-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:143 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : poppler Date : April 15, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in poppler: poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an invalid memory access in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc (CVE-2013-1788). poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function (CVE-2013-1790). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: e13e7d84fb7b70dfccdfb27378402361 mes5/i586/libpoppler3-0.8.7-2.6mdvmes5.2.i586.rpm da5189a8d65f54a22c59f020def82282 mes5/i586/libpoppler-devel-0.8.7-2.6mdvmes5.2.i586.rpm 55904ea937d3a3c11fd3d4c6bcf6b855 mes5/i586/libpoppler-glib3-0.8.7-2.6mdvmes5.2.i586.rpm ffa8266cc4a8ac50ec1118f28bf225f7 mes5/i586/libpoppler-glib-devel-0.8.7-2.6mdvmes5.2.i586.rpm a68d106e788196d37c95d949ed7dcf4b mes5/i586/libpoppler-qt2-0.8.7-2.6mdvmes5.2.i586.rpm 27a630a2edcbfac25dd2f1df401b41df mes5/i586/libpoppler-qt4-3-0.8.7-2.6mdvmes5.2.i586.rpm 56765c2693f2a4388a06e24e67f031ef mes5/i586/libpoppler-qt4-devel-0.8.7-2.6mdvmes5.2.i586.rpm 5a112c8ab808eef1ecef523b6d45ca48 mes5/i586/libpoppler-qt-devel-0.8.7-2.6mdvmes5.2.i586.rpm dc0c25e172442d4c44c311cf1ed9b3a1 mes5/i586/poppler-0.8.7-2.6mdvmes5.2.i586.rpm 28bbe7bade35e37cc0e880d0f508af69 mes5/SRPMS/poppler-0.8.7-2.6mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 9f696c754f26af5b1094a7a74472de2d mes5/x86_64/lib64poppler3-0.8.7-2.6mdvmes5.2.x86_64.rpm a08478b1c084c889b8446509085d3d71 mes5/x86_64/lib64poppler-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm 7cbf2ed46590a3bdcc935e7ef12507da mes5/x86_64/lib64poppler-glib3-0.8.7-2.6mdvmes5.2.x86_64.rpm 58c9f6b4d94621cbf7389e596ca840b1 mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm 1ac442e54148f2abba0ea1546d7d7ab6 mes5/x86_64/lib64poppler-qt2-0.8.7-2.6mdvmes5.2.x86_64.rpm ee706d1f45a5970d8579f8d7b20b8184 mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.6mdvmes5.2.x86_64.rpm 8cd5a09280738fcdf0871a812e923c87 mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm 7033023530daa6af0518c4f22b956fca mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.6mdvmes5.2.x86_64.rpm 5482ec3f9cb359681eeb9b3106fe2fe3 mes5/x86_64/poppler-0.8.7-2.6mdvmes5.2.x86_64.rpm 28bbe7bade35e37cc0e880d0f508af69 mes5/SRPMS/poppler-0.8.7-2.6mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: edb6011f71f0c648e22e534c1404d1d7 mbs1/x86_64/lib64poppler19-0.18.4-3.1.mbs1.x86_64.rpm 28372765a8f012a844fad72bde53a073 mbs1/x86_64/lib64poppler-cpp0-0.18.4-3.1.mbs1.x86_64.rpm ebe7dc4ae06f6f528f5800b03c37ee1b mbs1/x86_64/lib64poppler-cpp-devel-0.18.4-3.1.mbs1.x86_64.rpm 522fd11d40f4e38ba3906d776090844f mbs1/x86_64/lib64poppler-devel-0.18.4-3.1.mbs1.x86_64.rpm 644d8abcee07f8e4bad8f15a328bc6fb mbs1/x86_64/lib64poppler-gir0.18-0.18.4-3.1.mbs1.x86_64.rpm 62046dc5484897a29181514231b0552a mbs1/x86_64/lib64poppler-glib8-0.18.4-3.1.mbs1.x86_64.rpm 613993e0404d28ac78b65113e61e2a9c mbs1/x86_64/lib64poppler-glib-devel-0.18.4-3.1.mbs1.x86_64.rpm 786fb2041cb2ad9132379c647c42ffd1 mbs1/x86_64/poppler-0.18.4-3.1.mbs1.x86_64.rpm ae93c00e6b93f4ebb0701274ccd55526 mbs1/SRPMS/poppler-0.18.4-3.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRa7VrmqjQ0CJFipgRAmPGAKCgCBb7fI6om9idJ+GKMPoK4LalXACdHbLS DulHJ5gKjYy8pAsPIdzrfwU= =JAI7 -----END PGP SIGNATURE-----
