[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] [ MDVSA-2010:087 ] poppler
From: security () mandriva ! com
Date: 2010-04-29 19:07:00
Message-ID: E1O7Z4e-0004EH-Ed () titan ! mandriva ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:087
http://www.mandriva.com/security/
_______________________________________________________________________
Package : poppler
Date : April 29, 2010
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
via a crafted PDF file (CVE-2009-0147).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers an out-of-bounds read (CVE-2009-0799).
Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to execute arbitrary code via a
crafted PDF file (CVE-2009-0800).
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier
allows remote attackers to execute arbitrary code via a crafted PDF
file (CVE-2009-1179).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to execute arbitrary code via a crafted PDF file that triggers a free
of invalid data (CVE-2009-1180).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference (CVE-2009-1181).
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2
and earlier allow remote attackers to execute arbitrary code via a
crafted PDF file (CVE-2009-1182).
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier allows remote
attackers to cause a denial of service (infinite loop and hang)
via a crafted PDF file (CVE-2009-1183).
Integer overflow in the JBIG2 decoding feature in Poppler before
0.10.6 allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via vectors related to CairoOutputDev
(CairoOutputDev.cc) (CVE-2009-1187).
Integer overflow in the JBIG2 decoding feature in Poppler before
0.10.6 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via vectors related to SplashBitmap
(splash/SplashBitmap.cc) (CVE-2009-1188).
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,
does not properly allocate memory, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PDF document that triggers a NULL pointer
dereference or a heap-based buffer overflow (CVE-2009-3604).
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf
before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might
allow remote attackers to execute arbitrary code via a crafted PDF
document that triggers a heap-based buffer overflow (CVE-2009-3606).
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
Additionally the kdegraphics package was rebuild to make
kdegraphics-kpdf link correctly to the new poppler libraries and are
also provided.
The updated poppler packages have upgraded to 0.5.4 and have been
patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
dea66bbd492f22ba623f36ae0102b339 \
corporate/4.0/i586/kdegraphics-3.5.4-0.11.20060mlcs4.i586.rpm eaacb79881584083d5681e79c0ec1e46 \
corporate/4.0/i586/kdegraphics-common-3.5.4-0.11.20060mlcs4.i586.rpm \
a960ae38707f543c53ac96fb856da981 \
corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.11.20060mlcs4.i586.rpm \
672a722cb91868a93a8ff3138055353e \
corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.11.20060mlcs4.i586.rpm \
832787af5c0d252273449282fa6e7c01 \
corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.11.20060mlcs4.i586.rpm \
affd706478ba572240b1c3fb3a40d456 \
corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.11.20060mlcs4.i586.rpm \
b53883590e3543b0d015e966085d6b2e \
corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.11.20060mlcs4.i586.rpm \
297eec12d7f21cd3fc71220ee0ff50e9 \
corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.11.20060mlcs4.i586.rpm \
70006017b4ec0bb49029781cb36689b0 \
corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.11.20060mlcs4.i586.rpm \
269129214d07cb094a62f569baea8e00 \
corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.11.20060mlcs4.i586.rpm \
29129e310c15b3865112b16a6eb109a7 \
corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.11.20060mlcs4.i586.rpm \
1a0bde06b6f6a9af7b18ef7ac514a152 \
corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.11.20060mlcs4.i586.rpm \
bd5423a1a421242ac066f324eb733f42 \
corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.11.20060mlcs4.i586.rpm \
1fe20d0c673fe1e3ddcd60afd4e5d473 \
corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.11.20060mlcs4.i586.rpm \
cae59cdcc9ea7dba41aad24d184cafaa \
corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.11.20060mlcs4.i586.rpm \
e8d0add657152f6a834d6d6dd58e02fe \
corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.11.20060mlcs4.i586.rpm \
5a829be0326888b9613acc993744c39f \
corporate/4.0/i586/kdegraphics-kview-3.5.4-0.11.20060mlcs4.i586.rpm \
9bd1814ef1a568f897fe0b0692404bb6 \
corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.11.20060mlcs4.i586.rpm \
7cf01837d3681fb41c501c11ea8ab030 \
corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.11.20060mlcs4.i586.rpm \
6a29cdda3b4a4f0cd45b041cd8bf6b50 \
corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.11.20060mlcs4.i586.rpm \
82663a9f72adc820a7de1759e63a4d69 \
corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.11.20060mlcs4.i586.rpm \
0fd075cd510d1b935757781b22af1c80 \
corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.11.20060mlcs4.i586.rpm \
483056e6a21a7df3bf29ec60dcb742c9 \
corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.11.20060mlcs4.i586.rpm \
0bef434eda416daeb73c9a5b63d16c4b \
corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.11.20060mlcs4.i586.rpm \
2903f1630b5ab746265f122e1b361b59 \
corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.11.20060mlcs4.i586.rpm \
9ab4acd2409f30fa9d44bd93a46d31dd \
corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.11.20060mlcs4.i586.rpm \
2e398a8d7c54070f9bfd97d5f11a25f5 \
corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.11.20060mlcs4.i586.rpm \
0c05af96ff0515c79f68ccf230a80b19 \
corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.11.20060mlcs4.i586.rpm \
8ece732e8d172ee1a9c9acd6ed5a6842 \
corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.11.20060mlcs4.i586.rpm \
ac8518e4d52be4a05d721c6aaa6e8c32 \
corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.11.20060mlcs4.i586.rpm \
6e8776ceba1e89c7d4c9f8535c83321e corporate/4.0/i586/libpoppler1-0.5.4-0.1.20060mlcs4.i586.rpm \
f62ca0bb896da6f7e276fdcc2ce9ab1d \
corporate/4.0/i586/libpoppler1-devel-0.5.4-0.1.20060mlcs4.i586.rpm \
c5ceadf8331ef8066935e3e962e90544 \
corporate/4.0/i586/libpoppler-qt1-0.5.4-0.1.20060mlcs4.i586.rpm \
2e9ddef72271e5f6e393d378f96edab4 \
corporate/4.0/i586/libpoppler-qt1-devel-0.5.4-0.1.20060mlcs4.i586.rpm \
3972be61f01933a4803656eac7de5b19 corporate/4.0/i586/poppler-0.5.4-0.1.20060mlcs4.i586.rpm \
88983ff8ae37983c60c7a5b4637a6b00 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.11.20060mlcs4.src.rpm \
4fb8f13d956af237eb9b1b258fc3f248 corporate/4.0/SRPMS/poppler-0.5.4-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
614466bad3bbb8fd4d1a231221b4a6cc \
corporate/4.0/x86_64/kdegraphics-3.5.4-0.11.20060mlcs4.x86_64.rpm \
e9437cd560f5f48fd2b97939393386a7 \
corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.11.20060mlcs4.x86_64.rpm \
5121ccdc4cdd2cd6b84e53bc00d98f0b \
corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.11.20060mlcs4.x86_64.rpm \
13dc7c9f2397a179aee58b5bf10b072c \
corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.11.20060mlcs4.x86_64.rpm \
53b353e9edfa33d34eee360bedae5ca9 \
corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.11.20060mlcs4.x86_64.rpm \
a4f4ff609d07d18896e88818aa46d6f0 \
corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.11.20060mlcs4.x86_64.rpm \
eafbd23da8d057bf5177bf7d87127ea9 \
corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.11.20060mlcs4.x86_64.rpm \
a17791eaa9316c418e39522d4e54783e \
corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.11.20060mlcs4.x86_64.rpm \
a37ca8e2f7cf7fe61be675ec9c26305f \
corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.11.20060mlcs4.x86_64.rpm \
d8e992f1dab0041f9d20457d4eaec6bd \
corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.11.20060mlcs4.x86_64.rpm \
27c123a5d099ec3fe22d2b919dbc5510 \
corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.11.20060mlcs4.x86_64.rpm \
aab1c67de88efae3ae1d8e5d30698c2d \
corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.11.20060mlcs4.x86_64.rpm \
2e09a8fc4f383539074e2799c4a97ba1 \
corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.11.20060mlcs4.x86_64.rpm \
d54670b3dfdfa7f8045129a64e514a07 \
corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.11.20060mlcs4.x86_64.rpm \
c82b9ebc34696168c5e65ce87f2a9a67 \
corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.11.20060mlcs4.x86_64.rpm \
fbe3f19d25447527d338b042cfa5fe60 \
corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.11.20060mlcs4.x86_64.rpm \
afeb446e4eaec5f10fbdd2329381b8c0 \
corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.11.20060mlcs4.x86_64.rpm \
5f59c3ee24f3b920ab8c626674f9a60e \
corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.11.20060mlcs4.x86_64.rpm \
acbb79f250a649d105966639998bcaf5 \
corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.11.20060mlcs4.x86_64.rpm \
1ba152d082f731577401d66ef96935ad \
corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.11.20060mlcs4.x86_64.rpm \
55a6e9901a3a210441a8682e415aa742 \
corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.11.20060mlcs4.x86_64.rpm \
ba9753d41cd38b3cd483aa42a153fe23 \
corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.11.20060mlcs4.x86_64.rpm \
26dcfaa91467f532d78f7c324c1dcdf5 \
corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.11.20060mlcs4.x86_64.rpm \
92e971cba13d97b3abdc7a98dc0df258 \
corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.11.20060mlcs4.x86_64.rpm \
4389a06ba0ac3526f17a429010add510 \
corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.11.20060mlcs4.x86_64.rpm \
280fd79e9cdc88fdb0914ef159d3f0cf \
corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.11.20060mlcs4.x86_64.rpm \
c45e9900d456b7d593312acb99b94145 \
corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.11.20060mlcs4.x86_64.rpm \
172d4b0334dc7b3c00df5d2e30f1e1c9 \
corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.11.20060mlcs4.x86_64.rpm \
a3d6df24532cc486c8e3c94f83a901ad \
corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.11.20060mlcs4.x86_64.rpm \
77760b8881b8ac95d717585e1bc99869 \
corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.11.20060mlcs4.x86_64.rpm \
9fb716fd221e76a32560ecb1c6f3f645 \
corporate/4.0/x86_64/lib64poppler1-0.5.4-0.1.20060mlcs4.x86_64.rpm \
15f410a2adba4b06b3a89982b0ecddcf \
corporate/4.0/x86_64/lib64poppler1-devel-0.5.4-0.1.20060mlcs4.x86_64.rpm \
6fea5cfe8ef1c14faaf1a9f507150412 \
corporate/4.0/x86_64/lib64poppler-qt1-0.5.4-0.1.20060mlcs4.x86_64.rpm \
ba25ff0acd3d67f493c40e577edacefb \
corporate/4.0/x86_64/lib64poppler-qt1-devel-0.5.4-0.1.20060mlcs4.x86_64.rpm \
bc1572dceb3f6f4592a4a881a069a4b4 corporate/4.0/x86_64/poppler-0.5.4-0.1.20060mlcs4.x86_64.rpm \
88983ff8ae37983c60c7a5b4637a6b00 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.11.20060mlcs4.src.rpm \
4fb8f13d956af237eb9b1b258fc3f248 corporate/4.0/SRPMS/poppler-0.5.4-0.1.20060mlcs4.src.rpm \
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL2a5ImqjQ0CJFipgRAu/xAJ9moP96wwrYPm1upMlzoYSgc4io9wCgwfWj
py9rAWhy4PUvyuEnjYkVzi0=
=cEiW
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic