exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-143

Mandriva Linux Security Advisory 2013-143
Posted Apr 16, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-143 - poppler before 0.22.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via vectors that trigger an invalid memory access in splash/Splash.cc, poppler/Stream.cc. poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1788, CVE-2013-1790
SHA-256 | b5ae675f08df14c8bc676bdb7b202ab56eacf4377100b3196ff1bd32e3ea2027

Mandriva Linux Security Advisory 2013-143

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:143
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : poppler
Date : April 15, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in poppler:

poppler before 0.22.1 allows context-dependent attackers to cause
a denial of service (crash) and possibly execute arbitrary code via
vectors that trigger an invalid memory access in (1) splash/Splash.cc,
(2) poppler/Function.cc, and (3) poppler/Stream.cc (CVE-2013-1788).

poppler/Stream.cc in poppler before 0.22.1 allows context-dependent
attackers to have an unspecified impact via vectors that trigger a
read of uninitialized memory by the CCITTFaxStream::lookChar function
(CVE-2013-1790).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
e13e7d84fb7b70dfccdfb27378402361 mes5/i586/libpoppler3-0.8.7-2.6mdvmes5.2.i586.rpm
da5189a8d65f54a22c59f020def82282 mes5/i586/libpoppler-devel-0.8.7-2.6mdvmes5.2.i586.rpm
55904ea937d3a3c11fd3d4c6bcf6b855 mes5/i586/libpoppler-glib3-0.8.7-2.6mdvmes5.2.i586.rpm
ffa8266cc4a8ac50ec1118f28bf225f7 mes5/i586/libpoppler-glib-devel-0.8.7-2.6mdvmes5.2.i586.rpm
a68d106e788196d37c95d949ed7dcf4b mes5/i586/libpoppler-qt2-0.8.7-2.6mdvmes5.2.i586.rpm
27a630a2edcbfac25dd2f1df401b41df mes5/i586/libpoppler-qt4-3-0.8.7-2.6mdvmes5.2.i586.rpm
56765c2693f2a4388a06e24e67f031ef mes5/i586/libpoppler-qt4-devel-0.8.7-2.6mdvmes5.2.i586.rpm
5a112c8ab808eef1ecef523b6d45ca48 mes5/i586/libpoppler-qt-devel-0.8.7-2.6mdvmes5.2.i586.rpm
dc0c25e172442d4c44c311cf1ed9b3a1 mes5/i586/poppler-0.8.7-2.6mdvmes5.2.i586.rpm
28bbe7bade35e37cc0e880d0f508af69 mes5/SRPMS/poppler-0.8.7-2.6mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
9f696c754f26af5b1094a7a74472de2d mes5/x86_64/lib64poppler3-0.8.7-2.6mdvmes5.2.x86_64.rpm
a08478b1c084c889b8446509085d3d71 mes5/x86_64/lib64poppler-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm
7cbf2ed46590a3bdcc935e7ef12507da mes5/x86_64/lib64poppler-glib3-0.8.7-2.6mdvmes5.2.x86_64.rpm
58c9f6b4d94621cbf7389e596ca840b1 mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm
1ac442e54148f2abba0ea1546d7d7ab6 mes5/x86_64/lib64poppler-qt2-0.8.7-2.6mdvmes5.2.x86_64.rpm
ee706d1f45a5970d8579f8d7b20b8184 mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.6mdvmes5.2.x86_64.rpm
8cd5a09280738fcdf0871a812e923c87 mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm
7033023530daa6af0518c4f22b956fca mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm
5482ec3f9cb359681eeb9b3106fe2fe3 mes5/x86_64/poppler-0.8.7-2.6mdvmes5.2.x86_64.rpm
28bbe7bade35e37cc0e880d0f508af69 mes5/SRPMS/poppler-0.8.7-2.6mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
edb6011f71f0c648e22e534c1404d1d7 mbs1/x86_64/lib64poppler19-0.18.4-3.1.mbs1.x86_64.rpm
28372765a8f012a844fad72bde53a073 mbs1/x86_64/lib64poppler-cpp0-0.18.4-3.1.mbs1.x86_64.rpm
ebe7dc4ae06f6f528f5800b03c37ee1b mbs1/x86_64/lib64poppler-cpp-devel-0.18.4-3.1.mbs1.x86_64.rpm
522fd11d40f4e38ba3906d776090844f mbs1/x86_64/lib64poppler-devel-0.18.4-3.1.mbs1.x86_64.rpm
644d8abcee07f8e4bad8f15a328bc6fb mbs1/x86_64/lib64poppler-gir0.18-0.18.4-3.1.mbs1.x86_64.rpm
62046dc5484897a29181514231b0552a mbs1/x86_64/lib64poppler-glib8-0.18.4-3.1.mbs1.x86_64.rpm
613993e0404d28ac78b65113e61e2a9c mbs1/x86_64/lib64poppler-glib-devel-0.18.4-3.1.mbs1.x86_64.rpm
786fb2041cb2ad9132379c647c42ffd1 mbs1/x86_64/poppler-0.18.4-3.1.mbs1.x86_64.rpm
ae93c00e6b93f4ebb0701274ccd55526 mbs1/SRPMS/poppler-0.18.4-3.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRa7VrmqjQ0CJFipgRAmPGAKCgCBb7fI6om9idJ+GKMPoK4LalXACdHbLS
DulHJ5gKjYy8pAsPIdzrfwU=
=JAI7
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close