-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:230 http://www.mandriva.com/security/ _______________________________________________________________________ Package : poppler Date : November 12, 2010 Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered and corrected in poppler: The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 7f53c21143c2c3b836aa7a419180ac07 2009.0/i586/libpoppler3-0.8.7-2.4mdv2009.0.i586.rpm 5b54624025b37546a2ae6ddfbff45a33 2009.0/i586/libpoppler-devel-0.8.7-2.4mdv2009.0.i586.rpm 4e5ced8bb6e8e1c4ea02569f34aa8704 2009.0/i586/libpoppler-glib3-0.8.7-2.4mdv2009.0.i586.rpm 8bc54bd621e9b5db49bcc4f2aa7f1a52 2009.0/i586/libpoppler-glib-devel-0.8.7-2.4mdv2009.0.i586.rpm 9175057b5fa8aabf684ec73a7360d600 2009.0/i586/libpoppler-qt2-0.8.7-2.4mdv2009.0.i586.rpm d2a194c2d40c4c6b352d4798b849c846 2009.0/i586/libpoppler-qt4-3-0.8.7-2.4mdv2009.0.i586.rpm 0ab549d91bb508d9a7ced780b4b4fee6 2009.0/i586/libpoppler-qt4-devel-0.8.7-2.4mdv2009.0.i586.rpm 3a74f8ae7ff77fef26adb85490e5fc10 2009.0/i586/libpoppler-qt-devel-0.8.7-2.4mdv2009.0.i586.rpm 48c32bafa110eec3ff9d4ed810363ecb 2009.0/i586/poppler-0.8.7-2.4mdv2009.0.i586.rpm b1d7ce86fd067dc41f504aa36ade4223 2009.0/SRPMS/poppler-0.8.7-2.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: ffd4a4dfb468756a97ec4c4adb9a62e4 2009.0/x86_64/lib64poppler3-0.8.7-2.4mdv2009.0.x86_64.rpm 8e2f1b430c8f840b25893def7dd90f4a 2009.0/x86_64/lib64poppler-devel-0.8.7-2.4mdv2009.0.x86_64.rpm 75553f9660647f0cc16264a9ce8f6ad9 2009.0/x86_64/lib64poppler-glib3-0.8.7-2.4mdv2009.0.x86_64.rpm a561ab974260dc5fbd315520bb9d45fa 2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.4mdv2009.0.x86_64.rpm 64e0b9587bd2cf93d0cc2f2cfca7568c 2009.0/x86_64/lib64poppler-qt2-0.8.7-2.4mdv2009.0.x86_64.rpm 9ccffa52814cbe649196cf7cf90320d4 2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.4mdv2009.0.x86_64.rpm 1c6073187c62534c04a26049ddc61699 2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.4mdv2009.0.x86_64.rpm 3900ce70f9ca7f3286cb11e78c3544e5 2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.4mdv2009.0.x86_64.rpm bd1d2e1af7f2b38ae08354f269420568 2009.0/x86_64/poppler-0.8.7-2.4mdv2009.0.x86_64.rpm b1d7ce86fd067dc41f504aa36ade4223 2009.0/SRPMS/poppler-0.8.7-2.4mdv2009.0.src.rpm Corporate 4.0: 2b300192f7597e5f60ca9edf475ddec3 corporate/4.0/i586/libpoppler1-0.5.4-0.2.20060mlcs4.i586.rpm 595d8bf82aec0c65e15c8082b17443b0 corporate/4.0/i586/libpoppler1-devel-0.5.4-0.2.20060mlcs4.i586.rpm cefd95b4d11aa12d40b9295479bb8677 corporate/4.0/i586/libpoppler-qt1-0.5.4-0.2.20060mlcs4.i586.rpm a15fffdeeae2d4247a6a5e1264afd873 corporate/4.0/i586/libpoppler-qt1-devel-0.5.4-0.2.20060mlcs4.i586.rpm c08ee1d9849f1395b5291a3eb4efbc60 corporate/4.0/i586/poppler-0.5.4-0.2.20060mlcs4.i586.rpm 824e6a23b63c19626ceed82b6a1833d7 corporate/4.0/SRPMS/poppler-0.5.4-0.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7eb91f0154cdd6536e4983ced7255886 corporate/4.0/x86_64/lib64poppler1-0.5.4-0.2.20060mlcs4.x86_64.rpm 44eedfe0a3bda8c3337af5963657fc39 corporate/4.0/x86_64/lib64poppler1-devel-0.5.4-0.2.20060mlcs4.x86_64.rpm 86def419850ec48133923d10f35a6d42 corporate/4.0/x86_64/lib64poppler-qt1-0.5.4-0.2.20060mlcs4.x86_64.rpm 1974b5ef34fb85c5762d2f3e9c0a6c4f corporate/4.0/x86_64/lib64poppler-qt1-devel-0.5.4-0.2.20060mlcs4.x86_64.rpm aae38027a62b81cdb85bd3191cd883de corporate/4.0/x86_64/poppler-0.5.4-0.2.20060mlcs4.x86_64.rpm 824e6a23b63c19626ceed82b6a1833d7 corporate/4.0/SRPMS/poppler-0.5.4-0.2.20060mlcs4.src.rpm Mandriva Enterprise Server 5: ff358b8cd312fa43406ec17f8e976b03 mes5/i586/libpoppler3-0.8.7-2.4mdvmes5.1.i586.rpm 9ad843204c1c8c9e62b4f78941b0a7ac mes5/i586/libpoppler-devel-0.8.7-2.4mdvmes5.1.i586.rpm 44c3296c48916e87bf789e61932c1e08 mes5/i586/libpoppler-glib3-0.8.7-2.4mdvmes5.1.i586.rpm cf425dae306739993430d21fed8c527c mes5/i586/libpoppler-glib-devel-0.8.7-2.4mdvmes5.1.i586.rpm 73360ccf9a496eae21850b00e0e2c5e1 mes5/i586/libpoppler-qt2-0.8.7-2.4mdvmes5.1.i586.rpm 7b1d7e8e6d9eb1e56e88ffdd76c4bad8 mes5/i586/libpoppler-qt4-3-0.8.7-2.4mdvmes5.1.i586.rpm acdce6479ad4e3802725c0ae9bfff010 mes5/i586/libpoppler-qt4-devel-0.8.7-2.4mdvmes5.1.i586.rpm b9ff8b6fdb43cf9a749ec4c322a84e87 mes5/i586/libpoppler-qt-devel-0.8.7-2.4mdvmes5.1.i586.rpm 7e6cd3024d650f4c25347246d4971987 mes5/i586/poppler-0.8.7-2.4mdvmes5.1.i586.rpm 144fbb9f49c87f88c0a1280f05676772 mes5/SRPMS/poppler-0.8.7-2.4mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 5d45bd61973734ccb8cf407cb6a61e0d mes5/x86_64/lib64poppler3-0.8.7-2.4mdvmes5.1.x86_64.rpm 7587f59b64cc25eebe9c582361e06ba3 mes5/x86_64/lib64poppler-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm 9d5acb4b14e46b678310f841120ffd76 mes5/x86_64/lib64poppler-glib3-0.8.7-2.4mdvmes5.1.x86_64.rpm 47a598b51462df98ff6d03c9c9dc64ef mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm 9d21844c758038cbab58acd2abdd3822 mes5/x86_64/lib64poppler-qt2-0.8.7-2.4mdvmes5.1.x86_64.rpm e9cc526c75ba8d5977f43167fdda8a36 mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.4mdvmes5.1.x86_64.rpm e0ff756ed0712e766a2755680b465744 mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm e825dfb741dff48d2223fed8a58c0679 mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.4mdvmes5.1.x86_64.rpm c67a9a725d1dba7f6273e3f8290eb524 mes5/x86_64/poppler-0.8.7-2.4mdvmes5.1.x86_64.rpm 144fbb9f49c87f88c0a1280f05676772 mes5/SRPMS/poppler-0.8.7-2.4mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM3UZPmqjQ0CJFipgRAv3/AKCXFuoZo0UB32Vmp7t9PQJ1li1c+wCg6rr4 fqNS+3MIvshZYaPRSF1I2yg= =XNo0 -----END PGP SIGNATURE-----