Paketname
poppler
Datum
2010-11-12
Advisory ID
MDVSA-2010:230
Betroffene Versionen
2009.0 x86_64 , MES5 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities were discovered and corrected in poppler:

The Gfx::getPos function in the PDF parser in poppler, allows
context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in poppler, allows context-dependent attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a PDF
file with a crafted Type1 font that contains a negative array index,
which bypasses input validation and which triggers memory corruption
(CVE-2010-3704).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

2009.0 x86_64

 ffd4a4dfb468756a97ec4c4adb9a62e4  2009.0/x86_64/lib64poppler3-0.8.7-2.4mdv2009.0.x86_64.rpm
 8e2f1b430c8f840b25893def7dd90f4a  2009.0/x86_64/lib64poppler-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
 75553f9660647f0cc16264a9ce8f6ad9  2009.0/x86_64/lib64poppler-glib3-0.8.7-2.4mdv2009.0.x86_64.rpm
 a561ab974260dc5fbd315520bb9d45fa  2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
 64e0b9587bd2cf93d0cc2f2cfca7568c  2009.0/x86_64/lib64poppler-qt2-0.8.7-2.4mdv2009.0.x86_64.rpm
 9ccffa52814cbe649196cf7cf90320d4  2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.4mdv2009.0.x86_64.rpm
 1c6073187c62534c04a26049ddc61699  2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
 3900ce70f9ca7f3286cb11e78c3544e5  2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.4mdv2009.0.x86_64.rpm
 bd1d2e1af7f2b38ae08354f269420568  2009.0/x86_64/poppler-0.8.7-2.4mdv2009.0.x86_64.rpm 
 b1d7ce86fd067dc41f504aa36ade4223  2009.0/SRPMS/poppler-0.8.7-2.4mdv2009.0.src.rpm

MES5 i586

 ff358b8cd312fa43406ec17f8e976b03  mes5/i586/libpoppler3-0.8.7-2.4mdvmes5.1.i586.rpm
 9ad843204c1c8c9e62b4f78941b0a7ac  mes5/i586/libpoppler-devel-0.8.7-2.4mdvmes5.1.i586.rpm
 44c3296c48916e87bf789e61932c1e08  mes5/i586/libpoppler-glib3-0.8.7-2.4mdvmes5.1.i586.rpm
 cf425dae306739993430d21fed8c527c  mes5/i586/libpoppler-glib-devel-0.8.7-2.4mdvmes5.1.i586.rpm
 73360ccf9a496eae21850b00e0e2c5e1  mes5/i586/libpoppler-qt2-0.8.7-2.4mdvmes5.1.i586.rpm
 7b1d7e8e6d9eb1e56e88ffdd76c4bad8  mes5/i586/libpoppler-qt4-3-0.8.7-2.4mdvmes5.1.i586.rpm
 acdce6479ad4e3802725c0ae9bfff010  mes5/i586/libpoppler-qt4-devel-0.8.7-2.4mdvmes5.1.i586.rpm
 b9ff8b6fdb43cf9a749ec4c322a84e87  mes5/i586/libpoppler-qt-devel-0.8.7-2.4mdvmes5.1.i586.rpm
 7e6cd3024d650f4c25347246d4971987  mes5/i586/poppler-0.8.7-2.4mdvmes5.1.i586.rpm 
 144fbb9f49c87f88c0a1280f05676772  mes5/SRPMS/poppler-0.8.7-2.4mdvmes5.1.src.rpm

2009.0 i586

 7f53c21143c2c3b836aa7a419180ac07  2009.0/i586/libpoppler3-0.8.7-2.4mdv2009.0.i586.rpm
 5b54624025b37546a2ae6ddfbff45a33  2009.0/i586/libpoppler-devel-0.8.7-2.4mdv2009.0.i586.rpm
 4e5ced8bb6e8e1c4ea02569f34aa8704  2009.0/i586/libpoppler-glib3-0.8.7-2.4mdv2009.0.i586.rpm
 8bc54bd621e9b5db49bcc4f2aa7f1a52  2009.0/i586/libpoppler-glib-devel-0.8.7-2.4mdv2009.0.i586.rpm
 9175057b5fa8aabf684ec73a7360d600  2009.0/i586/libpoppler-qt2-0.8.7-2.4mdv2009.0.i586.rpm
 d2a194c2d40c4c6b352d4798b849c846  2009.0/i586/libpoppler-qt4-3-0.8.7-2.4mdv2009.0.i586.rpm
 0ab549d91bb508d9a7ced780b4b4fee6  2009.0/i586/libpoppler-qt4-devel-0.8.7-2.4mdv2009.0.i586.rpm
 3a74f8ae7ff77fef26adb85490e5fc10  2009.0/i586/libpoppler-qt-devel-0.8.7-2.4mdv2009.0.i586.rpm
 48c32bafa110eec3ff9d4ed810363ecb  2009.0/i586/poppler-0.8.7-2.4mdv2009.0.i586.rpm 
 b1d7ce86fd067dc41f504aa36ade4223  2009.0/SRPMS/poppler-0.8.7-2.4mdv2009.0.src.rpm

CS4.0 i586

 2b300192f7597e5f60ca9edf475ddec3  corporate/4.0/i586/libpoppler1-0.5.4-0.2.20060mlcs4.i586.rpm
 595d8bf82aec0c65e15c8082b17443b0  corporate/4.0/i586/libpoppler1-devel-0.5.4-0.2.20060mlcs4.i586.rpm
 cefd95b4d11aa12d40b9295479bb8677  corporate/4.0/i586/libpoppler-qt1-0.5.4-0.2.20060mlcs4.i586.rpm
 a15fffdeeae2d4247a6a5e1264afd873  corporate/4.0/i586/libpoppler-qt1-devel-0.5.4-0.2.20060mlcs4.i586.rpm
 c08ee1d9849f1395b5291a3eb4efbc60  corporate/4.0/i586/poppler-0.5.4-0.2.20060mlcs4.i586.rpm 
 824e6a23b63c19626ceed82b6a1833d7  corporate/4.0/SRPMS/poppler-0.5.4-0.2.20060mlcs4.src.rpm

CS4.0 x86_64

 7eb91f0154cdd6536e4983ced7255886  corporate/4.0/x86_64/lib64poppler1-0.5.4-0.2.20060mlcs4.x86_64.rpm
 44eedfe0a3bda8c3337af5963657fc39  corporate/4.0/x86_64/lib64poppler1-devel-0.5.4-0.2.20060mlcs4.x86_64.rpm
 86def419850ec48133923d10f35a6d42  corporate/4.0/x86_64/lib64poppler-qt1-0.5.4-0.2.20060mlcs4.x86_64.rpm
 1974b5ef34fb85c5762d2f3e9c0a6c4f  corporate/4.0/x86_64/lib64poppler-qt1-devel-0.5.4-0.2.20060mlcs4.x86_64.rpm
 aae38027a62b81cdb85bd3191cd883de  corporate/4.0/x86_64/poppler-0.5.4-0.2.20060mlcs4.x86_64.rpm 
 824e6a23b63c19626ceed82b6a1833d7  corporate/4.0/SRPMS/poppler-0.5.4-0.2.20060mlcs4.src.rpm

MES5 x86_64

 5d45bd61973734ccb8cf407cb6a61e0d  mes5/x86_64/lib64poppler3-0.8.7-2.4mdvmes5.1.x86_64.rpm
 7587f59b64cc25eebe9c582361e06ba3  mes5/x86_64/lib64poppler-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
 9d5acb4b14e46b678310f841120ffd76  mes5/x86_64/lib64poppler-glib3-0.8.7-2.4mdvmes5.1.x86_64.rpm
 47a598b51462df98ff6d03c9c9dc64ef  mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
 9d21844c758038cbab58acd2abdd3822  mes5/x86_64/lib64poppler-qt2-0.8.7-2.4mdvmes5.1.x86_64.rpm
 e9cc526c75ba8d5977f43167fdda8a36  mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.4mdvmes5.1.x86_64.rpm
 e0ff756ed0712e766a2755680b465744  mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
 e825dfb741dff48d2223fed8a58c0679  mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm
 c67a9a725d1dba7f6273e3f8290eb524  mes5/x86_64/poppler-0.8.7-2.4mdvmes5.1.x86_64.rpm 
 144fbb9f49c87f88c0a1280f05676772  mes5/SRPMS/poppler-0.8.7-2.4mdvmes5.1.src.rpm

Referenzen