Synopsis: Important: poppler security update Issue date: 2009-05-13 CVE Names: CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188) Multiple buffer overflow flaws were found in poppler's JBIG2 decoder. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in poppler's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in poppler's JBIG2 decoder. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0800) Multiple denial of service flaws were found in poppler's JBIG2 decoder. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) SL 5.x SRPMS: poppler-0.5.4-4.4.el5_3.9.src.rpm i386: poppler-0.5.4-4.4.el5_3.9.i386.rpm poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm poppler-utils-0.5.4-4.4.el5_3.9.i386.rpm x86_64: poppler-0.5.4-4.4.el5_3.9.i386.rpm poppler-0.5.4-4.4.el5_3.9.x86_64.rpm poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm poppler-devel-0.5.4-4.4.el5_3.9.x86_64.rpm poppler-utils-0.5.4-4.4.el5_3.9.x86_64.rpm -Connie Sieh -Troy Dawson