Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
202
security advisorybuffer overflowmoderate severityopenSUSE Leap 15.4 Security Update 2023:4187-1 Moderate: Poppler Issue
This update for poppler fixes the following issues: CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust. (bsc#1140745). # Security update for poppler Announcement ID: SUSE-SU-2023:4187-1 Rating: moderate References: * bsc#1112424 * bsc#1112428 * bsc#1140745 * bsc#1214256 Cross-References: * CVE-2018-18454 * CVE-2018-18456 * CVE-2019-13287 * CVE-2020-36023 CVSS scores: * CVE-2018-18454 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18454 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-18456 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18456 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-13287 ( SUSE ): 3.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2019-13287 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36023 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves four vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust. (bsc#1140745) * CVE-2018-18456: Fixed a stack-based buffer over-read via a crafted pdf file. (bsc#1112428) * CVE-2018-18454: Fixed heap-based buffer over-read) via a crafted pdf file. (bsc#1112424) * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph. (bsc#1214256) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4187=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) *libpoppler73-0.62.0-150000.4.28.2 * libpoppler73-debuginfo-0.62.0-150000.4.28.2 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-0.62.0-150000.4.28.2 * libpoppler73-32bit-debuginfo-0.62.0-150000.4.28.2 ## References: * https://www.suse.com/security/cve/CVE-2018-18454.html * https://www.suse.com/security/cve/CVE-2018-18456.html * https://www.suse.com/security/cve/CVE-2019-13287.html * https://www.suse.com/security/cve/CVE-2020-36023.html * https://bugzilla.suse.com/show_bug.cgi?id=1112424 * https://bugzilla.suse.com/show_bug.cgi?id=1112428 * https://bugzilla.suse.com/show_bug.cgi?id=1140745 * https://bugzilla.suse.com/show_bug.cgi?id=1214256 . The latest kernel patch addresses critical vulnerabilities, enhancing stability for Fedora 36 with streamlined upgrade paths.. Poppler Security Update, openSUSE Leap 15.4, Security Patch, Moderate Severity, Buffer Overflow Issue. . LinuxSecurity.com Team
Oct 24, 2023
OpenSUSE
203
security advisorymoderatedenial of serviceMageia: 2022-0282 Moderate Vulnerability in Poppler via Malicious PDF
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337) References: . MGASA-2022-0282 - Updated poppler packages fix security vulnerability Publication date: 13 Aug 2022 URL: https://advisories.mageia.org/MGASA-2022-0282.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-27337 A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337) References: - https://bugs.mageia.org/show_bug.cgi?id=30690 - https://lists.fedoraproject.org/archives/list/
Aug 13, 2022
Mageia
172
security advisorydenial of servicesoftware updateUbuntu 17.04: USN-3350-1 Moderate: Poppler PDF Denial Of Service
poppler could be made to crash or run programs as your login if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-3350-1 July 07, 2017 poppler vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: poppler could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - poppler: PDF rendering library Details: Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2017-2820) Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. (CVE-2017-7511) It was discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to hang, resulting in a denial of service. (CVE-2017-7515) It was discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause cause poppler to crash, resulting in a denial of service. (CVE-2017-9083) It was discovered that poppler incorrectly handled memory when processing PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to consume resources, resulting in a denial of service. (CVE-2017-9406,CVE-2017-9408) Alberto Garcia, Francisco Oca, and Suleman Ali discovered that the poppler pdftocairo tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. (CVE-2017-9775) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: libpoppler-cpp0v5 0.48.0-2ubuntu2.1 libpoppler-glib8 0.48.0-2ubuntu2.1 libpoppler-qt4-4 0.48.0-2ubuntu2.1 libpoppler-qt5-1 0.48.0-2ubuntu2.1 libpoppler64 0.48.0-2ubuntu2.1 poppler-utils 0.48.0-2ubuntu2.1 Ubuntu 16.10: libpoppler-cpp0v5 0.44.0-3ubuntu2.1 libpoppler-glib8 0.44.0-3ubuntu2.1 libpoppler-qt4-4 0.44.0-3ubuntu2.1 libpoppler-qt5-1 0.44.0-3ubuntu2.1 libpoppler61 0.44.0-3ubuntu2.1 poppler-utils 0.44.0-3ubuntu2.1 Ubuntu 16.04 LTS: libpoppler-cpp0 0.41.0-0ubuntu1.2 libpoppler-glib8 0.41.0-0ubuntu1.2 libpoppler-qt4-4 0.41.0-0ubuntu1.2 libpoppler-qt5-1 0.41.0-0ubuntu1.2 libpoppler58 0.41.0-0ubuntu1.2 poppler-utils 0.41.0-0ubuntu1.2 Ubuntu 14.04 LTS: libpoppler-cpp0 0.24.5-2ubuntu4.5 libpoppler-glib8 0.24.5-2ubuntu4.5 libpoppler-qt4-4 0.24.5-2ubuntu4.5 libpoppler-qt5-1 0.24.5-2ubuntu4.5 libpoppler44 0.24.5-2ubuntu4.5 poppler-utils 0.24.5-2ubuntu4.5 In general, a standard system update will make all the necessary changes. References: CVE-2017-2820, CVE-2017-7511, CVE-2017-7515, CVE-2017-9083, CVE-2017-9406, CVE-2017-9408, CVE-2017-9775 Package Information: https://launchpad.net/ubuntu/+source/poppler/0.48.0-2ubuntu2.1 https://launchpad.net/ubuntu/+source/poppler/0.44.0-3ubuntu2.1 https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/poppler/0.24.5-2ubuntu4.5 . Upgrade your Ubuntu installation to address poppler security flaws and improve defense against specially crafted PDF documents.. Ubuntu Poppler Update, PDF Handling Exploit, Denial Of Service Risk. . Severity: Important. LinuxSecurity.com Team
Jul 07, 2017
•Important
Ubuntu
91
security advisorygentoocode executionGentoo: GLSA-201009-05 Normal: Adobe Reader Code Execution Risk
Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201009-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: September 07, 2010 Bugs: #297385, #306429, #313343, #322857 ID: 201009-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks. Background ========= Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.3.4 > = 9.3.4 Description ========== Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Impact ===== A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or bypass intended sandbox restrictions, make cross-domain requests, inject arbitrary web script or HTML, or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4" References ========= [ 1 ] APSA10-01 [ 2 ] APSB10-02 [ 3 ] APSB10-07 [ 4 ] APSB10-09 [ 5 ] APSB10-14 [ 6 ] APSB10-16 [ 7 ] CVE-2009-3953 https://www.cve.org/CVERecord?id=CVE-2009-3953 [ 8 ] CVE-2009-4324 https://www.cve.org/CVERecord?id=CVE-2009-4324 [ 9 ] CVE-2010-0186 https://www.cve.org/CVERecord?id=CVE-2010-0186 [ 10 ] CVE-2010-0188 https://www.cve.org/CVERecord?id=CVE-2010-0188 [ 11 ] CVE-2010-0190 https://www.cve.org/CVERecord?id=CVE-2010-0190 [ 12 ] CVE-2010-0191 https://www.cve.org/CVERecord?id=CVE-2010-0191 [ 13 ] CVE-2010-0192 https://www.cve.org/CVERecord?id=CVE-2010-0192 [ 14 ] CVE-2010-0193 https://www.cve.org/CVERecord?id=CVE-2010-0193 [ 15 ] CVE-2010-0194 https://www.cve.org/CVERecord?id=CVE-2010-0194 [ 16 ] CVE-2010-0195 https://www.cve.org/CVERecord?id=CVE-2010-0195 [ 17 ] CVE-2010-0196 https://www.cve.org/CVERecord?id=CVE-2010-0196 [ 18 ] CVE-2010-0197 https://www.cve.org/CVERecord?id=CVE-2010-0197 [ 19 ] CVE-2010-0198 https://www.cve.org/CVERecord?id=CVE-2010-0198 [ 20 ] CVE-2010-0199 https://www.cve.org/CVERecord?id=CVE-2010-0199 [ 21 ] CVE-2010-0201 https://www.cve.org/CVERecord?id=CVE-2010-0201 [ 22 ] CVE-2010-0202 https://www.cve.org/CVERecord?id=CVE-2010-0202 [ 23 ] CVE-2010-0203 https://www.cve.org/CVERecord?id=CVE-2010-0203 [ 24 ] CVE-2010-0204 https://www.cve.org/CVERecord?id=CVE-2010-0204 [ 25 ] CVE-2010-1241 https://www.cve.org/CVERecord?id=CVE-2010-1241 [ 26 ] CVE-2010-1285 https://www.cve.org/CVERecord?id=CVE-2010-1285 [ 27 ] CVE-2010-1295 https://www.cve.org/CVERecord?id=CVE-2010-1295 [ 28 ] CVE-2010-1297 https://www.cve.org/CVERecord?id=CVE-2010-1297 [ 29 ] CVE-2010-2168 https://www.cve.org/CVERecord?id=CVE-2010-2168 [ 30 ] CVE-2010-2201 https://www.cve.org/CVERecord?id=CVE-2010-2201 [ 31 ] CVE-2010-2202 https://www.cve.org/CVERecord?id=CVE-2010-2202 [ 32 ] CVE-2010-2203 https://www.cve.org/CVERecord?id=CVE-2010-2203 [ 33 ] CVE-2010-2204 https://www.cve.org/CVERecord?id=CVE-2010-2204 [ 34 ] CVE-2010-2205 https://www.cve.org/CVERecord?id=CVE-2010-2205 [ 35 ] CVE-2010-2206 https://www.cve.org/CVERecord?id=CVE-2010-2206 [ 36 ] CVE-2010-2207 https://www.cve.org/CVERecord?id=CVE-2010-2207 [ 37 ] CVE-2010-2208 https://www.cve.org/CVERecord?id=CVE-2010-2208 [ 38 ] CVE-2010-2209 https://www.cve.org/CVERecord?id=CVE-2010-2209 [ 39 ] CVE-2010-2210 https://www.cve.org/CVERecord?id=CVE-2010-2210 [ 40 ] CVE-2010-2211 https://www.cve.org/CVERecord?id=CVE-2010-2211 [ 41 ] CVE-2010-2212 https://www.cve.org/CVERecord?id=CVE-2010-2212 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201009-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 07, 2010
Gentoo
172
security advisorycriticalremote code executionUbuntu: 6.06-7.10 USN-603-1 Critical: Poppler Remote Code Execution Issue
It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges. . =========================================================== Ubuntu Security Notice USN-603-1 April 17, 2008 poppler vulnerability CVE-2008-1693 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.4 Ubuntu 6.10: libpoppler1 0.5.4-0ubuntu4.4 Ubuntu 7.04: libpoppler1 0.5.4-0ubuntu8.3 Ubuntu 7.10: libpoppler2 0.6-0ubuntu2.2 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 14505 84fd76e862be522d0ae367a52abd33e1 Size/MD5: 1726 765b81a26a13a0b86189f1741bedc125 Size/MD5: 954930 a136cd731892f4570933034ba97c8704 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 725860 3186b3be16d84ee4852cb3fa0dc816bd Size/MD5: 57468 45f93de6a0eccd784ceaec18ae06800b Size/MD5: 46628 276bec9301d94f51100f861d87ee9368 Size/MD5: 52218 a3bf5c90d6374ba96725c3646936dcd4 Size/MD5: 4284097263411c74db409398706df7809e0a2 Size/MD5: 542704 e786a2f56a807450f470074952cdf98e Size/MD5: 100484 b3a34e3085f3356f210970289cdd218e i386 architecture (x86 compatible Intel/AMD): Size/MD5: 656998 44c7f448a947fb567c8aec573b48e903 Size/MD5: 54156 17c718dedd5812edd7387116f2bca6e8 Size/MD5: 44642 6e16f26542f466d19a8145652f011f29 Size/MD5: 50146 751ba6a2f6122282efc3649d65a9e044 Size/MD5: 41826 5b83c23615544d5fec7cd43239624836 Size/MD5: 501222 d395b11a2ce07e85fd6d605cf936b3f3 Size/MD5: 93518 a74337db902f1f3866d0cd004264e8c3 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 765856 0b60767804ad72423c5c965f6e15da1b Size/MD5: 59494 f51670118a9c07cc741472507dbd74d6 Size/MD5: 46778 48d52e14fab87d61a800ed4c62363c60 Size/MD5: 53508 ae03e9dfffa5cf70343d91ec23c54f07 Size/MD5: 44116 ec89ba959c30f63d7c7eb86130a392bc Size/MD5: 548978 c18941d4a488471f93566cd087aa38d2 Size/MD5: 105122 da0ced95f11dbfa2beec278cd0fb1ff2 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 686550 4b25fb5aa5e137d4a8aa535076453971 Size/MD5: 55820 98bfe0927f683709f00857475c740440 Size/MD5: 45316 0286a8b4ef3fe3348053af2f0258f740 Size/MD5: 50590 1187b82f37eeab72578fab544c7b5c17 Size/MD5: 41588 a3f454970003aa12356fc319b9e7e947 Size/MD5: 514122 c7603e73e914964a1de70ce197bf0efe Size/MD5: 93044 1d6d623c99506b513ab66d53292f40c9 Updated packages for Ubuntu 6.10: Source archives: Size/MD5: 14500 db042c9b860da14447ea497da7ddc64c Size/MD5: 1558 736727b07c93a2f733dc66309c435cd9 Size/MD5: 1062401 053fdfd70533ecce1a06353fa945f061 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 826596 6958dbf90dab3a491b82dec8c7ea855f Size/MD5: 663843773519a22185e7229741a573fcf8712 Size/MD5: 69420 1d621514681fe540a04fa544433fbfe1 Size/MD5: 183676 a4c12851e8518e309e220cf44b8f034a Size/MD5: 60508 bdea4893aecbf5f92aa1be2df4f9c762 Size/MD5: 152296 04b7fe70a1f75ee912597418a169f8f8 Size/MD5: 60148 c5b6a0b2463e2ada0a574a04f45c6aec Size/MD5: 590614 51fefbc72f3221cc398cf1028c70dc03 Size/MD5: 108180 9f8f8edbd139f2824ad3da98806ef1e6 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 770754 45fe7425310f694759b5bcc23637c547 Size/MD5: 63692 cb625393e5252846d823b7dea5a61418 Size/MD5: 65488 eda84d72a7ee4060198613694d28c26a Size/MD5: 174612 f120019b1ceb45d0d87d12e330d231d3 Size/MD5: 59288 5c57a6ed4a572a77919bfcee4cb7714a Size/MD5: 149094 a5c713a380543a29fb3497058ad85829 Size/MD5: 58706 71b9c0c2ee2f2f62c8fd493c8ba7bd02 Size/MD5: 563344 09c8790aca7f777e58459283327a73ca Size/MD5: 102858 95a4b0fc1abb8cc0bf4e7d4cbf748d4c powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 873014 8845dd271afb769548301671cecaff4f Size/MD5: 68672 be0914c08960751dab229e8d9ea14ad2 Size/MD5: 69372 06a370cde35d7191796a5862966a00e5 Size/MD5: 186780 a5663ffb09ee93d9e7863372940f3370 Size/MD5: 61704 280ab841692c4d1e27cd3f9e57a287a8 Size/MD5: 150492 657efd29e9345681a7b2fa1660ce7730 Size/MD5: 60840 d23ea8fa0213ee48cec83b574e4428a5 Size/MD5: 600520 9db42683166760390546a430c4eb371c Size/MD5: 113026 52b7fa27b7d3ab661c6afaeb81ed5b38 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 793254 ca1c91f1f9d888e6df96da17ebd936ee Size/MD5: 64572 f18f3d67d1d928e8d7b067709c10a96d Size/MD5: 65502 62dc50e34e80286bd6e15cab605d661b Size/MD5: 173252 b3970fb19c9be322042b99a3f82fe087 Size/MD5: 58684 89491e3556e2b95dc56b9f45ec03ff7e Size/MD5: 149206 7050f25f2a13802c69037c2afb98a62b Size/MD5: 57698 7584e97a18e092b1f9a9ed914d9941be Size/MD5: 567524 1ae9265899502cefc36f36027ee26f63 Size/MD5: 101022 1439ca3853c96e249163a3f990738653 Updated packages for Ubuntu 7.04: Source archives: Size/MD5: 15235 18525a072b676325d8cee1f63fc7e699 Size/MD5: 1727 75c9044f06b2f6eb180a11ac7ceff1e4 Size/MD5: 1062401 053fdfd70533ecce1a06353fa945f061 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 827148 8b88dc9214b016a95b433651ec168869 Size/MD5: 102298 01b4884850244dde45baffa9180d32bc Size/MD5: 69718 8fe3e1dc1587e38787fb1516330e94cd Size/MD5: 184018 cd317bec965c92d2d6e06add5501b08e Size/MD5: 73632 173a46eee30f3df8dace425fe69bdb99 Size/MD5: 155036 3012823e188090e72462002f7e1b8677 Size/MD5: 61442 e8236a71b8a03768a207ad439611db2c Size/MD5: 607360 f95e4fb4cd177a82791d95b0047415e6 Size/MD5: 110058 12ff706989babc2de17882bdfe21c0a9 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 771920 2df42eb0e152759cb3caae43d58ff0f6 Size/MD5: 99712 fe9ca0c48bda1116d9996cdbb8e7a62f Size/MD5: 65760 70130c49c176460ca50552034071b955 Size/MD5: 174908 cae5f039f225ccf7f88da3cb29edc179 Size/MD5: 72506 9a316e487ea24c6af88fafe524ea0382 Size/MD5: 152782 e6c3e8d000cc389ffbcc82ad1fd3211b Size/MD5: 60716 5d369b2dfe1cfc40697f683f6eb30c31 Size/MD5: 586266 3ded0b5b4b749f2894ffe1ed72ac751a Size/MD5: 104600 d8ff6a863b64a24ace88f414f41340ff powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 877394 e0cb23b2956f2e3eecb4de627a153853 Size/MD5: 104978 942c8e13ab2b675192a87a44eb6e3851 Size/MD5: 69610 d82cc52a246794175ea37d391b3a5f68 Size/MD5: 187770 fe329efb9909f64c7761a7d17a1947cc Size/MD5: 77374 1c207ac50ba837a8b28533cdcae9b331 Size/MD5: 159452 543937f538919bc99fc35792d0340ead Size/MD5: 64850 110dd96963f3d29303c1d9c25e26e4ef Size/MD5: 642896 64611026b31ee4f744b773c3fea3cfe4 Size/MD5: 122222 9cbed1c29070fdb2c0f327c94a83094e sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 794766 6cb00569575135cacd5c4b2cfe172edc Size/MD5: 100164 41399df51e4bd056ddbfb43dea4aba0e Size/MD5: 65736 77e4d95301a5a665aede00811e4b65df Size/MD5: 173392 4906d45929e5990505013122ef7d7afa Size/MD5: 71446 f0f6436c8a9cbf32c9e506525c97087c Size/MD5: 153022 4e0154a6b20acf242192340fa5c8f676 Size/MD5: 59796 a3176e9ef4542943daa81e95880b727f Size/MD5: 591438 27a0315c095ce7d4737a7087b75dea30 Size/MD5: 104842 a48e69b8ce2735595fba33fe01e3f7a7 Updated packages for Ubuntu 7.10: Source archives: Size/MD5: 14094 35a6dfab1880cfa121700dd683cb1702 Size/MD5: 1179 a812dc289c21f14033c8e2d12a1c0472 Size/MD5: 1228142 96883867572aa1e55e979ec75369c562 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 944378 a0a44c77ac74908ef958a21cc366f9d3 Size/MD5: 157110 a0f82f5fd47d85e0eba786055e80a3e8 Size/MD5: 102188 1cdbf53f00872d8884f8fd29600f625e Size/MD5: 80878 076b5586adfdfb9f64db05facbf20871 Size/MD5: 73088 b53ea1cca48df7ab0b902cbcb700d899 Size/MD5: 193472 166feb502c16f3249fdfc7f580c5bc85 Size/MD5: 232798 c4b0332b9d7773a329776dc7a4eca5e6 Size/MD5: 690772 4a20a8c5a892b3c8430ca7220bc63db2 Size/MD5: 126156 ea95db2df50d9f137275469432910842 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 887750 c70c686dc96f7a5547c1cf939ea626b9 Size/MD5: 150824 546f52a53791e3a44fdae0293d78d080 Size/MD5: 99992 1f82cc8a707be782b8b3623a2a30d2a0 Size/MD5: 77194 57a86191b129e9c60f4f5e0ffed35ed4 Size/MD5: 72624 5db5fc73d13ef2bd0bd12a80c2b669bb Size/MD5: 192226 96f6381f715a48adb0156284a2223557 Size/MD5: 222642 504648be023c785a04dfe31dcdfaaefb Size/MD5: 668420 921ee6ea28a62923165a8cf87c1622f2 Size/MD5: 120810 7c7e13333ebe08073abb4710c4a9f099 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 1002786 1c46248afa94284010ac5daa334d43e9 Size/MD5: 164644 29e8078846a11f2d12174dbd872e83d9 Size/MD5: 107234 365cf643e23903030cae6880588d2b7c Size/MD5: 80342 9634f1bfe2a4cde7c152fdac76685543 Size/MD5: 76274 798ae4b1d979c7642e2787b70259dbd2 Size/MD5: 199714 53263cd38c21765c26a05e70a426a7c1 Size/MD5: 237476 14d5cd94174f18b8e259ce5e0f779c90 Size/MD5: 731936 8d2ec89577996f1eb59f9ff7244b6cad Size/MD5: 140950 bf182dfc409e019bb5ffca4ff2634d0f sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 909068 8a4ee1a80d72d85e737890131681856d Size/MD5: 152650 a960888b356cc960fabd81c02999d07b Size/MD5: 99742 d2c0a0bc2f77ef6ff9bf7f4b674b839e Size/MD5: 76572 9e1fa37614689d4405c06df82d3f1d7c Size/MD5: 71402 899a55baf17544b1e8292fbb63d7add0 Size/MD5: 191520 415742ac6a85abdc83b5a38586221a8c Size/MD5: 226664 4c5e9f6ebd1f9ba69e3601061c9250ec Size/MD5: 674686 d0fc296b66c0ad46c1443b1b3e095591 Size/MD5: 120574 ec55678f1644c1aec68d31d2662cfe92 . Uncover the significant security flaw in Poppler on Ubuntu that allows remote code execution via harmful PDF files. Ensure you update immediately!. poppler Vulnerability, Remote Code Execution, Ubuntu Security, PDF Exploit. . Severity: Critical. LinuxSecurity.com Team
Apr 17, 2008
•Critical
Ubuntu
87
security advisorycriticalcode executionDebian: DSA-1548-1 Critical: xpdf Code Execution Risk Advisory
Xpdf's handling of embedded fonts lacks sufficient validation and type checking. If a maliciously-crafted PDF file is opened, the vulnerability may allow the execution of arbitrary code with the privileges of the user running xpdf.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1548-1
Apr 17, 2008
•Critical
Debian
91
security advisorygentoocode executionGentoo: GLSA-200411-30 Normal: pdftohtml Code Execution Risk
pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: pdftohtml: Vulnerabilities in included Xpdf Date: November 23, 2004 Bugs: #69019 ID: 200411-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file. Background ========= pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/pdftohtml = 0.36-r1 Description ========== Xpdf is vulnerable to multiple integer overflows, as described in GLSA 200410-20. Impact ===== An attacker could entice a user to convert a specially-crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running pdftohtml. Workaround ========= There is no known workaround at this time. Resolution ========= All pdftohtml users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/pdftohtml-0.36-r1" References ========= [ 1 ] GLSA 200410-20 https://security.gentoo.org/glsa/200410-20 [ 2 ] CAN-2004-0888 https://www.cve.org/CVERecord?id=CAN-2004-0888 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200411-30 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 23, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!