Mehrere Probleme in poppler
ID: | 201801-17 |
Distribution: | Gentoo |
Plattformen: | Keine Angabe |
Datum: | Mi, 17. Januar 2018, 17:06 |
Referenzen: | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7511
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9406 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9865 https://nvd.nist.gov/vuln/detail/CVE-2017-2820 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9408 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9083 |
Applikationen: | poppler |
Originalnachricht |
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201801-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Poppler: Multiple vulnerabilities Date: January 17, 2018 Bugs: #619558, #620198, #622430, #624708, #627390 ID: 201801-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Poppler, the worst of which could allow the execution of arbitrary code. Background ========== Poppler is a PDF rendering library based on the xpdf-3.0 code base. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/poppler < 0.57.0-r1 >= 0.57.0-r1 Description =========== Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker, by enticing a user to open a specially crafted PDF, could execute arbitrary code or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Poppler users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/poppler-0.57.0-r1" References ========== [ 1 ] CVE-2017-2820 https://nvd.nist.gov/vuln/detail/CVE-2017-2820 [ 2 ] CVE-2017-7511 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7511 [ 3 ] CVE-2017-9083 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9083 [ 4 ] CVE-2017-9406 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9406 [ 5 ] CVE-2017-9408 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9408 [ 6 ] CVE-2017-9865 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9865 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201801-17 Concerns? ========= --nextPart1544388.dNMdZOJDV3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlpfUuIACgkQpRQw84X1 dt0uGQgAllurN7GfZFcxK22JOd+bP5s8gJsxY+y2avTLibJX/CbtnDLbW/kUoa2z lCgzK2y0DyfQAKAZ6IeHZ256hLTzQkHuGw+Bh2fNSHg88C9AFa29RwJ2R6IVZTk2 ORTBHi5WvdP2GjQ66+Mo+VctHvgETALegny4LlUoAu7Kb9imnoWwLh4ZjNobZ0nW G6VOh0NfnRC/UJkvJcXmCPIdrtoa+RAb1cMGXLPgCb8jozCTD72OQIMrUKpqJilA Yq+p5eYaYBZic6UDPezwl3vUyp/IfiWtlYNmZIEcaDKOX0G6tfpa0GDcHJ6izIhw bo/xdUEMSxRKv3Mgs/CadiqFZALIbQ== =V8fN -----END PGP SIGNATURE----- --nextPart1544388.dNMdZOJDV3-- |