Gentoo Linux Security Advisory 201801-17

Gentoo Linux Security Advisory 201801-17: Posted Jan 17, 2018; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201801-17 - Multiple vulnerabilities have been found in Poppler, the worst of which could allow the execution of arbitrary code. Versions less than 0.57.0-r1 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2017-2820, CVE-2017-7511, CVE-2017-9083, CVE-2017-9406, CVE-2017-9408, CVE-2017-9865; SHA-256 | 32c97f70373b10ad1732c8ddab720d22e3ec22762a1a20dd7ec1f0ea8014016a; Download | Favorite | View

Gentoo Linux Security Advisory 201801-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201801-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Poppler: Multiple vulnerabilities
     Date: January 17, 2018
     Bugs: #619558, #620198, #622430, #624708, #627390
       ID: 201801-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Poppler, the worst of which
could allow the execution of arbitrary code.

Background
==========

Poppler is a PDF rendering library based on the xpdf-3.0 code base.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-text/poppler           < 0.57.0-r1              >= 0.57.0-r1 

Description
===========

Multiple vulnerabilities have been discovered in Poppler. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker, by enticing a user to open a specially crafted PDF,
could execute arbitrary code or cause a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Poppler users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-text/poppler-0.57.0-r1"

References
==========

[ 1 ] CVE-2017-2820
      https://nvd.nist.gov/vuln/detail/CVE-2017-2820
[ 2 ] CVE-2017-7511
      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7511
[ 3 ] CVE-2017-9083
      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9083
[ 4 ] CVE-2017-9406
      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9406
[ 5 ] CVE-2017-9408
      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9408
[ 6 ] CVE-2017-9865
      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9865

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201801-17

Concerns?
=========

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 94 files
indoushka 31 files
Gentoo 29 files
Debian 12 files
tmrswrr 7 files
Sina Kheirkhah 7 files
Google Security Research 6 files
Jann Horn 5 files
Rodolfo Tavares 4 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,084)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,556)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,418)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,700)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

Gentoo Linux Security Advisory 201801-17

Gentoo Linux Security Advisory 201801-17

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gentoo Linux Security Advisory 201801-17

Share This

Gentoo Linux Security Advisory 201801-17

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems