64.rpm
a11f878a4ea924c762d4f80767470973 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.3mdv2008.0.x86_64.rpm
5864600413af3f4dbd63910b9a84f410 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.3mdv2008.0.x86_64.rpm
b40faa6e339465968607f24633bc0eeb 2008.0/x86_64/poppler-0.6-3.3mdv2008.0.x86_64.rpm
2f57c8b7f1883fc9f718e6b45a0771a8 2008.0/SRPMS/poppler-0.6-3.3mdv2008.0.src.rpm
Mandriva Linux 2008.1:
0384b322b63dcabeb7ba0ed99f90c7ce 2008.1/i586/libpoppler2-0.6.4-2.2mdv2008.1.i586.rpm
86f5be9bd512b0f424ee83809ea16770 2008.1/i586/libpoppler-devel-0.6.4-2.2mdv2008.1.i586.rpm
0f820a233d9c543ec0c325d06ba1c9e2 2008.1/i586/libpoppler-glib2-0.6.4-2.2mdv2008.1.i586.rpm
44967afd74f16abffd23cc0194d25f8f 2008.1/i586/libpoppler-glib-devel-0.6.4-2.2mdv2008.1.i586.rpm
58e4979b5e9a74645765ae7797ac9c10 2008.1/i586/libpoppler-qt2-0.6.4-2.2mdv2008.1.i586.rpm
2552be8e987d266bf1dde1cdb173c1d0 2008.1/i586/libpoppler-qt4-2-0.6.4-2.2mdv2008.1.i586.rpm
68f5e36b85c38238fd71bb2efac29260 2008.1/i586/libpoppler-qt4-devel-0.6.4-2.2mdv2008.1.i586.rpm
f134da50ab28ebee599d84cbb13fedf5 2008.1/i586/libpoppler-qt-devel-0.6.4-2.2mdv2008.1.i586.rpm
caed58a7e42d2a27193885d9c31eca8f 2008.1/i586/poppler-0.6.4-2.2mdv2008.1.i586.rpm
f410bbf328d0bccce9f08cabedda8d19 2008.1/SRPMS/poppler-0.6.4-2.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
5c0fce14ebddc4b7e0fbb31d2127a238 2008.1/x86_64/lib64poppler2-0.6.4-2.2mdv2008.1.x86_64.rpm
3a9f02d41da3688f5c231744eb5820de 2008.1/x86_64/lib64poppler-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
4c3396ebafb43a8a34d1bd0c96aff597 2008.1/x86_64/lib64poppler-glib2-0.6.4-2.2mdv2008.1.x86_64.rpm
834b475b34ae78583927abecff4cdb97 2008.1/x86_64/lib64poppler-glib-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
623c2b6e0303c6ffa1f9c2abe1b9d13f 2008.1/x86_64/lib64poppler-qt2-0.6.4-2.2mdv2008.1.x86_64.rpm
aa86340f66a4959712dce15fe5600549 2008.1/x86_64/lib64poppler-qt4-2-0.6.4-2.2mdv2008.1.x86_64.rpm
e81a97d8721a76934cd16affffba1efb 2008.1/x86_64/lib64poppler-qt4-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
91619e0b13b586f2f37535f0ab249902 2008.1/x86_64/lib64poppler-qt-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
cc74a25a3f74a38a0f4c98f4bf9396ed 2008.1/x86_64/poppler-0.6.4-2.2mdv2008.1.x86_64.rpm
f410bbf328d0bccce9f08cabedda8d19 2008.1/SRPMS/poppler-0.6.4-2.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
ce56800f6fe4f9db33ede32ef350745c 2009.0/i586/libpoppler3-0.8.7-2.1mdv2009.0.i586.rpm
33a1ed550b2e2c341661690a8963af24 2009.0/i586/libpoppler-devel-0.8.7-2.1mdv2009.0.i586.rpm
a27d86ccf053000dbe6d8883be19fbdd 2009.0/i586/libpoppler-glib3-0.8.7-2.1mdv2009.0.i586.rpm
17117d2e90eb9fe076728d0fd4a6c440 2009.0/i586/libpoppler-glib-devel-0.8.7-2.1mdv2009.0.i586.rpm
be98bcb0d5f3f74c4bd07845bb654859 2009.0/i586/libpoppler-qt2-0.8.7-2.1mdv2009.0.i586.rpm
49bd296742e5d1b74fe7df98636e46b4 2009.0/i586/libpoppler-qt4-3-0.8.7-2.1mdv2009.0.i586.rpm
5e72a15c897daf4f6641bf2bf928cb80 2009.0/i586/libpoppler-qt4-devel-0.8.7-2.1mdv2009.0.i586.rpm
20cd3595d41d4ac90c0c0285292bf009 2009.0/i586/libpoppler-qt-devel-0.8.7-2.1mdv2009.0.i586.rpm
cb070e4dee228f58a0c64ad68ed0b1a0 2009.0/i586/poppler-0.8.7-2.1mdv2009.0.i586.rpm
29a47aa9fe76eeba24925f47afabf687 2009.0/SRPMS/poppler-0.8.7-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
e297ca0d8751197badc87e5a8ada7411 2009.0/x86_64/lib64poppler3-0.8.7-2.1mdv2009.0.x86_64.rpm
8409a3a0253a81e35d5c5b84fb141ed5 2009.0/x86_64/lib64poppler-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
898617990bb3077434d6ffe0175ab744 2009.0/x86_64/lib64poppler-glib3-0.8.7-2.1mdv2009.0.x86_64.rpm
75199e22dad566f0b5b861d82d38c36f 2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
3add19f10d4611723a574c4268d0870c 2009.0/x86_64/lib64poppler-qt2-0.8.7-2.1mdv2009.0.x86_64.rpm
9d0bb0015fc420d445cf5be695cd78dc 2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.1mdv2009.0.x86_64.rpm
025fea7ad38b1dfe1d7ef956b875fc37 2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
4d34316ebed58bcf95801671a6c1d6f5 2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
7483cf79ecff3b95b300d68c0ceb8455 2009.0/x86_64/poppler-0.8.7-2.1mdv2009.0.x86_64.rpm
29a47aa9fe76eeba24925f47afabf687 2009.0/SRPMS/poppler-0.8.7-2.1mdv2009.0.src.rpm
Corporate 4.0:
9168d447f8242a9acc0db3a77e309cf2 corporate/4.0/i586/libpoppler0-0.4.1-3.8.20060mlcs4.i586.rpm
4b826fc828ec1b53b0ab28f3697e361a corporate/4.0/i586/libpoppler0-devel-0.4.1-3.8.20060mlcs4.i586.rpm
8f273eafc1fac62191a393a551f3b12f corporate/4.0/i586/libpoppler-qt0-0.4.1-3.8.20060mlcs4.i586.rpm
99320127444c2c09165c95214f15c9b0 corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.8.20060mlcs4.i586.rpm
714cf02d9f3af96bbf2502e48cb9cfd6 corporate/4.0/SRPMS/poppler-0.4.1-3.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
51b1fdec59aa6858a1852234b68a3acf corporate/4.0/x86_64/lib64poppler0-0.4.1-3.8.20060mlcs4.x86_64.rpm
51cb75f75d6b83549747da8fee86f47d corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.8.20060mlcs4.x86_64.rpm
8a836e5c7cc54eaa38a377ea848388e7 corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.8.20060mlcs4.x86_64.rpm
32cbc4cdae2ffce0b27e831e61ef9bba corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.8.20060mlcs4.x86_64.rpm
714cf02d9f3af96bbf2502e48cb9cfd6 corporate/4.0/SRPMS/poppler-0.4.1-3.8.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJsWfQmqjQ0CJFipgRAv1EAJ9j/II2bCCPKHom7jn7+hdEvLrMIwCgznj0
sYIwjyRykRyW3e/WXM9ofqQ=
=Lv8x
-----END PGP SIGNATURE-----