Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 10 Poppler Update: Critical Integer Overflows Addressed

fedora
Calendar Grey October 27, 2009
Dist Fedora Esm H88
This enhancement strengthens GIMP in Fedora 10, rectifying several vulnerabilities and boosting overall system protection.
This build addresses several recent security issues.

Summary

Poppler, a PDF rendering library, is a fork of the xpdf PDF

viewer developed by Derek Noonburg of Glyph and Cog, LLC.

Update Information:

This build addresses several recent security issues.

Topics%20covered

Topics Covered

security advisory fedora critical software update integer overflow poppler

Change Log

* Sun Oct 25 2009 Rex Dieter - 0.8.8-7 - CVE-2009-3603 xpdf/popppler: SplashBitmap::SplashBitmap integer overflow (#526915) - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check(#526911) - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow (#526877) - CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow (#526924) - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (#526637) - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow (#526893) * Fri Jan 23 2009 Rex Dieter - 0.8.7-6 - use backported jbig2_security patch from debian/ubuntu (#496942) - poppler-data-0.2.1 - --enable-libjpeg (speed) - track sonames * Tue Jan 20 2009 Rex Dieter - 0.8.7-5 - patch to workaround okular rendering hyperlinks (#480357) - add needed scriptlets - nuke rpaths * Sun Jan 4 2009 Matthias Clasen - 0.8.7-4 - Fix a problem with large images * Tue Sep 16 2008 Rex Dieter - 0.8.7-2 - cleanup qt3 hack - %description cosmetics

References


[ 1 ] Bug #526915 - CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526915 [ 2 ] Bug #526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check https://bugzilla.redhat.com/show_bug.cgi?id=526911 [ 3 ] Bug #526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526877 [ 4 ] Bug #526924 - CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526924 [ 5 ] Bug #526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) https://bugzilla.redhat.com/show_bug.cgi?id=526637 [ 6 ] Bug #526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526893

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update poppler' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: poppler
Product: Fedora 10
Version: 0.8.7
Release: 7.fc10
URL: http://poppler.freedesktop.org/
Summary: PDF rendering library

Topics%20covered

Topics Covered

security advisory fedora critical software update integer overflow poppler

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here