Debian: New poppler packages fix several vulnerabilities

    Date05 Feb 2008
    CategoryDebian
    4061
    Posted ByLinuxSecurity Advisories
    Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1480-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    February 05, 2008                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : poppler
    Vulnerability  : several
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
    
    Alin Rad Pop discovered several buffer overflows in the Poppler PDF
    library, which could allow the execution of arbitrary code if a
    malformed PDF file is opened.
    
    For the stable distribution (etch), these problems have been fixed in
    version 0.4.5-5.1etch2.
    
    The old stable distribution (sarge) doesn't contain poppler.
    
    We recommend that you upgrade your poppler packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.diff.gz
        Size/MD5 checksum:   484246 62ac8891f912e0297dee3bc875497ef7
      http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.dsc
        Size/MD5 checksum:      749 d12234813b844d590e151f454c7f26fb
      http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
        Size/MD5 checksum:   783752 2bb1c75aa3f9c42f0ba48b5492e6d32c
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_alpha.deb
        Size/MD5 checksum:    30374 498fdc2dcafa1368c76f22a26243bd18
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_alpha.deb
        Size/MD5 checksum:    42932 5c37d6c62ed141bb1ea227e8ed4a02ac
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_alpha.deb
        Size/MD5 checksum:   774474 25ee5518b1f66bdcab1276ae15104362
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_alpha.deb
        Size/MD5 checksum:    33862 97c425d38d2a52013ecb777323fedcbf
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_alpha.deb
        Size/MD5 checksum:    55184 6a8bc43d21cd7b053e4ff2e96039ecde
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_alpha.deb
        Size/MD5 checksum:   504400 1873e99c14b49a16a97fa1853840393c
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_alpha.deb
        Size/MD5 checksum:    86262 6e9bb738236eb858aa379a011722df5e
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_amd64.deb
        Size/MD5 checksum:   456402 b149225663d59f2a71f959c54dc9980a
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_amd64.deb
        Size/MD5 checksum:    83490 503a5244ca6778e8934001fcb775863a
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_amd64.deb
        Size/MD5 checksum:    45932 a4f161401bfa3dd4179e1f06f26ea2fc
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_amd64.deb
        Size/MD5 checksum:    30518 caea56a87a7f3cbe810912043198944c
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_amd64.deb
        Size/MD5 checksum:   613524 9f60fe935bf1a0d39cb476306a1cd877
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_amd64.deb
        Size/MD5 checksum:    29574 765b2a6179f6de7bcd12577267f28bdc
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_amd64.deb
        Size/MD5 checksum:    41628 d321bfeef8b4b1646ba1232c2b289e31
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_arm.deb
        Size/MD5 checksum:    30290 ca3b42b4698fd95047d9d01da07c19f0
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_arm.deb
        Size/MD5 checksum:    81660 b5ef96b6267053ef30530742cc7fc885
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_arm.deb
        Size/MD5 checksum:    29290 cb56448209be77de26a8ae8370ade5e7
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_arm.deb
        Size/MD5 checksum:   594802 ee6c3e505eca8dc598dc5128418d24c3
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_arm.deb
        Size/MD5 checksum:    44606 44101c76d6b8148c26ad3e85dd72fe66
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_arm.deb
        Size/MD5 checksum:   438018 eb2a802afd0da063c444c0cf2e4a1ed4
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_arm.deb
        Size/MD5 checksum:    40054 a1c854be81c453ed1208c7f4f9c2f5eb
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_i386.deb
        Size/MD5 checksum:   443352 016dd5a98a0eb335af593d1e51e081d5
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_i386.deb
        Size/MD5 checksum:    29378 8d28f47566c6ea599a9d008280d13129
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_i386.deb
        Size/MD5 checksum:    80798 8a05f82badaa6b3f69e86b5ec524b0fa
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_i386.deb
        Size/MD5 checksum:    44140 e344517322685ec03e9368569b1040ee
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_i386.deb
        Size/MD5 checksum:    40610 3a31076ff600ff771e68180074b46a21
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_i386.deb
        Size/MD5 checksum:    30134 194fbfb244f877cd07b00bc5564a0a30
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_i386.deb
        Size/MD5 checksum:   573836 dda4a5aa4e8c0c931bb456daf3e7e38d
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_ia64.deb
        Size/MD5 checksum:   105174 4d21ca486d0dfb96ab111110aea18184
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_ia64.deb
        Size/MD5 checksum:   808710 fef48b747551e1f078e51a863db42d64
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_ia64.deb
        Size/MD5 checksum:    47680 6c2a9d463679be4d6738009e01d53229
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_ia64.deb
        Size/MD5 checksum:    33654 afe0b327c8cde6490cf3982450286911
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_ia64.deb
        Size/MD5 checksum:    54716 5aef6fdb1721fd392e7a5b694774fe3f
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_ia64.deb
        Size/MD5 checksum:    32070 d2981f21f801bd748cf0f429683de327
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_ia64.deb
        Size/MD5 checksum:   613062 ddfb7f3ee5899b15576dccf1f7730af5
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mips.deb
        Size/MD5 checksum:    31838 ee6109e671d1b520e4f0e139ce323d31
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mips.deb
        Size/MD5 checksum:   674630 ced70154cf0bf69de7e3f0682a26efe7
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mips.deb
        Size/MD5 checksum:    29444 80577ad366a7ff024f6bbcfe28e9423e
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mips.deb
        Size/MD5 checksum:    86570 95f59eddb01635867c47ebefdf53148f
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mips.deb
        Size/MD5 checksum:   457738 adb74127e8b2f75c08dc4d1140cfcf53
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mips.deb
        Size/MD5 checksum:    50162 a9a20c39b24ffb935dd5c95e58225250
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mips.deb
        Size/MD5 checksum:    41714 9eba45d7741fb6af5defe6cd13aa04b4
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mipsel.deb
        Size/MD5 checksum:    32068 8f0e573a5d16b9c38647fd35af827f51
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mipsel.deb
        Size/MD5 checksum:   444286 1a9c45b8d5110116e7327379448cb5e5
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mipsel.deb
        Size/MD5 checksum:    49638 67f7ee08100eedef89ce6a10261e4cf3
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mipsel.deb
        Size/MD5 checksum:    29716 d1695e641ec7f2025aed5f3b3092f432
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mipsel.deb
        Size/MD5 checksum:   664980 b521ee4bdbc3f5c063522e14c93a49fb
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mipsel.deb
        Size/MD5 checksum:    41074 a4d66ed0588b10960fe40da8e2114aa9
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mipsel.deb
        Size/MD5 checksum:    86512 25a6b4c4a4a6b1bd8217c5cd7c824554
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_powerpc.deb
        Size/MD5 checksum:    89176 40cc1c0ddbcb14c1bd88620e4427f2ad
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_powerpc.deb
        Size/MD5 checksum:    43006 857e0d7a14ac3448d531a6e92badfaa7
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_powerpc.deb
        Size/MD5 checksum:   651790 b85508f089275c45426271ab42af5852
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_powerpc.deb
        Size/MD5 checksum:    31282 3b991e0a59044ad90bce84dab4a3c286
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_powerpc.deb
        Size/MD5 checksum:    48000 0d4dcec8c85e63bf932cba1214e23e8a
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_powerpc.deb
        Size/MD5 checksum:   472200 5f73beffafb62d0c609a1065e162dbaa
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_powerpc.deb
        Size/MD5 checksum:    31310 689f8d2507230afdc69b2d967ce6dfc7
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_s390.deb
        Size/MD5 checksum:    41554 d03144f78dde41a7eb0c33ee63436429
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_s390.deb
        Size/MD5 checksum:   621764 ac5f100d5a18b4088a00503ad7d27347
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_s390.deb
        Size/MD5 checksum:    30430 9f8575a73fa04ca2920ed97d3d30960f
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_s390.deb
        Size/MD5 checksum:    46690 219c0e56d1ae87c01d984ddce2f576b1
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_s390.deb
        Size/MD5 checksum:    29332 e34057f02956439dcd2c1643153a4320
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_s390.deb
        Size/MD5 checksum:    80556 9bf0f20909214d5433c8b6986bd86813
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_s390.deb
        Size/MD5 checksum:   453712 471ce86c951154e00d8e5c6e78170915
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_sparc.deb
        Size/MD5 checksum:   444208 7108e0818b726a16e46d0fa8c41b3b9b
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_sparc.deb
        Size/MD5 checksum:    44412 7773d4a704d458419c50e49eb6c2148f
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_sparc.deb
        Size/MD5 checksum:    29146 9a3e1df71ee09b5b55703673153232c5
      http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_sparc.deb
        Size/MD5 checksum:    78156 63a833e7ebdb56c067e69aa1a3988ed1
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_sparc.deb
        Size/MD5 checksum:    40312 040a74fe179460b0b175e29bc0de26a6
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_sparc.deb
        Size/MD5 checksum:   583836 2e40b8be7ad912d86235bd6ff59aeb92
      http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_sparc.deb
        Size/MD5 checksum:    30494 a17ba5f32a555022213133d909dc01aa
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.