Login
Newsletter
Werbung

Sicherheit: Denial of Service in poppler
Aktuelle Meldungen Distributionen
Name: Denial of Service in poppler
ID: MDVSA-2009:068-1
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2008.0, Mandriva 2008.1, Mandriva 2009.0
Datum: Sa, 7. März 2009, 04:10
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756
Applikationen: poppler

Originalnachricht

This is a multi-part message in MIME format...

------------=_1236395353-6173-2186


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:068-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : poppler
Date : March 7, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A crafted PDF file that triggers a parsing error allows remote
attackers to cause definal of service. This bug is consequence
of a wrong processing on FormWidgetChoice::loadDefaults method
(CVE-2009-0755).

A crafted PDF file that triggers a parsing error allows remote
attackers to cause definal of service. This bug is consequence of
an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict
destructor when JBIG2Stream::readSymbolDictSeg method is used
(CVE-2009-0756).

This update provides fixes for those vulnerabilities.

This update does not apply for CVE-2009-0755 under Corporate Server
4.0 libpoppler0-0.4.1-3.7.20060mlcs4.

Update:

The previous packages were not signed, this new update fixes that
issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
b6be528bfc04a7128f41a034acc4c858
2008.0/i586/libpoppler2-0.6-3.4mdv2008.0.i586.rpm
5ce11cbdf503735bbb0e7396a7c75a45
2008.0/i586/libpoppler-devel-0.6-3.4mdv2008.0.i586.rpm
fe7b78621d225813e020d49310f23eb6
2008.0/i586/libpoppler-glib2-0.6-3.4mdv2008.0.i586.rpm
cbb6e652f311f9f42519862a80c786d2
2008.0/i586/libpoppler-glib-devel-0.6-3.4mdv2008.0.i586.rpm
2bedc0757e73e3da48ad92360c3570ab
2008.0/i586/libpoppler-qt2-0.6-3.4mdv2008.0.i586.rpm
957f6eda2b9e380b31bd46da75afd237
2008.0/i586/libpoppler-qt4-2-0.6-3.4mdv2008.0.i586.rpm
af48c284302539cbea49a105ee8c7481
2008.0/i586/libpoppler-qt4-devel-0.6-3.4mdv2008.0.i586.rpm
9068b9dae11e3804417ce524a75e8e33
2008.0/i586/libpoppler-qt-devel-0.6-3.4mdv2008.0.i586.rpm
8907f3fd329049680fd45319cd04d637
2008.0/i586/poppler-0.6-3.4mdv2008.0.i586.rpm
40695204843aca6f53ca52a6dfed30e8
2008.0/SRPMS/poppler-0.6-3.4mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
31ccc4965703b3e451c19f39ce7ede1d
2008.0/x86_64/lib64poppler2-0.6-3.4mdv2008.0.x86_64.rpm
c4d067a480b6954d5325e1539b8325dd
2008.0/x86_64/lib64poppler-devel-0.6-3.4mdv2008.0.x86_64.rpm
03748430e59d296a83c510892ce8c6f1
2008.0/x86_64/lib64poppler-glib2-0.6-3.4mdv2008.0.x86_64.rpm
ffeee581c32036d7419ac44109e04672
2008.0/x86_64/lib64poppler-glib-devel-0.6-3.4mdv2008.0.x86_64.rpm
c92a0ed4b729539170805381806820f3
2008.0/x86_64/lib64poppler-qt2-0.6-3.4mdv2008.0.x86_64.rpm
0bae60ea196f598f48cfc8f1710e4647
2008.0/x86_64/lib64poppler-qt4-2-0.6-3.4mdv2008.0.x86_64.rpm
78c077b81c87510eab6cc8bd253d6739
2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.4mdv2008.0.x86_64.rpm
6c951f0c0b8b487d84b4e6ca1945b20c
2008.0/x86_64/lib64poppler-qt-devel-0.6-3.4mdv2008.0.x86_64.rpm
53aa65b1208ce95929a80820fd684d42
2008.0/x86_64/poppler-0.6-3.4mdv2008.0.x86_64.rpm
40695204843aca6f53ca52a6dfed30e8
2008.0/SRPMS/poppler-0.6-3.4mdv2008.0.src.rpm

Mandriva Linux 2008.1:
e1f411a24a7158bf9aacf15f99a06347
2008.1/i586/libpoppler2-0.6.4-2.3mdv2008.1.i586.rpm
5f6334faade2f51ad87d8ac857359814
2008.1/i586/libpoppler-devel-0.6.4-2.3mdv2008.1.i586.rpm
208c255f0b44e7960b033cfdc5bf3e09
2008.1/i586/libpoppler-glib2-0.6.4-2.3mdv2008.1.i586.rpm
0925993670c80eb659183306679b4aa9
2008.1/i586/libpoppler-glib-devel-0.6.4-2.3mdv2008.1.i586.rpm
b9f79459d8eac874b46b6df38b58a6ba
2008.1/i586/libpoppler-qt2-0.6.4-2.3mdv2008.1.i586.rpm
ede9ef27014b62f50df534e46890b59e
2008.1/i586/libpoppler-qt4-2-0.6.4-2.3mdv2008.1.i586.rpm
81f609460ede87efb3634366ba76a9d6
2008.1/i586/libpoppler-qt4-devel-0.6.4-2.3mdv2008.1.i586.rpm
e6d7ad4654495c67fb781bafd666d9db
2008.1/i586/libpoppler-qt-devel-0.6.4-2.3mdv2008.1.i586.rpm
138a2302ed96ba5949d9930bc580297d
2008.1/i586/poppler-0.6.4-2.3mdv2008.1.i586.rpm
d644c4bbe9de2bac87910a43dcb6f8fe
2008.1/SRPMS/poppler-0.6.4-2.3mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
7fdf9d73576933312c32f0fe87c8c93d
2008.1/x86_64/lib64poppler2-0.6.4-2.3mdv2008.1.x86_64.rpm
b42239fba4cbbb88188de2d5238d1c56
2008.1/x86_64/lib64poppler-devel-0.6.4-2.3mdv2008.1.x86_64.rpm
fd9460be9227dae0ba5d9910359e858a
2008.1/x86_64/lib64poppler-glib2-0.6.4-2.3mdv2008.1.x86_64.rpm
59d18d31ec3c82c239e548a40d72f001
2008.1/x86_64/lib64poppler-glib-devel-0.6.4-2.3mdv2008.1.x86_64.rpm
6d487fdc80ced9ab394a8c7af8f2f9c0
2008.1/x86_64/lib64poppler-qt2-0.6.4-2.3mdv2008.1.x86_64.rpm
7cd42a0598771e1083bb92d29f6a5584
2008.1/x86_64/lib64poppler-qt4-2-0.6.4-2.3mdv2008.1.x86_64.rpm
197369abdaa84cd4be08233554cff37b
2008.1/x86_64/lib64poppler-qt4-devel-0.6.4-2.3mdv2008.1.x86_64.rpm
4185e4241b95b4fcc842b245276fa6f0
2008.1/x86_64/lib64poppler-qt-devel-0.6.4-2.3mdv2008.1.x86_64.rpm
7d67cd24cae036ca74223fb43ea23fb1
2008.1/x86_64/poppler-0.6.4-2.3mdv2008.1.x86_64.rpm
d644c4bbe9de2bac87910a43dcb6f8fe
2008.1/SRPMS/poppler-0.6.4-2.3mdv2008.1.src.rpm

Mandriva Linux 2009.0:
d4c04f004c368818d38853c92aa4bbf1
2009.0/i586/libpoppler3-0.8.7-2.2mdv2009.0.i586.rpm
4d024506356c95c4042e9c9d5bb9bb8f
2009.0/i586/libpoppler-devel-0.8.7-2.2mdv2009.0.i586.rpm
0554f19626cf4aa4bc5300022606b6f5
2009.0/i586/libpoppler-glib3-0.8.7-2.2mdv2009.0.i586.rpm
1f8cddca4e8c09f3fa5f8b3fca0352ed
2009.0/i586/libpoppler-glib-devel-0.8.7-2.2mdv2009.0.i586.rpm
5a957dd285394a3bf71ae89ba0d8a196
2009.0/i586/libpoppler-qt2-0.8.7-2.2mdv2009.0.i586.rpm
eb72d3444d8aff20d99f55ebe4ef867d
2009.0/i586/libpoppler-qt4-3-0.8.7-2.2mdv2009.0.i586.rpm
d694fe64d9ae60ffe966238eb6ede92b
2009.0/i586/libpoppler-qt4-devel-0.8.7-2.2mdv2009.0.i586.rpm
153e5320ae7bed15b22e3cba09a86fb5
2009.0/i586/libpoppler-qt-devel-0.8.7-2.2mdv2009.0.i586.rpm
4e2392ad242f0b58077f2c2e37bf6b6d
2009.0/i586/poppler-0.8.7-2.2mdv2009.0.i586.rpm
01446308427613f217258b52a2eee1fe
2009.0/SRPMS/poppler-0.8.7-2.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
0b8f436305440047b6953576eeca371c
2009.0/x86_64/lib64poppler3-0.8.7-2.2mdv2009.0.x86_64.rpm
81b6a315ac7b3913b5afbd64284ab8e8
2009.0/x86_64/lib64poppler-devel-0.8.7-2.2mdv2009.0.x86_64.rpm
364c79826c466079f8b409bfec18f921
2009.0/x86_64/lib64poppler-glib3-0.8.7-2.2mdv2009.0.x86_64.rpm
c9b69789a5477eb556033ad650080b61
2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.2mdv2009.0.x86_64.rpm
d69621b3c07a1e0077e14c8c56d793e9
2009.0/x86_64/lib64poppler-qt2-0.8.7-2.2mdv2009.0.x86_64.rpm
45591e111559535e3aa71f57f2f24631
2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.2mdv2009.0.x86_64.rpm
e7afcd9689c0f7544f201e7450bbc6d3
2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.2mdv2009.0.x86_64.rpm
4baed4c3f6707ea4e6e7f76b9794bd28
2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.2mdv2009.0.x86_64.rpm
907eebe34e5a72b5235b2a9a9f99e86b
2009.0/x86_64/poppler-0.8.7-2.2mdv2009.0.x86_64.rpm
01446308427613f217258b52a2eee1fe
2009.0/SRPMS/poppler-0.8.7-2.2mdv2009.0.src.rpm

Corporate 4.0:
aa8ffe916c682e781401e8013be793c2
corporate/4.0/i586/libpoppler0-0.4.1-3.9.20060mlcs4.i586.rpm
3f80ec408c7487067548f83ffc6d8024
corporate/4.0/i586/libpoppler0-devel-0.4.1-3.9.20060mlcs4.i586.rpm
8c6bd3f578818f31e536bc3682f18a39
corporate/4.0/i586/libpoppler-qt0-0.4.1-3.9.20060mlcs4.i586.rpm
71916f7537d1342b9a8969aa4824f7ae
corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.9.20060mlcs4.i586.rpm
c6e6d2856b80c65b00016acd63025604
corporate/4.0/SRPMS/poppler-0.4.1-3.9.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
369a6877b5f8ac44d69a4361c5f1a31f
corporate/4.0/x86_64/lib64poppler0-0.4.1-3.9.20060mlcs4.x86_64.rpm
335083606b2aaeef8653f9357e813ddd
corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.9.20060mlcs4.x86_64.rpm
1c04f33928139496cb9ba6ad5b3242c6
corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.9.20060mlcs4.x86_64.rpm
344863bfaba9016f196c0966c831982d
corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.9.20060mlcs4.x86_64.rpm
c6e6d2856b80c65b00016acd63025604
corporate/4.0/SRPMS/poppler-0.4.1-3.9.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJsbd9mqjQ0CJFipgRAj+3AKDj2eclaScZokAtq97hfOQmTNiTPACgxY95
g9g7nwns0H0MBsqVm7PNI60=
=MUZQ
-----END PGP SIGNATURE-----


------------=_1236395353-6173-2186
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1236395353-6173-2186--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung