LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

May 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA May 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: poppler on SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Wed, 13 May 2009 14:23:09 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (53 lines)

Synopsis:	Important: poppler security update
Issue date:	2009-05-13
CVE Names:	CVE-2009-0146 CVE-2009-0147 CVE-2009-0166
                   CVE-2009-0195 CVE-2009-0799 CVE-2009-0800
                   CVE-2009-1179 CVE-2009-1180 CVE-2009-1181
                   CVE-2009-1182 CVE-2009-1183 CVE-2009-1187
                   CVE-2009-1188

Multiple integer overflow flaws were found in poppler. An attacker could
create a malicious PDF file that would cause applications that use 
poppler (such as Evince) to crash or, potentially, execute arbitrary 
code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, 
CVE-2009-1188)

Multiple buffer overflow flaws were found in poppler's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash or, potentially, execute
arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)

Multiple flaws were found in poppler's JBIG2 decoder that could lead to 
the freeing of arbitrary memory. An attacker could create a malicious 
PDF file that would cause applications that use poppler (such as Evince) 
to crash or, potentially, execute arbitrary code when opened. 
(CVE-2009-0166, CVE-2009-1180)

Multiple input validation flaws were found in poppler's JBIG2 decoder. 
An attacker could create a malicious PDF file that would cause 
applications that use poppler (such as Evince) to crash or, potentially, 
execute arbitrary code when opened. (CVE-2009-0800)

Multiple denial of service flaws were found in poppler's JBIG2 decoder. 
An attacker could create a malicious PDF file that would cause 
applications that use poppler (such as Evince) to crash when opened. 
(CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)

SL 5.x

     SRPMS:
poppler-0.5.4-4.4.el5_3.9.src.rpm
     i386:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
poppler-utils-0.5.4-4.4.el5_3.9.i386.rpm
     x86_64:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
poppler-0.5.4-4.4.el5_3.9.x86_64.rpm
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
poppler-devel-0.5.4-4.4.el5_3.9.x86_64.rpm
poppler-utils-0.5.4-4.4.el5_3.9.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV