-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:068 http://www.mandriva.com/security/ _______________________________________________________________________ Package : poppler Date : March 6, 2009 Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method (CVE-2009-0755). A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used (CVE-2009-0756). This update provides fixes for those vulnerabilities. Update: This update does not apply for CVE-2009-0755 under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 25aba85bf10c8c9ce0fee931834440a1 2008.0/i586/libpoppler2-0.6-3.3mdv2008.0.i586.rpm bc255af1dbbb43c06bf8af78df57d32b 2008.0/i586/libpoppler-devel-0.6-3.3mdv2008.0.i586.rpm a78e498d417f830237f85e311e07422e 2008.0/i586/libpoppler-glib2-0.6-3.3mdv2008.0.i586.rpm 4b25777b3d2065ccd138a0199355c581 2008.0/i586/libpoppler-glib-devel-0.6-3.3mdv2008.0.i586.rpm 2c76dc7bd1bef388581bb51c4a1e2586 2008.0/i586/libpoppler-qt2-0.6-3.3mdv2008.0.i586.rpm 94f40dec0be2b78823f5b004f8d4b145 2008.0/i586/libpoppler-qt4-2-0.6-3.3mdv2008.0.i586.rpm c743daa88aa6c1d7d6828eb22f1a1785 2008.0/i586/libpoppler-qt4-devel-0.6-3.3mdv2008.0.i586.rpm f5ffa665e3ad447e1a4c957fde7c2cb6 2008.0/i586/libpoppler-qt-devel-0.6-3.3mdv2008.0.i586.rpm c9a73e92a2002b7b0fcaa7e23f983615 2008.0/i586/poppler-0.6-3.3mdv2008.0.i586.rpm 2f57c8b7f1883fc9f718e6b45a0771a8 2008.0/SRPMS/poppler-0.6-3.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 4e8fea9d6ce6a4ea106537f29fc7046e 2008.0/x86_64/lib64poppler2-0.6-3.3mdv2008.0.x86_64.rpm 32fc22e88ea5e0a472f42961b1c90bd6 2008.0/x86_64/lib64poppler-devel-0.6-3.3mdv2008.0.x86_64.rpm 698e83ae4307b7452590e4c171491d04 2008.0/x86_64/lib64poppler-glib2-0.6-3.3mdv2008.0.x86_64.rpm 0eb4ca6c4924c3c07f73df39655c444e 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.3mdv2008.0.x86_64.rpm 7f09b65cfcf5ac675934d93b5235dd1c 2008.0/x86_64/lib64poppler-qt2-0.6-3.3mdv2008.0.x86_64.rpm 9101f2cc7dc33e0a571fe11897d4892c 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.3mdv2008.0.x86_64.rpm a11f878a4ea924c762d4f80767470973 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.3mdv2008.0.x86_64.rpm 5864600413af3f4dbd63910b9a84f410 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.3mdv2008.0.x86_64.rpm b40faa6e339465968607f24633bc0eeb 2008.0/x86_64/poppler-0.6-3.3mdv2008.0.x86_64.rpm 2f57c8b7f1883fc9f718e6b45a0771a8 2008.0/SRPMS/poppler-0.6-3.3mdv2008.0.src.rpm Mandriva Linux 2008.1: 0384b322b63dcabeb7ba0ed99f90c7ce 2008.1/i586/libpoppler2-0.6.4-2.2mdv2008.1.i586.rpm 86f5be9bd512b0f424ee83809ea16770 2008.1/i586/libpoppler-devel-0.6.4-2.2mdv2008.1.i586.rpm 0f820a233d9c543ec0c325d06ba1c9e2 2008.1/i586/libpoppler-glib2-0.6.4-2.2mdv2008.1.i586.rpm 44967afd74f16abffd23cc0194d25f8f 2008.1/i586/libpoppler-glib-devel-0.6.4-2.2mdv2008.1.i586.rpm 58e4979b5e9a74645765ae7797ac9c10 2008.1/i586/libpoppler-qt2-0.6.4-2.2mdv2008.1.i586.rpm 2552be8e987d266bf1dde1cdb173c1d0 2008.1/i586/libpoppler-qt4-2-0.6.4-2.2mdv2008.1.i586.rpm 68f5e36b85c38238fd71bb2efac29260 2008.1/i586/libpoppler-qt4-devel-0.6.4-2.2mdv2008.1.i586.rpm f134da50ab28ebee599d84cbb13fedf5 2008.1/i586/libpoppler-qt-devel-0.6.4-2.2mdv2008.1.i586.rpm caed58a7e42d2a27193885d9c31eca8f 2008.1/i586/poppler-0.6.4-2.2mdv2008.1.i586.rpm f410bbf328d0bccce9f08cabedda8d19 2008.1/SRPMS/poppler-0.6.4-2.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 5c0fce14ebddc4b7e0fbb31d2127a238 2008.1/x86_64/lib64poppler2-0.6.4-2.2mdv2008.1.x86_64.rpm 3a9f02d41da3688f5c231744eb5820de 2008.1/x86_64/lib64poppler-devel-0.6.4-2.2mdv2008.1.x86_64.rpm 4c3396ebafb43a8a34d1bd0c96aff597 2008.1/x86_64/lib64poppler-glib2-0.6.4-2.2mdv2008.1.x86_64.rpm 834b475b34ae78583927abecff4cdb97 2008.1/x86_64/lib64poppler-glib-devel-0.6.4-2.2mdv2008.1.x86_64.rpm 623c2b6e0303c6ffa1f9c2abe1b9d13f 2008.1/x86_64/lib64poppler-qt2-0.6.4-2.2mdv2008.1.x86_64.rpm aa86340f66a4959712dce15fe5600549 2008.1/x86_64/lib64poppler-qt4-2-0.6.4-2.2mdv2008.1.x86_64.rpm e81a97d8721a76934cd16affffba1efb 2008.1/x86_64/lib64poppler-qt4-devel-0.6.4-2.2mdv2008.1.x86_64.rpm 91619e0b13b586f2f37535f0ab249902 2008.1/x86_64/lib64poppler-qt-devel-0.6.4-2.2mdv2008.1.x86_64.rpm cc74a25a3f74a38a0f4c98f4bf9396ed 2008.1/x86_64/poppler-0.6.4-2.2mdv2008.1.x86_64.rpm f410bbf328d0bccce9f08cabedda8d19 2008.1/SRPMS/poppler-0.6.4-2.2mdv2008.1.src.rpm Mandriva Linux 2009.0: ce56800f6fe4f9db33ede32ef350745c 2009.0/i586/libpoppler3-0.8.7-2.1mdv2009.0.i586.rpm 33a1ed550b2e2c341661690a8963af24 2009.0/i586/libpoppler-devel-0.8.7-2.1mdv2009.0.i586.rpm a27d86ccf053000dbe6d8883be19fbdd 2009.0/i586/libpoppler-glib3-0.8.7-2.1mdv2009.0.i586.rpm 17117d2e90eb9fe076728d0fd4a6c440 2009.0/i586/libpoppler-glib-devel-0.8.7-2.1mdv2009.0.i586.rpm be98bcb0d5f3f74c4bd07845bb654859 2009.0/i586/libpoppler-qt2-0.8.7-2.1mdv2009.0.i586.rpm 49bd296742e5d1b74fe7df98636e46b4 2009.0/i586/libpoppler-qt4-3-0.8.7-2.1mdv2009.0.i586.rpm 5e72a15c897daf4f6641bf2bf928cb80 2009.0/i586/libpoppler-qt4-devel-0.8.7-2.1mdv2009.0.i586.rpm 20cd3595d41d4ac90c0c0285292bf009 2009.0/i586/libpoppler-qt-devel-0.8.7-2.1mdv2009.0.i586.rpm cb070e4dee228f58a0c64ad68ed0b1a0 2009.0/i586/poppler-0.8.7-2.1mdv2009.0.i586.rpm 29a47aa9fe76eeba24925f47afabf687 2009.0/SRPMS/poppler-0.8.7-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: e297ca0d8751197badc87e5a8ada7411 2009.0/x86_64/lib64poppler3-0.8.7-2.1mdv2009.0.x86_64.rpm 8409a3a0253a81e35d5c5b84fb141ed5 2009.0/x86_64/lib64poppler-devel-0.8.7-2.1mdv2009.0.x86_64.rpm 898617990bb3077434d6ffe0175ab744 2009.0/x86_64/lib64poppler-glib3-0.8.7-2.1mdv2009.0.x86_64.rpm 75199e22dad566f0b5b861d82d38c36f 2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.1mdv2009.0.x86_64.rpm 3add19f10d4611723a574c4268d0870c 2009.0/x86_64/lib64poppler-qt2-0.8.7-2.1mdv2009.0.x86_64.rpm 9d0bb0015fc420d445cf5be695cd78dc 2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.1mdv2009.0.x86_64.rpm 025fea7ad38b1dfe1d7ef956b875fc37 2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.1mdv2009.0.x86_64.rpm 4d34316ebed58bcf95801671a6c1d6f5 2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.1mdv2009.0.x86_64.rpm 7483cf79ecff3b95b300d68c0ceb8455 2009.0/x86_64/poppler-0.8.7-2.1mdv2009.0.x86_64.rpm 29a47aa9fe76eeba24925f47afabf687 2009.0/SRPMS/poppler-0.8.7-2.1mdv2009.0.src.rpm Corporate 4.0: 9168d447f8242a9acc0db3a77e309cf2 corporate/4.0/i586/libpoppler0-0.4.1-3.8.20060mlcs4.i586.rpm 4b826fc828ec1b53b0ab28f3697e361a corporate/4.0/i586/libpoppler0-devel-0.4.1-3.8.20060mlcs4.i586.rpm 8f273eafc1fac62191a393a551f3b12f corporate/4.0/i586/libpoppler-qt0-0.4.1-3.8.20060mlcs4.i586.rpm 99320127444c2c09165c95214f15c9b0 corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.8.20060mlcs4.i586.rpm 714cf02d9f3af96bbf2502e48cb9cfd6 corporate/4.0/SRPMS/poppler-0.4.1-3.8.20060mlcs4.src.rpm Corporate 4.0/X86_64: 51b1fdec59aa6858a1852234b68a3acf corporate/4.0/x86_64/lib64poppler0-0.4.1-3.8.20060mlcs4.x86_64.rpm 51cb75f75d6b83549747da8fee86f47d corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.8.20060mlcs4.x86_64.rpm 8a836e5c7cc54eaa38a377ea848388e7 corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.8.20060mlcs4.x86_64.rpm 32cbc4cdae2ffce0b27e831e61ef9bba corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.8.20060mlcs4.x86_64.rpm 714cf02d9f3af96bbf2502e48cb9cfd6 corporate/4.0/SRPMS/poppler-0.4.1-3.8.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJsWfQmqjQ0CJFipgRAv1EAJ9j/II2bCCPKHom7jn7+hdEvLrMIwCgznj0 sYIwjyRykRyW3e/WXM9ofqQ= =Lv8x -----END PGP SIGNATURE-----
