-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:068-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : poppler Date : March 7, 2009 Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method (CVE-2009-0755). A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used (CVE-2009-0756). This update provides fixes for those vulnerabilities. This update does not apply for CVE-2009-0755 under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4. Update: The previous packages were not signed, this new update fixes that issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: b6be528bfc04a7128f41a034acc4c858 2008.0/i586/libpoppler2-0.6-3.4mdv2008.0.i586.rpm 5ce11cbdf503735bbb0e7396a7c75a45 2008.0/i586/libpoppler-devel-0.6-3.4mdv2008.0.i586.rpm fe7b78621d225813e020d49310f23eb6 2008.0/i586/libpoppler-glib2-0.6-3.4mdv2008.0.i586.rpm cbb6e652f311f9f42519862a80c786d2 2008.0/i586/libpoppler-glib-devel-0.6-3.4mdv2008.0.i586.rpm 2bedc0757e73e3da48ad92360c3570ab 2008.0/i586/libpoppler-qt2-0.6-3.4mdv2008.0.i586.rpm 957f6eda2b9e380b31bd46da75afd237 2008.0/i586/libpoppler-qt4-2-0.6-3.4mdv2008.0.i586.rpm af48c284302539cbea49a105ee8c7481 2008.0/i586/libpoppler-qt4-devel-0.6-3.4mdv2008.0.i586.rpm 9068b9dae11e3804417ce524a75e8e33 2008.0/i586/libpoppler-qt-devel-0.6-3.4mdv2008.0.i586.rpm 8907f3fd329049680fd45319cd04d637 2008.0/i586/poppler-0.6-3.4mdv2008.0.i586.rpm 40695204843aca6f53ca52a6dfed30e8 2008.0/SRPMS/poppler-0.6-3.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 31ccc4965703b3e451c19f39ce7ede1d 2008.0/x86_64/lib64poppler2-0.6-3.4mdv2008.0.x86_64.rpm c4d067a480b6954d5325e1539b8325dd 2008.0/x86_64/lib64poppler-devel-0.6-3.4mdv2008.0.x86_64.rpm 03748430e59d296a83c510892ce8c6f1 2008.0/x86_64/lib64poppler-glib2-0.6-3.4mdv2008.0.x86_64.rpm ffeee581c32036d7419ac44109e04672 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.4mdv2008.0.x86_64.rpm c92a0ed4b729539170805381806820f3 2008.0/x86_64/lib64poppler-qt2-0.6-3.4mdv2008.0.x86_64.rpm 0bae60ea196f598f48cfc8f1710e4647 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.4mdv2008.0.x86_64.rpm 78c077b81c87510eab6cc8bd253d6739 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.4mdv2008.0.x86_64.rpm 6c951f0c0b8b487d84b4e6ca1945b20c 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.4mdv2008.0.x86_64.rpm 53aa65b1208ce95929a80820fd684d42 2008.0/x86_64/poppler-0.6-3.4mdv2008.0.x86_64.rpm 40695204843aca6f53ca52a6dfed30e8 2008.0/SRPMS/poppler-0.6-3.4mdv2008.0.src.rpm Mandriva Linux 2008.1: e1f411a24a7158bf9aacf15f99a06347 2008.1/i586/libpoppler2-0.6.4-2.3mdv2008.1.i586.rpm 5f6334faade2f51ad87d8ac857359814 2008.1/i586/libpoppler-devel-0.6.4-2.3mdv2008.1.i586.rpm 208c255f0b44e7960b033cfdc5bf3e09 2008.1/i586/libpoppler-glib2-0.6.4-2.3mdv2008.1.i586.rpm 0925993670c80eb659183306679b4aa9 2008.1/i586/libpoppler-glib-devel-0.6.4-2.3mdv2008.1.i586.rpm b9f79459d8eac874b46b6df38b58a6ba 2008.1/i586/libpoppler-qt2-0.6.4-2.3mdv2008.1.i586.rpm ede9ef27014b62f50df534e46890b59e 2008.1/i586/libpoppler-qt4-2-0.6.4-2.3mdv2008.1.i586.rpm 81f609460ede87efb3634366ba76a9d6 2008.1/i586/libpoppler-qt4-devel-0.6.4-2.3mdv2008.1.i586.rpm e6d7ad4654495c67fb781bafd666d9db 2008.1/i586/libpoppler-qt-devel-0.6.4-2.3mdv2008.1.i586.rpm 138a2302ed96ba5949d9930bc580297d 2008.1/i586/poppler-0.6.4-2.3mdv2008.1.i586.rpm d644c4bbe9de2bac87910a43dcb6f8fe 2008.1/SRPMS/poppler-0.6.4-2.3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 7fdf9d73576933312c32f0fe87c8c93d 2008.1/x86_64/lib64poppler2-0.6.4-2.3mdv2008.1.x86_64.rpm b42239fba4cbbb88188de2d5238d1c56 2008.1/x86_64/lib64poppler-devel-0.6.4-2.3mdv2008.1.x86_64.rpm fd9460be9227dae0ba5d9910359e858a 2008.1/x86_64/lib64poppler-glib2-0.6.4-2.3mdv2008.1.x86_64.rpm 59d18d31ec3c82c239e548a40d72f001 2008.1/x86_64/lib64poppler-glib-devel-0.6.4-2.3mdv2008.1.x86_64.rpm 6d487fdc80ced9ab394a8c7af8f2f9c0 2008.1/x86_64/lib64poppler-qt2-0.6.4-2.3mdv2008.1.x86_64.rpm 7cd42a0598771e1083bb92d29f6a5584 2008.1/x86_64/lib64poppler-qt4-2-0.6.4-2.3mdv2008.1.x86_64.rpm 197369abdaa84cd4be08233554cff37b 2008.1/x86_64/lib64poppler-qt4-devel-0.6.4-2.3mdv2008.1.x86_64.rpm 4185e4241b95b4fcc842b245276fa6f0 2008.1/x86_64/lib64poppler-qt-devel-0.6.4-2.3mdv2008.1.x86_64.rpm 7d67cd24cae036ca74223fb43ea23fb1 2008.1/x86_64/poppler-0.6.4-2.3mdv2008.1.x86_64.rpm d644c4bbe9de2bac87910a43dcb6f8fe 2008.1/SRPMS/poppler-0.6.4-2.3mdv2008.1.src.rpm Mandriva Linux 2009.0: d4c04f004c368818d38853c92aa4bbf1 2009.0/i586/libpoppler3-0.8.7-2.2mdv2009.0.i586.rpm 4d024506356c95c4042e9c9d5bb9bb8f 2009.0/i586/libpoppler-devel-0.8.7-2.2mdv2009.0.i586.rpm 0554f19626cf4aa4bc5300022606b6f5 2009.0/i586/libpoppler-glib3-0.8.7-2.2mdv2009.0.i586.rpm 1f8cddca4e8c09f3fa5f8b3fca0352ed 2009.0/i586/libpoppler-glib-devel-0.8.7-2.2mdv2009.0.i586.rpm 5a957dd285394a3bf71ae89ba0d8a196 2009.0/i586/libpoppler-qt2-0.8.7-2.2mdv2009.0.i586.rpm eb72d3444d8aff20d99f55ebe4ef867d 2009.0/i586/libpoppler-qt4-3-0.8.7-2.2mdv2009.0.i586.rpm d694fe64d9ae60ffe966238eb6ede92b 2009.0/i586/libpoppler-qt4-devel-0.8.7-2.2mdv2009.0.i586.rpm 153e5320ae7bed15b22e3cba09a86fb5 2009.0/i586/libpoppler-qt-devel-0.8.7-2.2mdv2009.0.i586.rpm 4e2392ad242f0b58077f2c2e37bf6b6d 2009.0/i586/poppler-0.8.7-2.2mdv2009.0.i586.rpm 01446308427613f217258b52a2eee1fe 2009.0/SRPMS/poppler-0.8.7-2.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 0b8f436305440047b6953576eeca371c 2009.0/x86_64/lib64poppler3-0.8.7-2.2mdv2009.0.x86_64.rpm 81b6a315ac7b3913b5afbd64284ab8e8 2009.0/x86_64/lib64poppler-devel-0.8.7-2.2mdv2009.0.x86_64.rpm 364c79826c466079f8b409bfec18f921 2009.0/x86_64/lib64poppler-glib3-0.8.7-2.2mdv2009.0.x86_64.rpm c9b69789a5477eb556033ad650080b61 2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.2mdv2009.0.x86_64.rpm d69621b3c07a1e0077e14c8c56d793e9 2009.0/x86_64/lib64poppler-qt2-0.8.7-2.2mdv2009.0.x86_64.rpm 45591e111559535e3aa71f57f2f24631 2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.2mdv2009.0.x86_64.rpm e7afcd9689c0f7544f201e7450bbc6d3 2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.2mdv2009.0.x86_64.rpm 4baed4c3f6707ea4e6e7f76b9794bd28 2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.2mdv2009.0.x86_64.rpm 907eebe34e5a72b5235b2a9a9f99e86b 2009.0/x86_64/poppler-0.8.7-2.2mdv2009.0.x86_64.rpm 01446308427613f217258b52a2eee1fe 2009.0/SRPMS/poppler-0.8.7-2.2mdv2009.0.src.rpm Corporate 4.0: aa8ffe916c682e781401e8013be793c2 corporate/4.0/i586/libpoppler0-0.4.1-3.9.20060mlcs4.i586.rpm 3f80ec408c7487067548f83ffc6d8024 corporate/4.0/i586/libpoppler0-devel-0.4.1-3.9.20060mlcs4.i586.rpm 8c6bd3f578818f31e536bc3682f18a39 corporate/4.0/i586/libpoppler-qt0-0.4.1-3.9.20060mlcs4.i586.rpm 71916f7537d1342b9a8969aa4824f7ae corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.9.20060mlcs4.i586.rpm c6e6d2856b80c65b00016acd63025604 corporate/4.0/SRPMS/poppler-0.4.1-3.9.20060mlcs4.src.rpm Corporate 4.0/X86_64: 369a6877b5f8ac44d69a4361c5f1a31f corporate/4.0/x86_64/lib64poppler0-0.4.1-3.9.20060mlcs4.x86_64.rpm 335083606b2aaeef8653f9357e813ddd corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.9.20060mlcs4.x86_64.rpm 1c04f33928139496cb9ba6ad5b3242c6 corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.9.20060mlcs4.x86_64.rpm 344863bfaba9016f196c0966c831982d corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.9.20060mlcs4.x86_64.rpm c6e6d2856b80c65b00016acd63025604 corporate/4.0/SRPMS/poppler-0.4.1-3.9.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJsbd9mqjQ0CJFipgRAj+3AKDj2eclaScZokAtq97hfOQmTNiTPACgxY95 g9g7nwns0H0MBsqVm7PNI60= =MUZQ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/