-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:227 http://www.mandriva.com/security/ _______________________________________________________________________ Package : poppler Date : November 19, 2007 Affected: 2007.1, 2008.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 9f040875778bb940669bd2bfdbef248c 2007.1/i586/libpoppler-qt1-0.5.4-3.3mdv2007.1.i586.rpm 804046d0a838cb3a0a5e355fb118b1bc 2007.1/i586/libpoppler-qt1-devel-0.5.4-3.3mdv2007.1.i586.rpm dd83d0b61f2ad91ea79f314752a0f514 2007.1/i586/libpoppler-qt4-1-0.5.4-3.3mdv2007.1.i586.rpm 05d0deb14ec5dad80d8d400756b3d183 2007.1/i586/libpoppler-qt4-1-devel-0.5.4-3.3mdv2007.1.i586.rpm a23fb37129c8756e353fe47be6d6a8be 2007.1/i586/libpoppler1-0.5.4-3.3mdv2007.1.i586.rpm 6db198b349d7ebe355d809732ddb21bb 2007.1/i586/libpoppler1-devel-0.5.4-3.3mdv2007.1.i586.rpm 3e280873492799bebdec28872351052e 2007.1/i586/poppler-0.5.4-3.3mdv2007.1.i586.rpm 40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-3.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: b49094eb08c809397081d357f7251166 2007.1/x86_64/lib64poppler-qt1-0.5.4-3.3mdv2007.1.x86_64.rpm e6f52d8bb5d9f84458ae6892cd7800da 2007.1/x86_64/lib64poppler-qt1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm 4d08d7343c94a016928cef93490af098 2007.1/x86_64/lib64poppler-qt4-1-0.5.4-3.3mdv2007.1.x86_64.rpm b0f8d4b4c5f1917c61687900a119e685 2007.1/x86_64/lib64poppler-qt4-1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm 0955492bd1319fdc2e74c2528994e2bc 2007.1/x86_64/lib64poppler1-0.5.4-3.3mdv2007.1.x86_64.rpm f918b50ec88a2aca954c156c33c605e8 2007.1/x86_64/lib64poppler1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm 24fdcc57f5c7481e6732f45e43e49d51 2007.1/x86_64/poppler-0.5.4-3.3mdv2007.1.x86_64.rpm 40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-3.3mdv2007.1.src.rpm Mandriva Linux 2008.0: 840730bb310636d43a3d07a6d4d4f281 2008.0/i586/libpoppler-devel-0.6-3.1mdv2008.0.i586.rpm 9d6109683ae8729ad549c56d2f8998c1 2008.0/i586/libpoppler-glib-devel-0.6-3.1mdv2008.0.i586.rpm b69e7e912fe2f532c5a9ed7c3687eb42 2008.0/i586/libpoppler-glib2-0.6-3.1mdv2008.0.i586.rpm cea89e4b36cbe99060e3568038474078 2008.0/i586/libpoppler-qt-devel-0.6-3.1mdv2008.0.i586.rpm 64a459904bf417570e4f2b8e0d550c77 2008.0/i586/libpoppler-qt2-0.6-3.1mdv2008.0.i586.rpm 5d1c9970275811b934599f95b5264d7d 2008.0/i586/libpoppler-qt4-2-0.6-3.1mdv2008.0.i586.rpm 7bbfdb4209d40f503bedc8e10e4687df 2008.0/i586/libpoppler-qt4-devel-0.6-3.1mdv2008.0.i586.rpm 812e34a9b25b4e28169bf84804da8325 2008.0/i586/libpoppler2-0.6-3.1mdv2008.0.i586.rpm 57380d8dcef7e2b404ed6a7571969bfe 2008.0/i586/poppler-0.6-3.1mdv2008.0.i586.rpm 697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f64a05a64b742ac4a40a07b8c43b9545 2008.0/x86_64/lib64poppler-devel-0.6-3.1mdv2008.0.x86_64.rpm 5d9963749a1315a570e9a70783c078da 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.1mdv2008.0.x86_64.rpm 8d62d129c9279da1ed306a02785d5a7f 2008.0/x86_64/lib64poppler-glib2-0.6-3.1mdv2008.0.x86_64.rpm f844c25e098d3b295cba161a07795b36 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.1mdv2008.0.x86_64.rpm 5bfdd34b678a33aeebeec9dc7b0d0dd7 2008.0/x86_64/lib64poppler-qt2-0.6-3.1mdv2008.0.x86_64.rpm 83334372f43c893ca9afdaefdd7b90d0 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.1mdv2008.0.x86_64.rpm 82099121bfc50561cb3a175d9d31152b 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.1mdv2008.0.x86_64.rpm 59a614072521db19cd3b502e6d49959a 2008.0/x86_64/lib64poppler2-0.6-3.1mdv2008.0.x86_64.rpm 0a5a8795e93dc014c5f07e2ab6e73393 2008.0/x86_64/poppler-0.6-3.1mdv2008.0.x86_64.rpm 697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-3.1mdv2008.0.src.rpm Corporate 4.0: 86be8a80003ab4c7a36905eac276dbf6 corporate/4.0/i586/libpoppler-qt0-0.4.1-3.6.20060mlcs4.i586.rpm 32bae8fecaa6ec4e2b1e7e68458f889b corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.6.20060mlcs4.i586.rpm e9aefa230a3c897361330d91583eb4b9 corporate/4.0/i586/libpoppler0-0.4.1-3.6.20060mlcs4.i586.rpm 280a9f7aea1b3766864996d5969e69ea corporate/4.0/i586/libpoppler0-devel-0.4.1-3.6.20060mlcs4.i586.rpm aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-0.4.1-3.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 62f84dc6ac78997484c76c0e34c74063 corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.6.20060mlcs4.x86_64.rpm 5fda381aed07c4eaa47f48d7187449ee corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.6.20060mlcs4.x86_64.rpm 6abf5b15ba6ffa847dde37a2d0f049d0 corporate/4.0/x86_64/lib64poppler0-0.4.1-3.6.20060mlcs4.x86_64.rpm bcbad9d141f0b9615740d5f027a24699 corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.6.20060mlcs4.x86_64.rpm aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-0.4.1-3.6.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHQhenmqjQ0CJFipgRAl9SAJ9gU0uhZwFvHZ9tF4z8F15VUgUfNwCgjOhN XrZ88C4TwK/FkZL+zC+zOLU= =ehqr -----END PGP SIGNATURE-----