Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Red Hat 7: RHSA-2016:2580-02 Moderate: Heap Overflow in Poppler

Calendar Nov 03, 2016 User Avatar LinuxSecurity Advisories
6 - 11 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate red hat software update heap overflow poppler
An update for poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: poppler security and bug fix update
Advisory ID:       RHSA-2016:2580-02
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2016:2580.html
Issue date:        2016-11-03
CVE Names:         CVE-2015-8868 
====================================================================
1. Summary:

An update for poppler is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.

Security Fix(es):

* A heap-buffer overflow was found in the poppler library. An attacker
could create a malicious PDF file that would cause applications that use
poppler (such as Evince) to crash or, potentially, execute arbitrary code
when opened. (CVE-2015-8868)

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1298616 - Show at least characters from PDFDocEncoding in editable forms
1326225 - CVE-2015-8868 poppler: heap buffer overflow in ExponentialFunction

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
poppler-0.26.5-16.el7.src.rpm

x86_64:
poppler-0.26.5-16.el7.i686.rpm
poppler-0.26.5-16.el7.x86_64.rpm
poppler-debuginfo-0.26.5-16.el7.i686.rpm
poppler-debuginfo-0.26.5-16.el7.x86_64.rpm
poppler-glib-0.26.5-16.el7.i686.rpm
poppler-glib-0.26.5-16.el7.x86_64.rpm
poppler-qt-0.26.5-16.el7.i686.rpm
poppler-qt-0.26.5-16.el7.x86_64.rpm
poppler-utils-0.26.5-16.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
poppler-cpp-0.26.5-16.el7.i686.rpm
poppler-cpp-0.26.5-16.el7.x86_64.rpm
poppler-cpp-devel-0.26.5-16.el7.i686.rpm
poppler-cpp-devel-0.26.5-16.el7.x86_64.rpm
poppler-debuginfo-0.26.5-16.el7.i686.rpm
poppler-debuginfo-0.26.5-16.el7.x86_64.rpm
poppler-demos-0.26.5-16.el7.x86_64.rpm
poppler-devel-0.26.5-16.el7.i686.rpm
poppler-devel-0.26.5-16.el7.x86_64.rpm
poppler-glib-devel-0.26.5-16.el7.i686.rpm
poppler-glib-devel-0.26.5-16.el7.x86_64.rpm
poppler-qt-devel-0.26.5-16.el7.i686.rpm
poppler-qt-devel-0.26.5-16.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
poppler-0.26.5-16.el7.src.rpm

x86_64:
poppler-0.26.5-16.el7.i686.rpm
poppler-0.26.5-16.el7.x86_64.rpm
poppler-debuginfo-0.26.5-16.el7.i686.rpm
poppler-debuginfo-0.26.5-16.el7.x86_64.rpm
poppler-qt-0.26.5-16.el7.i686.rpm
poppler-qt-0.26.5-16.el7.x86_64.rpm
poppler-utils-0.26.5-16.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
poppler-cpp-0.26.5-16.el7.i686.rpm
poppler-cpp-0.26.5-16.el7.x86_64.rpm
poppler-cpp-devel-0.26.5-16.el7.i686.rpm
poppler-cpp-devel-0.26.5-16.el7.x86_64.rpm
poppler-debuginfo-0.26.5-16.el7.i686.rpm
poppler-debuginfo-0.26.5-16.el7.x86_64.rpm
poppler-demos-0.26.5-16.el7.x86_64.rpm
poppler-devel-0.26.5-16.el7.i686.rpm
poppler-devel-0.26.5-16.el7.x86_64.rpm
poppler-glib-0.26.5-16.el7.i686.rpm
poppler-glib-0.26.5-16.el7.x86_64.rpm
poppler-glib-devel-0.26.5-16.el7.i686.rpm
poppler-glib-devel-0.26.5-16.el7.x86_64.rpm
poppler-qt-devel-0.26.5-16.el7.i686.rpm
poppler-qt-devel-0.26.5-16.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
poppler-0.26.5-16.el7.src.rpm

aarch64:
poppler-0.26.5-16.el7.aarch64.rpm
poppler-debuginfo-0.26.5-16.el7.aarch64.rpm
poppler-glib-0.26.5-16.el7.aarch64.rpm
poppler-qt-0.26.5-16.el7.aarch64.rpm
poppler-utils-0.26.5-16.el7.aarch64.rpm

ppc64:
poppler-0.26.5-16.el7.ppc.rpm
poppler-0.26.5-16.el7.ppc64.rpm
poppler-debuginfo-0.26.5-16.el7.ppc.rpm
poppler-debuginfo-0.26.5-16.el7.ppc64.rpm
poppler-glib-0.26.5-16.el7.ppc.rpm
poppler-glib-0.26.5-16.el7.ppc64.rpm
poppler-utils-0.26.5-16.el7.ppc64.rpm

ppc64le:
poppler-0.26.5-16.el7.ppc64le.rpm
poppler-debuginfo-0.26.5-16.el7.ppc64le.rpm
poppler-glib-0.26.5-16.el7.ppc64le.rpm
poppler-qt-0.26.5-16.el7.ppc64le.rpm
poppler-utils-0.26.5-16.el7.ppc64le.rpm

s390x:
poppler-0.26.5-16.el7.s390.rpm
poppler-0.26.5-16.el7.s390x.rpm
poppler-debuginfo-0.26.5-16.el7.s390.rpm
poppler-debuginfo-0.26.5-16.el7.s390x.rpm
poppler-glib-0.26.5-16.el7.s390.rpm
poppler-glib-0.26.5-16.el7.s390x.rpm
poppler-utils-0.26.5-16.el7.s390x.rpm

x86_64:
poppler-0.26.5-16.el7.i686.rpm
poppler-0.26.5-16.el7.x86_64.rpm
poppler-debuginfo-0.26.5-16.el7.i686.rpm
poppler-debuginfo-0.26.5-16.el7.x86_64.rpm
poppler-glib-0.26.5-16.el7.i686.rpm
poppler-glib-0.26.5-16.el7.x86_64.rpm
poppler-qt-0.26.5-16.el7.i686.rpm
poppler-qt-0.26.5-16.el7.x86_64.rpm
poppler-utils-0.26.5-16.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
poppler-cpp-0.26.5-16.el7.aarch64.rpm
poppler-cpp-devel-0.26.5-16.el7.aarch64.rpm
poppler-debuginfo-0.26.5-16.el7.aarch64.rpm
poppler-demos-0.26.5-16.el7.aarch64.rpm
poppler-devel-0.26.5-16.el7.aarch64.rpm
poppler-glib-devel-0.26.5-16.el7.aarch64.rpm
poppler-qt-devel-0.26.5-16.el7.aarch64.rpm

ppc64:
poppler-cpp-0.26.5-16.el7.ppc.rpm
poppler-cpp-0.26.5-16.el7.ppc64.rpm
poppler-cpp-devel-0.26.5-16.el7.ppc.rpm
poppler-cpp-devel-0.26.5-16.el7.ppc64.rpm
poppler-debuginfo-0.26.5-16.el7.ppc.rpm
poppler-debuginfo-0.26.5-16.el7.ppc64.rpm
poppler-demos-0.26.5-16.el7.ppc64.rpm
poppler-devel-0.26.5-16.el7.ppc.rpm
poppler-devel-0.26.5-16.el7.ppc64.rpm
poppler-glib-devel-0.26.5-16.el7.ppc.rpm
poppler-glib-devel-0.26.5-16.el7.ppc64.rpm
poppler-qt-0.26.5-16.el7.ppc.rpm
poppler-qt-0.26.5-16.el7.ppc64.rpm
poppler-qt-devel-0.26.5-16.el7.ppc.rpm
poppler-qt-devel-0.26.5-16.el7.ppc64.rpm

ppc64le:
poppler-cpp-0.26.5-16.el7.ppc64le.rpm
poppler-cpp-devel-0.26.5-16.el7.ppc64le.rpm
poppler-debuginfo-0.26.5-16.el7.ppc64le.rpm
poppler-demos-0.26.5-16.el7.ppc64le.rpm
poppler-devel-0.26.5-16.el7.ppc64le.rpm
poppler-glib-devel-0.26.5-16.el7.ppc64le.rpm
poppler-qt-devel-0.26.5-16.el7.ppc64le.rpm

s390x:
poppler-cpp-0.26.5-16.el7.s390.rpm
poppler-cpp-0.26.5-16.el7.s390x.rpm
poppler-cpp-devel-0.26.5-16.el7.s390.rpm
poppler-cpp-devel-0.26.5-16.el7.s390x.rpm
poppler-debuginfo-0.26.5-16.el7.s390.rpm
poppler-debuginfo-0.26.5-16.el7.s390x.rpm
poppler-demos-0.26.5-16.el7.s390x.rpm
poppler-devel-0.26.5-16.el7.s390.rpm
poppler-devel-0.26.5-16.el7.s390x.rpm
poppler-glib-devel-0.26.5-16.el7.s390.rpm
poppler-glib-devel-0.26.5-16.el7.s390x.rpm
poppler-qt-0.26.5-16.el7.s390.rpm
poppler-qt-0.26.5-16.el7.s390x.rpm
poppler-qt-devel-0.26.5-16.el7.s390.rpm
poppler-qt-devel-0.26.5-16.el7.s390x.rpm

x86_64:
poppler-cpp-0.26.5-16.el7.i686.rpm
poppler-cpp-0.26.5-16.el7.x86_64.rpm
poppler-cpp-devel-0.26.5-16.el7.i686.rpm
poppler-cpp-devel-0.26.5-16.el7.x86_64.rpm
poppler-debuginfo-0.26.5-16.el7.i686.rpm
poppler-debuginfo-0.26.5-16.el7.x86_64.rpm
poppler-demos-0.26.5-16.el7.x86_64.rpm
poppler-devel-0.26.5-16.el7.i686.rpm
poppler-devel-0.26.5-16.el7.x86_64.rpm
poppler-glib-devel-0.26.5-16.el7.i686.rpm
poppler-glib-devel-0.26.5-16.el7.x86_64.rpm
poppler-qt-devel-0.26.5-16.el7.i686.rpm
poppler-qt-devel-0.26.5-16.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
poppler-0.26.5-16.el7.src.rpm

x86_64:
poppler-0.26.5-16.el7.i686.rpm
poppler-0.26.5-16.el7.x86_64.rpm
poppler-debuginfo-0.26.5-16.el7.i686.rpm
poppler-debuginfo-0.26.5-16.el7.x86_64.rpm
poppler-glib-0.26.5-16.el7.i686.rpm
poppler-glib-0.26.5-16.el7.x86_64.rpm
poppler-qt-0.26.5-16.el7.i686.rpm
poppler-qt-0.26.5-16.el7.x86_64.rpm
poppler-utils-0.26.5-16.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
poppler-cpp-0.26.5-16.el7.i686.rpm
poppler-cpp-0.26.5-16.el7.x86_64.rpm
poppler-cpp-devel-0.26.5-16.el7.i686.rpm
poppler-cpp-devel-0.26.5-16.el7.x86_64.rpm
poppler-debuginfo-0.26.5-16.el7.i686.rpm
poppler-debuginfo-0.26.5-16.el7.x86_64.rpm
poppler-demos-0.26.5-16.el7.x86_64.rpm
poppler-devel-0.26.5-16.el7.i686.rpm
poppler-devel-0.26.5-16.el7.x86_64.rpm
poppler-glib-devel-0.26.5-16.el7.i686.rpm
poppler-glib-devel-0.26.5-16.el7.x86_64.rpm
poppler-qt-devel-0.26.5-16.el7.i686.rpm
poppler-qt-devel-0.26.5-16.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key

7. References:

https://access.redhat.com/security/cve/CVE-2015-8868
https://access.redhat.com/security/updates/classification#moderate
https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFYGvstXlSAg2UNWIIRAqPmAKCaVNwt0duaVrg/GaAmI/+iBvSFdgCcC/xz
2ElvdSkU16B/pL5Z+FFYBrQ=CJU/
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat 7: RHSA-2016:2580-02 Moderate: Heap Overflow in Poppler

red hat
Calendar Grey November 3, 2016
Dist Redhat Esm H88
Red Hat has released an update for poppler that targets several moderate security vulnerabilities and resolves various bugs. Discover further details about this update and its implications.
An update for poppler is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.
Security Fix(es):
* A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2015-8868)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate red hat software update heap overflow poppler

References

https://access.redhat.com/security/cve/CVE-2015-8868 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: poppler-0.26.5-16.el7.src.rpm
x86_64: poppler-0.26.5-16.el7.i686.rpm poppler-0.26.5-16.el7.x86_64.rpm poppler-debuginfo-0.26.5-16.el7.i686.rpm poppler-debuginfo-0.26.5-16.el7.x86_64.rpm poppler-glib-0.26.5-16.el7.i686.rpm poppler-glib-0.26.5-16.el7.x86_64.rpm poppler-qt-0.26.5-16.el7.i686.rpm poppler-qt-0.26.5-16.el7.x86_64.rpm poppler-utils-0.26.5-16.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: poppler-cpp-0.26.5-16.el7.i686.rpm poppler-cpp-0.26.5-16.el7.x86_64.rpm poppler-cpp-devel-0.26.5-16.el7.i686.rpm poppler-cpp-devel-0.26.5-16.el7.x86_64.rpm poppler-debuginfo-0.26.5-16.el7.i686.rpm poppler-debuginfo-0.26.5-16.el7.x86_64.rpm poppler-demos-0.26.5-16.el7.x86_64.rpm poppler-devel-0.26.5-16.el7.i686.rpm poppler-devel-0.26.5-16.el7.x86_64.rpm poppler-glib-devel-0.26.5-16.el7.i686.rpm poppler-glib-devel-0.26.5-16.el7.x86_64.rpm poppler-qt-devel-0.26.5-16.el7.i686.rpm poppler-qt-devel-0.26.5-16.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: poppler-0.26.5-16.el7.src.rpm
x86_64: poppler-0.26.5-16.el7.i686.rpm poppler-0.26.5-16.el7.x86_64.rpm poppler-debuginfo-0.26.5-16.el7.i686.rpm poppler-debuginfo-0.26.5-16.el7.x86_64.rpm poppler-qt-0.26.5-16.el7.i686.rpm

Read the Full Advisory


Advisory ID: RHSA-2016:2580-02
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2016:2580.html
Issue date: 2016-11-03

Topic

An update for poppler is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate red hat software update heap overflow poppler

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Bugs Fixed

1298616 - Show at least characters from PDFDocEncoding in editable forms

1326225 - CVE-2015-8868 poppler: heap buffer overflow in ExponentialFunction

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here