Linux Security
Linux Security
Linux Security

Debian: New poppler packages fix several vulnerabilities

Date 05 Feb 2008
Posted By LinuxSecurity Advisories
Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1480-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
February 05, 2008           
- ------------------------------------------------------------------------

Package        : poppler
Vulnerability  : several
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-4352 CVE-2007-5392 CVE-2007-5393

Alin Rad Pop discovered several buffer overflows in the Poppler PDF
library, which could allow the execution of arbitrary code if a
malformed PDF file is opened.

For the stable distribution (etch), these problems have been fixed in
version 0.4.5-5.1etch2.

The old stable distribution (sarge) doesn't contain poppler.

We recommend that you upgrade your poppler packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   484246 62ac8891f912e0297dee3bc875497ef7
    Size/MD5 checksum:      749 d12234813b844d590e151f454c7f26fb
    Size/MD5 checksum:   783752 2bb1c75aa3f9c42f0ba48b5492e6d32c

alpha architecture (DEC Alpha)
    Size/MD5 checksum:    30374 498fdc2dcafa1368c76f22a26243bd18
    Size/MD5 checksum:    42932 5c37d6c62ed141bb1ea227e8ed4a02ac
    Size/MD5 checksum:   774474 25ee5518b1f66bdcab1276ae15104362
    Size/MD5 checksum:    33862 97c425d38d2a52013ecb777323fedcbf
    Size/MD5 checksum:    55184 6a8bc43d21cd7b053e4ff2e96039ecde
    Size/MD5 checksum:   504400 1873e99c14b49a16a97fa1853840393c
    Size/MD5 checksum:    86262 6e9bb738236eb858aa379a011722df5e

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   456402 b149225663d59f2a71f959c54dc9980a
    Size/MD5 checksum:    83490 503a5244ca6778e8934001fcb775863a
    Size/MD5 checksum:    45932 a4f161401bfa3dd4179e1f06f26ea2fc
    Size/MD5 checksum:    30518 caea56a87a7f3cbe810912043198944c
    Size/MD5 checksum:   613524 9f60fe935bf1a0d39cb476306a1cd877
    Size/MD5 checksum:    29574 765b2a6179f6de7bcd12577267f28bdc
    Size/MD5 checksum:    41628 d321bfeef8b4b1646ba1232c2b289e31

arm architecture (ARM)
    Size/MD5 checksum:    30290 ca3b42b4698fd95047d9d01da07c19f0
    Size/MD5 checksum:    81660 b5ef96b6267053ef30530742cc7fc885
    Size/MD5 checksum:    29290 cb56448209be77de26a8ae8370ade5e7
    Size/MD5 checksum:   594802 ee6c3e505eca8dc598dc5128418d24c3
    Size/MD5 checksum:    44606 44101c76d6b8148c26ad3e85dd72fe66
    Size/MD5 checksum:   438018 eb2a802afd0da063c444c0cf2e4a1ed4
    Size/MD5 checksum:    40054 a1c854be81c453ed1208c7f4f9c2f5eb

i386 architecture (Intel ia32)
    Size/MD5 checksum:   443352 016dd5a98a0eb335af593d1e51e081d5
    Size/MD5 checksum:    29378 8d28f47566c6ea599a9d008280d13129
    Size/MD5 checksum:    80798 8a05f82badaa6b3f69e86b5ec524b0fa
    Size/MD5 checksum:    44140 e344517322685ec03e9368569b1040ee
    Size/MD5 checksum:    40610 3a31076ff600ff771e68180074b46a21
    Size/MD5 checksum:    30134 194fbfb244f877cd07b00bc5564a0a30
    Size/MD5 checksum:   573836 dda4a5aa4e8c0c931bb456daf3e7e38d

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   105174 4d21ca486d0dfb96ab111110aea18184
    Size/MD5 checksum:   808710 fef48b747551e1f078e51a863db42d64
    Size/MD5 checksum:    47680 6c2a9d463679be4d6738009e01d53229
    Size/MD5 checksum:    33654 afe0b327c8cde6490cf3982450286911
    Size/MD5 checksum:    54716 5aef6fdb1721fd392e7a5b694774fe3f
    Size/MD5 checksum:    32070 d2981f21f801bd748cf0f429683de327
    Size/MD5 checksum:   613062 ddfb7f3ee5899b15576dccf1f7730af5

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    31838 ee6109e671d1b520e4f0e139ce323d31
    Size/MD5 checksum:   674630 ced70154cf0bf69de7e3f0682a26efe7
    Size/MD5 checksum:    29444 80577ad366a7ff024f6bbcfe28e9423e
    Size/MD5 checksum:    86570 95f59eddb01635867c47ebefdf53148f
    Size/MD5 checksum:   457738 adb74127e8b2f75c08dc4d1140cfcf53
    Size/MD5 checksum:    50162 a9a20c39b24ffb935dd5c95e58225250
    Size/MD5 checksum:    41714 9eba45d7741fb6af5defe6cd13aa04b4

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    32068 8f0e573a5d16b9c38647fd35af827f51
    Size/MD5 checksum:   444286 1a9c45b8d5110116e7327379448cb5e5
    Size/MD5 checksum:    49638 67f7ee08100eedef89ce6a10261e4cf3
    Size/MD5 checksum:    29716 d1695e641ec7f2025aed5f3b3092f432
    Size/MD5 checksum:   664980 b521ee4bdbc3f5c063522e14c93a49fb
    Size/MD5 checksum:    41074 a4d66ed0588b10960fe40da8e2114aa9
    Size/MD5 checksum:    86512 25a6b4c4a4a6b1bd8217c5cd7c824554

powerpc architecture (PowerPC)
    Size/MD5 checksum:    89176 40cc1c0ddbcb14c1bd88620e4427f2ad
    Size/MD5 checksum:    43006 857e0d7a14ac3448d531a6e92badfaa7
    Size/MD5 checksum:   651790 b85508f089275c45426271ab42af5852
    Size/MD5 checksum:    31282 3b991e0a59044ad90bce84dab4a3c286
    Size/MD5 checksum:    48000 0d4dcec8c85e63bf932cba1214e23e8a
    Size/MD5 checksum:   472200 5f73beffafb62d0c609a1065e162dbaa
    Size/MD5 checksum:    31310 689f8d2507230afdc69b2d967ce6dfc7

s390 architecture (IBM S/390)
    Size/MD5 checksum:    41554 d03144f78dde41a7eb0c33ee63436429
    Size/MD5 checksum:   621764 ac5f100d5a18b4088a00503ad7d27347
    Size/MD5 checksum:    30430 9f8575a73fa04ca2920ed97d3d30960f
    Size/MD5 checksum:    46690 219c0e56d1ae87c01d984ddce2f576b1
    Size/MD5 checksum:    29332 e34057f02956439dcd2c1643153a4320
    Size/MD5 checksum:    80556 9bf0f20909214d5433c8b6986bd86813
    Size/MD5 checksum:   453712 471ce86c951154e00d8e5c6e78170915

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   444208 7108e0818b726a16e46d0fa8c41b3b9b
    Size/MD5 checksum:    44412 7773d4a704d458419c50e49eb6c2148f
    Size/MD5 checksum:    29146 9a3e1df71ee09b5b55703673153232c5
    Size/MD5 checksum:    78156 63a833e7ebdb56c067e69aa1a3988ed1
    Size/MD5 checksum:    40312 040a74fe179460b0b175e29bc0de26a6
    Size/MD5 checksum:   583836 2e40b8be7ad912d86235bd6ff59aeb92
    Size/MD5 checksum:    30494 a17ba5f32a555022213133d909dc01aa

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.