what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-068

Mandriva Linux Security Advisory 2009-068
Posted Mar 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-068 - A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method. A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used. This update provides fixes for those vulnerabilities. This update does not apply for under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4.

tags | advisory, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0755, CVE-2009-0756
SHA-256 | 512a120f86abcf6b6a9cd6bfe0e57b8ba3cd14d8d0d60faa61d902c11fe550b3

Mandriva Linux Security Advisory 2009-068

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:068
http://www.mandriva.com/security/
_______________________________________________________________________

Package : poppler
Date : March 6, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A crafted PDF file that triggers a parsing error allows remote
attackers to cause definal of service. This bug is consequence
of a wrong processing on FormWidgetChoice::loadDefaults method
(CVE-2009-0755).

A crafted PDF file that triggers a parsing error allows remote
attackers to cause definal of service. This bug is consequence of
an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict
destructor when JBIG2Stream::readSymbolDictSeg method is used
(CVE-2009-0756).

This update provides fixes for those vulnerabilities.

Update:

This update does not apply for CVE-2009-0755 under Corporate Server
4.0 libpoppler0-0.4.1-3.7.20060mlcs4.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
25aba85bf10c8c9ce0fee931834440a1 2008.0/i586/libpoppler2-0.6-3.3mdv2008.0.i586.rpm
bc255af1dbbb43c06bf8af78df57d32b 2008.0/i586/libpoppler-devel-0.6-3.3mdv2008.0.i586.rpm
a78e498d417f830237f85e311e07422e 2008.0/i586/libpoppler-glib2-0.6-3.3mdv2008.0.i586.rpm
4b25777b3d2065ccd138a0199355c581 2008.0/i586/libpoppler-glib-devel-0.6-3.3mdv2008.0.i586.rpm
2c76dc7bd1bef388581bb51c4a1e2586 2008.0/i586/libpoppler-qt2-0.6-3.3mdv2008.0.i586.rpm
94f40dec0be2b78823f5b004f8d4b145 2008.0/i586/libpoppler-qt4-2-0.6-3.3mdv2008.0.i586.rpm
c743daa88aa6c1d7d6828eb22f1a1785 2008.0/i586/libpoppler-qt4-devel-0.6-3.3mdv2008.0.i586.rpm
f5ffa665e3ad447e1a4c957fde7c2cb6 2008.0/i586/libpoppler-qt-devel-0.6-3.3mdv2008.0.i586.rpm
c9a73e92a2002b7b0fcaa7e23f983615 2008.0/i586/poppler-0.6-3.3mdv2008.0.i586.rpm
2f57c8b7f1883fc9f718e6b45a0771a8 2008.0/SRPMS/poppler-0.6-3.3mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
4e8fea9d6ce6a4ea106537f29fc7046e 2008.0/x86_64/lib64poppler2-0.6-3.3mdv2008.0.x86_64.rpm
32fc22e88ea5e0a472f42961b1c90bd6 2008.0/x86_64/lib64poppler-devel-0.6-3.3mdv2008.0.x86_64.rpm
698e83ae4307b7452590e4c171491d04 2008.0/x86_64/lib64poppler-glib2-0.6-3.3mdv2008.0.x86_64.rpm
0eb4ca6c4924c3c07f73df39655c444e 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.3mdv2008.0.x86_64.rpm
7f09b65cfcf5ac675934d93b5235dd1c 2008.0/x86_64/lib64poppler-qt2-0.6-3.3mdv2008.0.x86_64.rpm
9101f2cc7dc33e0a571fe11897d4892c 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.3mdv2008.0.x86_64.rpm
a11f878a4ea924c762d4f80767470973 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.3mdv2008.0.x86_64.rpm
5864600413af3f4dbd63910b9a84f410 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.3mdv2008.0.x86_64.rpm
b40faa6e339465968607f24633bc0eeb 2008.0/x86_64/poppler-0.6-3.3mdv2008.0.x86_64.rpm
2f57c8b7f1883fc9f718e6b45a0771a8 2008.0/SRPMS/poppler-0.6-3.3mdv2008.0.src.rpm

Mandriva Linux 2008.1:
0384b322b63dcabeb7ba0ed99f90c7ce 2008.1/i586/libpoppler2-0.6.4-2.2mdv2008.1.i586.rpm
86f5be9bd512b0f424ee83809ea16770 2008.1/i586/libpoppler-devel-0.6.4-2.2mdv2008.1.i586.rpm
0f820a233d9c543ec0c325d06ba1c9e2 2008.1/i586/libpoppler-glib2-0.6.4-2.2mdv2008.1.i586.rpm
44967afd74f16abffd23cc0194d25f8f 2008.1/i586/libpoppler-glib-devel-0.6.4-2.2mdv2008.1.i586.rpm
58e4979b5e9a74645765ae7797ac9c10 2008.1/i586/libpoppler-qt2-0.6.4-2.2mdv2008.1.i586.rpm
2552be8e987d266bf1dde1cdb173c1d0 2008.1/i586/libpoppler-qt4-2-0.6.4-2.2mdv2008.1.i586.rpm
68f5e36b85c38238fd71bb2efac29260 2008.1/i586/libpoppler-qt4-devel-0.6.4-2.2mdv2008.1.i586.rpm
f134da50ab28ebee599d84cbb13fedf5 2008.1/i586/libpoppler-qt-devel-0.6.4-2.2mdv2008.1.i586.rpm
caed58a7e42d2a27193885d9c31eca8f 2008.1/i586/poppler-0.6.4-2.2mdv2008.1.i586.rpm
f410bbf328d0bccce9f08cabedda8d19 2008.1/SRPMS/poppler-0.6.4-2.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
5c0fce14ebddc4b7e0fbb31d2127a238 2008.1/x86_64/lib64poppler2-0.6.4-2.2mdv2008.1.x86_64.rpm
3a9f02d41da3688f5c231744eb5820de 2008.1/x86_64/lib64poppler-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
4c3396ebafb43a8a34d1bd0c96aff597 2008.1/x86_64/lib64poppler-glib2-0.6.4-2.2mdv2008.1.x86_64.rpm
834b475b34ae78583927abecff4cdb97 2008.1/x86_64/lib64poppler-glib-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
623c2b6e0303c6ffa1f9c2abe1b9d13f 2008.1/x86_64/lib64poppler-qt2-0.6.4-2.2mdv2008.1.x86_64.rpm
aa86340f66a4959712dce15fe5600549 2008.1/x86_64/lib64poppler-qt4-2-0.6.4-2.2mdv2008.1.x86_64.rpm
e81a97d8721a76934cd16affffba1efb 2008.1/x86_64/lib64poppler-qt4-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
91619e0b13b586f2f37535f0ab249902 2008.1/x86_64/lib64poppler-qt-devel-0.6.4-2.2mdv2008.1.x86_64.rpm
cc74a25a3f74a38a0f4c98f4bf9396ed 2008.1/x86_64/poppler-0.6.4-2.2mdv2008.1.x86_64.rpm
f410bbf328d0bccce9f08cabedda8d19 2008.1/SRPMS/poppler-0.6.4-2.2mdv2008.1.src.rpm

Mandriva Linux 2009.0:
ce56800f6fe4f9db33ede32ef350745c 2009.0/i586/libpoppler3-0.8.7-2.1mdv2009.0.i586.rpm
33a1ed550b2e2c341661690a8963af24 2009.0/i586/libpoppler-devel-0.8.7-2.1mdv2009.0.i586.rpm
a27d86ccf053000dbe6d8883be19fbdd 2009.0/i586/libpoppler-glib3-0.8.7-2.1mdv2009.0.i586.rpm
17117d2e90eb9fe076728d0fd4a6c440 2009.0/i586/libpoppler-glib-devel-0.8.7-2.1mdv2009.0.i586.rpm
be98bcb0d5f3f74c4bd07845bb654859 2009.0/i586/libpoppler-qt2-0.8.7-2.1mdv2009.0.i586.rpm
49bd296742e5d1b74fe7df98636e46b4 2009.0/i586/libpoppler-qt4-3-0.8.7-2.1mdv2009.0.i586.rpm
5e72a15c897daf4f6641bf2bf928cb80 2009.0/i586/libpoppler-qt4-devel-0.8.7-2.1mdv2009.0.i586.rpm
20cd3595d41d4ac90c0c0285292bf009 2009.0/i586/libpoppler-qt-devel-0.8.7-2.1mdv2009.0.i586.rpm
cb070e4dee228f58a0c64ad68ed0b1a0 2009.0/i586/poppler-0.8.7-2.1mdv2009.0.i586.rpm
29a47aa9fe76eeba24925f47afabf687 2009.0/SRPMS/poppler-0.8.7-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
e297ca0d8751197badc87e5a8ada7411 2009.0/x86_64/lib64poppler3-0.8.7-2.1mdv2009.0.x86_64.rpm
8409a3a0253a81e35d5c5b84fb141ed5 2009.0/x86_64/lib64poppler-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
898617990bb3077434d6ffe0175ab744 2009.0/x86_64/lib64poppler-glib3-0.8.7-2.1mdv2009.0.x86_64.rpm
75199e22dad566f0b5b861d82d38c36f 2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
3add19f10d4611723a574c4268d0870c 2009.0/x86_64/lib64poppler-qt2-0.8.7-2.1mdv2009.0.x86_64.rpm
9d0bb0015fc420d445cf5be695cd78dc 2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.1mdv2009.0.x86_64.rpm
025fea7ad38b1dfe1d7ef956b875fc37 2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
4d34316ebed58bcf95801671a6c1d6f5 2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.1mdv2009.0.x86_64.rpm
7483cf79ecff3b95b300d68c0ceb8455 2009.0/x86_64/poppler-0.8.7-2.1mdv2009.0.x86_64.rpm
29a47aa9fe76eeba24925f47afabf687 2009.0/SRPMS/poppler-0.8.7-2.1mdv2009.0.src.rpm

Corporate 4.0:
9168d447f8242a9acc0db3a77e309cf2 corporate/4.0/i586/libpoppler0-0.4.1-3.8.20060mlcs4.i586.rpm
4b826fc828ec1b53b0ab28f3697e361a corporate/4.0/i586/libpoppler0-devel-0.4.1-3.8.20060mlcs4.i586.rpm
8f273eafc1fac62191a393a551f3b12f corporate/4.0/i586/libpoppler-qt0-0.4.1-3.8.20060mlcs4.i586.rpm
99320127444c2c09165c95214f15c9b0 corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.8.20060mlcs4.i586.rpm
714cf02d9f3af96bbf2502e48cb9cfd6 corporate/4.0/SRPMS/poppler-0.4.1-3.8.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
51b1fdec59aa6858a1852234b68a3acf corporate/4.0/x86_64/lib64poppler0-0.4.1-3.8.20060mlcs4.x86_64.rpm
51cb75f75d6b83549747da8fee86f47d corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.8.20060mlcs4.x86_64.rpm
8a836e5c7cc54eaa38a377ea848388e7 corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.8.20060mlcs4.x86_64.rpm
32cbc4cdae2ffce0b27e831e61ef9bba corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.8.20060mlcs4.x86_64.rpm
714cf02d9f3af96bbf2502e48cb9cfd6 corporate/4.0/SRPMS/poppler-0.4.1-3.8.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJsWfQmqjQ0CJFipgRAv1EAJ9j/II2bCCPKHom7jn7+hdEvLrMIwCgznj0
sYIwjyRykRyW3e/WXM9ofqQ=
=Lv8x
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close