drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in poppler
Name: |
Mehrere Probleme in poppler |
|
ID: |
RHSA-2019:2713-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Mi, 11. September 2019, 12:45 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2019-9200
https://access.redhat.com/security/cve/CVE-2019-9631
https://access.redhat.com/security/cve/CVE-2019-7310
https://access.redhat.com/security/cve/CVE-2019-9903
https://access.redhat.com/security/cve/CVE-2018-20551
https://access.redhat.com/security/cve/CVE-2018-20662
https://access.redhat.com/security/cve/CVE-2019-10871
https://access.redhat.com/security/cve/CVE-2018-20650
https://access.redhat.com/security/cve/CVE-2019-9959
https://access.redhat.com/security/cve/CVE-2018-18897
https://access.redhat.com/security/cve/CVE-2019-12293
https://access.redhat.com/security/cve/CVE-2018-20481 |
|
Applikationen: |
poppler |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: poppler security update Advisory ID: RHSA-2019:2713-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2713 Issue date: 2019-09-10 CVE Names: CVE-2018-18897 CVE-2018-20481 CVE-2018-20551 CVE-2018-20650 CVE-2018-20662 CVE-2019-7310 CVE-2019-9200 CVE-2019-9631 CVE-2019-9903 CVE-2019-9959 CVE-2019-10871 CVE-2019-12293 =====================================================================
1. Summary:
An update for poppler is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.
Security Fix(es):
* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)
* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)
* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)
* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)
* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)
* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)
* poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)
* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)
* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)
* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)
* poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)
* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1646546 - CVE-2018-18897 poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc 1665259 - CVE-2018-20551 poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c 1665263 - CVE-2018-20650 poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc 1665266 - CVE-2018-20481 poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc 1665273 - CVE-2018-20662 poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc 1672419 - CVE-2019-7310 poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc 1683632 - CVE-2019-9200 poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc 1686802 - CVE-2019-9631 poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc 1691724 - CVE-2019-9903 poppler: stack consumption in function Dict::find() in Dict.cc 1696636 - CVE-2019-10871 poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc 1713582 - CVE-2019-12293 poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc 1732340 - CVE-2019-9959 poppler: integer overflow in JPXStream::init function leading to memory consumption
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: poppler-0.66.0-11.el8_0.12.src.rpm
aarch64: poppler-0.66.0-11.el8_0.12.aarch64.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm poppler-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm poppler-debugsource-0.66.0-11.el8_0.12.aarch64.rpm poppler-glib-0.66.0-11.el8_0.12.aarch64.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm poppler-utils-0.66.0-11.el8_0.12.aarch64.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
ppc64le: poppler-0.66.0-11.el8_0.12.ppc64le.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm poppler-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm poppler-debugsource-0.66.0-11.el8_0.12.ppc64le.rpm poppler-glib-0.66.0-11.el8_0.12.ppc64le.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm poppler-utils-0.66.0-11.el8_0.12.ppc64le.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
s390x: poppler-0.66.0-11.el8_0.12.s390x.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.s390x.rpm poppler-debuginfo-0.66.0-11.el8_0.12.s390x.rpm poppler-debugsource-0.66.0-11.el8_0.12.s390x.rpm poppler-glib-0.66.0-11.el8_0.12.s390x.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.s390x.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.s390x.rpm poppler-utils-0.66.0-11.el8_0.12.s390x.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
x86_64: poppler-0.66.0-11.el8_0.12.i686.rpm poppler-0.66.0-11.el8_0.12.x86_64.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm poppler-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm poppler-debugsource-0.66.0-11.el8_0.12.i686.rpm poppler-debugsource-0.66.0-11.el8_0.12.x86_64.rpm poppler-glib-0.66.0-11.el8_0.12.i686.rpm poppler-glib-0.66.0-11.el8_0.12.x86_64.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm poppler-utils-0.66.0-11.el8_0.12.x86_64.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: poppler-cpp-0.66.0-11.el8_0.12.aarch64.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm poppler-cpp-devel-0.66.0-11.el8_0.12.aarch64.rpm poppler-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm poppler-debugsource-0.66.0-11.el8_0.12.aarch64.rpm poppler-devel-0.66.0-11.el8_0.12.aarch64.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm poppler-glib-devel-0.66.0-11.el8_0.12.aarch64.rpm poppler-qt5-0.66.0-11.el8_0.12.aarch64.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm poppler-qt5-devel-0.66.0-11.el8_0.12.aarch64.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
ppc64le: poppler-cpp-0.66.0-11.el8_0.12.ppc64le.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm poppler-cpp-devel-0.66.0-11.el8_0.12.ppc64le.rpm poppler-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm poppler-debugsource-0.66.0-11.el8_0.12.ppc64le.rpm poppler-devel-0.66.0-11.el8_0.12.ppc64le.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm poppler-glib-devel-0.66.0-11.el8_0.12.ppc64le.rpm poppler-qt5-0.66.0-11.el8_0.12.ppc64le.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm poppler-qt5-devel-0.66.0-11.el8_0.12.ppc64le.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
s390x: poppler-cpp-0.66.0-11.el8_0.12.s390x.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.s390x.rpm poppler-cpp-devel-0.66.0-11.el8_0.12.s390x.rpm poppler-debuginfo-0.66.0-11.el8_0.12.s390x.rpm poppler-debugsource-0.66.0-11.el8_0.12.s390x.rpm poppler-devel-0.66.0-11.el8_0.12.s390x.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.s390x.rpm poppler-glib-devel-0.66.0-11.el8_0.12.s390x.rpm poppler-qt5-0.66.0-11.el8_0.12.s390x.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.s390x.rpm poppler-qt5-devel-0.66.0-11.el8_0.12.s390x.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
x86_64: poppler-cpp-0.66.0-11.el8_0.12.i686.rpm poppler-cpp-0.66.0-11.el8_0.12.x86_64.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-cpp-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm poppler-cpp-devel-0.66.0-11.el8_0.12.i686.rpm poppler-cpp-devel-0.66.0-11.el8_0.12.x86_64.rpm poppler-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm poppler-debugsource-0.66.0-11.el8_0.12.i686.rpm poppler-debugsource-0.66.0-11.el8_0.12.x86_64.rpm poppler-devel-0.66.0-11.el8_0.12.i686.rpm poppler-devel-0.66.0-11.el8_0.12.x86_64.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-glib-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm poppler-glib-devel-0.66.0-11.el8_0.12.i686.rpm poppler-glib-devel-0.66.0-11.el8_0.12.x86_64.rpm poppler-qt5-0.66.0-11.el8_0.12.i686.rpm poppler-qt5-0.66.0-11.el8_0.12.x86_64.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-qt5-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm poppler-qt5-devel-0.66.0-11.el8_0.12.i686.rpm poppler-qt5-devel-0.66.0-11.el8_0.12.x86_64.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.i686.rpm poppler-utils-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-18897 https://access.redhat.com/security/cve/CVE-2018-20481 https://access.redhat.com/security/cve/CVE-2018-20551 https://access.redhat.com/security/cve/CVE-2018-20650 https://access.redhat.com/security/cve/CVE-2018-20662 https://access.redhat.com/security/cve/CVE-2019-7310 https://access.redhat.com/security/cve/CVE-2019-9200 https://access.redhat.com/security/cve/CVE-2019-9631 https://access.redhat.com/security/cve/CVE-2019-9903 https://access.redhat.com/security/cve/CVE-2019-9959 https://access.redhat.com/security/cve/CVE-2019-10871 https://access.redhat.com/security/cve/CVE-2019-12293 https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXi/19zjgjWX9erEAQiPdw/+LtA/G5SgnDzFpdhpxOa9X+noX5a+2dXO Qiheg9ozVvajD+4qp2dUwq2r53dLH0tDeCt6wl0YIvUmfE3+UBPIuJG7ijD5GVg5 p+PdxeGm9NcpusPTLn3c2pkxW7XM6emrd/l+7ImmTvqaCeug8nEp5PVXuYSYajC1 gxvKxWq170qmiRBTC7ONzQy3cPWRliDZvw4ELtriuzXNveiur5+eBX1kcp5jCKhR rjQvXLVgnng62+xUX5fsBVf1DjJ0Elg8n3Uo7kbC1AhlmhuEHLD1seyYWRQYoIM3 NCfwY+wu+rxHVXnr1k85OJZfWDK91qKScm61AZin1jsNu6H5NDTmbCn9mbZWw6RN G9xm+GbRC+bdv5bqAsVRZTC1+LRXexvE3QbmQIX3iqdNOlE8dFjWChpUBdzxGppA pNBm4boBMz45UVbZT0oC1A3sZfpNpKO7LkZZsNxRKBaUvbahTNIU/eYj9g2IdKoc 7mqYKRg95TugEThs1v+ie2zEJR5aLTbHKXplhiBKwoYhTlkZ3+ke61zkFm/jm9eZ PwutkfaXhExPbt0ph9HxkxmersNNJii0AYt8c37oRBPBEvnl6yy3i79Y2ds51wdo +qTH0WHlwVpL50PMGMl7yXyw9CraIc1GDDOAHJbc+y7VbCJ5Cu3QCX802ql48i79 57WGrb+WGyE= =T3jS -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|