SCIENTIFIC-LINUX-ERRATA Archives

October 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: poppler on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Thu, 15 Oct 2009 13:41:49 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (36 lines) 
Synopsis:	Important: poppler security and bug fix update
Issue date:	2009-10-15
CVE Names:	CVE-2009-3603 CVE-2009-3608 CVE-2009-3609

CVE-2009-3608 xpdf/poppler: integer overflow in 
ObjectStream::ObjectStream (oCERT-2009-016)
CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow
CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow

Multiple integer overflow flaws were found in poppler. An attacker could
create a malicious PDF file that would cause applications that use 
poppler (such as Evince) to crash or, potentially, execute arbitrary 
code when opened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609)

This update also corrects a regression introduced in the previous 
poppler security update, RHSA-2009:0480, that prevented poppler from 
rendering certain PDF documents correctly. (BZ#528147)

SL 5.x

     SRPMS:
poppler-0.5.4-4.4.el5_4.11.src.rpm
     i386:
poppler-0.5.4-4.4.el5_4.11.i386.rpm
poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm
poppler-utils-0.5.4-4.4.el5_4.11.i386.rpm
     x86_64:
poppler-0.5.4-4.4.el5_4.11.i386.rpm
poppler-0.5.4-4.4.el5_4.11.x86_64.rpm
poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm
poppler-devel-0.5.4-4.4.el5_4.11.x86_64.rpm
poppler-utils-0.5.4-4.4.el5_4.11.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2