Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
202
security advisoryupdateDoSopenSUSE 15.4: 2023:3983-1 Important: Poppler DoS Security Fixes
This update for poppler fixes the following issues: CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422).. # Security update for poppler Announcement ID: SUSE-SU-2023:3983-1 Rating: important References: * #1214257 * #1214618 * #1214621 * #1214622 * #1215422 Cross-References: * CVE-2020-23804 * CVE-2020-36024 * CVE-2022-37050 * CVE-2022-37051 * CVE-2022-38349 CVSS scores: * CVE-2020-23804 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-23804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36024 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-38349 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-38349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves five vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422). * CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` (bsc#1214257). * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). * CVE-2022-37051: Fixed abort inmain() in pdfunite.cc (bsc#1214621). * CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3983=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3983=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3983=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3983=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-0.62.0-150000.4.25.2 * libpoppler73-32bit-debuginfo-0.62.0-150000.4.25.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libpoppler-devel-0.62.0-150000.4.25.2 * libpoppler-glib8-0.62.0-150000.4.25.2 * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.25.2 * poppler-tools-0.62.0-150000.4.25.2 * libpoppler-glib-devel-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * poppler-tools-debuginfo-0.62.0-150000.4.25.2 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.25.2 * libpoppler-glib8-debuginfo-0.62.0-150000.4.25.2 * poppler-debugsource-0.62.0-150000.4.25.2 * libpoppler-cpp0-0.62.0-150000.4.25.2 * SUSE Linux Enterprise Server 15SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libpoppler-devel-0.62.0-150000.4.25.2 * libpoppler-glib8-0.62.0-150000.4.25.2 * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.25.2 * poppler-tools-0.62.0-150000.4.25.2 * libpoppler-glib-devel-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * poppler-tools-debuginfo-0.62.0-150000.4.25.2 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.25.2 * libpoppler-glib8-debuginfo-0.62.0-150000.4.25.2 * poppler-debugsource-0.62.0-150000.4.25.2 * libpoppler-cpp0-0.62.0-150000.4.25.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libpoppler-devel-0.62.0-150000.4.25.2 * libpoppler-glib8-0.62.0-150000.4.25.2 * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.25.2 * poppler-tools-0.62.0-150000.4.25.2 * libpoppler-glib-devel-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * poppler-tools-debuginfo-0.62.0-150000.4.25.2 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.25.2 * libpoppler-glib8-debuginfo-0.62.0-150000.4.25.2 * poppler-debugsource-0.62.0-150000.4.25.2 * libpoppler-cpp0-0.62.0-150000.4.25.2 * SUSE CaaS Platform 4.0 (x86_64) * libpoppler-devel-0.62.0-150000.4.25.2 * libpoppler-glib8-0.62.0-150000.4.25.2 * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.25.2 * poppler-tools-0.62.0-150000.4.25.2 * libpoppler-glib-devel-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * poppler-tools-debuginfo-0.62.0-150000.4.25.2 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.25.2 * libpoppler-glib8-debuginfo-0.62.0-150000.4.25.2 * poppler-debugsource-0.62.0-150000.4.25.2 * libpoppler-cpp0-0.62.0-150000.4.25.2 ## References: * https://www.suse.com/security/cve/CVE-2020-23804.html * https://www.suse.com/security/cve/CVE-2020-36024.html *https://www.suse.com/security/cve/CVE-2022-37050.html * https://www.suse.com/security/cve/CVE-2022-37051.html * https://www.suse.com/security/cve/CVE-2022-38349.html * https://bugzilla.suse.com/show_bug.cgi?id=1214257 * https://bugzilla.suse.com/show_bug.cgi?id=1214618 * https://bugzilla.suse.com/show_bug.cgi?id=1214621 * https://bugzilla.suse.com/show_bug.cgi?id=1214622 * https://bugzilla.suse.com/show_bug.cgi?id=1215422 . The latest poppler update resolves several vulnerabilities, notably addressing denial of service threats and mitigating uncontrolled recursion in the handling of PDF files.. Poppler Security, Security Updates, OpenSUSE Advisory. . Severity: Important. LinuxSecurity.com Team
Oct 05, 2023
•Important
OpenSUSE
91
security advisorygentoocode executionGentoo: GLSA-202101-36 Normal: ImageMagick Command Injection Threat
A vulnerability in ImageMagick's handling of PDF was discovered possibly allowing code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ImageMagick: Command injection Date: January 29, 2021 Bugs: #756829 ID: 202101-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in ImageMagick's handling of PDF was discovered possibly allowing code execution. Background ========= A collection of tools and libraries for many image formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/imagemagick < 6.9.11.41-r1 > = 6.9.11.41-r1 < 7.0.10.41-r1 > = 7.0.10.41-r1 Description ========== A flaw in ImageMagick's handling of password protected PDFs was discovered. Impact ===== A remote attacker could entice a user to open a specially crafted PDF using ImageMagick possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= Do not open untrusted PDFs. Resolution ========= All ImageMagick 7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =media-gfx/imagemagick-7.0.10.41-r1" All ImageMagick 6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =media-gfx/imagemagick-6.9.11.41-r1" References ========= [ 1 ] CVE-2020-29599 https://nvd.nist.gov/vuln/detail/CVE-2020-29599 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-36 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 28, 2021
Gentoo
203
security advisorydenial of serviceapplication crashMageia 2020-0234 High Severity: Security Issue in Libarchive Detected
The updated poppler packages fix security vulnerabilities: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in . MGASA-2019-0117 - Updated poppler packages fix security vulnerabilities Publication date: 29 Mar 2019 URL: https://advisories.mageia.org/MGASA-2019-0117.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-20662, CVE-2019-9200 The updated poppler packages fix security vulnerabilities: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662) A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. (CVE-2019-9200) References: - https://bugs.mageia.org/show_bug.cgi?id=24495 - https://ubuntu.com/security/notices/USN-3905-1 - https://www.cve.org/CVERecord?id=CVE-2018-20662 - https://www.cve.org/CVERecord?id=CVE-2019-9200 SRPMS: - 6/core/poppler-0.52.0-3.12.mga6 . Enhanced poppler distributions in Mageia rectify vulnerabilities leading to service interruptions during PDF processing.. poppler security, denial of service, mageia, pdf flaws, security updates. . LinuxSecurity.com Team
Mar 29, 2019
Mageia
89
security advisoryfedoracritical updateFedora 22: FEDORA-2015-10459 Critical: Cups-x2go Enhancement Update
* New upstream version (3.0.1.2): - cups-x2go{,.conf}: port to File::Temp. Use Text::ParseWords to split up the ps2pdf command line correctly. Don't use system() but IPC::Open2::open2(). Capture the ps2pdf program's stdout and write it to the temporary file handle "manually". Should fix problems reported by Jan Bi on IRC. - cups-x2go: fix commented out second ps2pdf definition to output PDF da [More...]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-10459 2015-06-22 04:41:29 -------------------------------------------------------------------------------- Name : cups-x2go Product : Fedora 22 Version : 3.0.1.3 Release : 1.fc22 URL : https://wiki.x2go.org/doku.php Summary : CUPS backend for printing from X2Go Description : X2Go is a server based computing environment with - session resuming - low bandwidth support - session brokerage support - client side mass storage mounting support - audio support - authentication by smartcard and USB stick CUPS backend for printing from X2Go. -------------------------------------------------------------------------------- Update Information: * New upstream version (3.0.1.2): - cups-x2go{,.conf}: port to File::Temp. Use Text::ParseWords to split up the ps2pdf command line correctly. Don't use system() but IPC::Open2::open2(). Capture the ps2pdf program's stdout and write it to the temporary file handle "manually". Should fix problems reported by Jan Bi on IRC. - cups-x2go: fix commented out second ps2pdf definition to output PDF data to stdout. * New upstream version (3.0.1.3): - cups-x2go: import tempfile() function from File::Temp module. - cups-x2go: only repeat the last X, not the whole ".pdfX" string (or the like.) - cups-x2go: actually print "real" executed command instead of the "original" one with placeholders. - cups-x2go: read output from ghostscript, don't write a filehandle to the temporaryfile. Fixes a hanging ghostscript call and... well... random junk, instead of a "real" PDF file. - cups-x2go: use parentheses around function arguments. - cups-x2go: fix binmode() call, :raw layer is implicit. - cups-x2go: fix print call... Does not allow to separate parameters with a comma. - cups-x2go: add correct :raw layer to binmode calls. - cups-x2go: fix tiny typo. - cups-x2go: read data from GS and STDIN in chunks of 8 kbytes, instead of everything at once. Handles large print jobs gracefully. - cups-x2go: add parentheses to close() calls. - cups-x2go: delete PDF and title temporary files automatically. - cups-x2go: unlink PS temporary file on-demand in END block. Also move closelog to END block, because we want to print diagnosis messages in the END block. - cups-x2go: don't use unlink() explicitly. Trust File::Temp and our END block to clean up correctly. - cups-x2go: there is no continue in perl for stepping forward a loop. Still not. I keep forgetting that. Use next. (Partly) Fixes: #887. - cups-x2go: use the same temp file template for PS, PDF and title files. Use appropriate suffixes if necessary when generating PDF and title temp files. (Fully) Fixes: #887. Update to 3.0.1.1: - Add a short README that provides some getting started information. Update to 3.0.1.1: - Add a short README that provides some getting started information. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 19 2015 Orion Poplawski - 3.0.1.3-1 - Update to 3.0.1.3 * Wed Jun 17 2015 Fedora Release Engineering - 3.0.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Wed Feb 11 2015 Orion Poplawski - 3.0.1.1-1 - Update to 3.0.1.1 - Require openssh-clients -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cups-x2go' at the command line. For more information, refer to"Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jun 30, 2015
•Critical
Fedora
200
security advisorycode executionxpdfScientific Linux: CVE-2007-4352 Critical xpdf Security Advisory
Important: xpdf security update. Date: Wed, 7 Nov 2007 17:08:55 -0600 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA for xpdf on SL4.x i386/x86_64 Comments: To: scientific Synopsis: Important: xpdf security update CVE Names: CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Problem description: Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) SL4.x SRPMS: xpdf-3.00-14.el4.src.rpm i386: xpdf-3.00-14.el4.i386.rpm x86_64: xpdf-3.00-14.el4.x86_64.rpm -Connie Sieh . Important xpdf security update for Scientific Linux SL4.x aimed at mitigating potential vulnerabilities that could allow arbitrary code execution via malicious PDF files.. xpdf security update, Scientific Linux vulnerabilities, PDF exploit risks, code execution threat, SL4.x advisory. . Severity: Critical. LinuxSecurity.com Team
Nov 07, 2007
•Critical
Scientific Linux
98
security advisoryupdatered hatRed Hat RHEL 5: RHSA-2007:0732-01 Important Poppler Integer Overflow
Updated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5. This update has been rated as having important secur Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. ity impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: poppler security update Advisory ID: RHSA-2007:0732-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0732.html Issue date: 2007-07-30 Updated on: 2007-07-30 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3387 - ---------------------------------------------------------------------1. Summary: Updated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Poppler is a PDF rendering library, used by applications such as evince. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of poppler should upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to yoursystem have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bug IDs fixed (http://bugzilla.redhat.com/): 248194 - CVE-2007-3387 xpdf integer overflow 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: 2748243d5dab417ee98c0ff3b56c48bc poppler-0.5.4-4.1.el5.src.rpm i386: 0b1a924d41c486698fb0ef170e3bea98 poppler-0.5.4-4.1.el5.i386.rpm 74075e576f12700d58e0efc1acf9ee4f poppler-debuginfo-0.5.4-4.1.el5.i386.rpm 30690d55d19c44b300b6d4288b9b5e03 poppler-utils-0.5.4-4.1.el5.i386.rpm x86_64: 0b1a924d41c486698fb0ef170e3bea98 poppler-0.5.4-4.1.el5.i386.rpm 06c6b81657b4dfa4c16547af8eb5d917 poppler-0.5.4-4.1.el5.x86_64.rpm 74075e576f12700d58e0efc1acf9ee4f poppler-debuginfo-0.5.4-4.1.el5.i386.rpm 28870bd89ae8634f40c82347378191fc poppler-debuginfo-0.5.4-4.1.el5.x86_64.rpm d5217710ebb25c47aad59758cf11bdfa poppler-utils-0.5.4-4.1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: 2748243d5dab417ee98c0ff3b56c48bc poppler-0.5.4-4.1.el5.src.rpm i386: 74075e576f12700d58e0efc1acf9ee4f poppler-debuginfo-0.5.4-4.1.el5.i386.rpm 3a0a155e5d530f15b12d1508ab88cef0 poppler-devel-0.5.4-4.1.el5.i386.rpm x86_64: 74075e576f12700d58e0efc1acf9ee4f poppler-debuginfo-0.5.4-4.1.el5.i386.rpm 28870bd89ae8634f40c82347378191fc poppler-debuginfo-0.5.4-4.1.el5.x86_64.rpm 3a0a155e5d530f15b12d1508ab88cef0 poppler-devel-0.5.4-4.1.el5.i386.rpm ddc147c33c2e9c581ee2c7bba3e44596 poppler-devel-0.5.4-4.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: 2748243d5dab417ee98c0ff3b56c48bc poppler-0.5.4-4.1.el5.src.rpm i386: 0b1a924d41c486698fb0ef170e3bea98 poppler-0.5.4-4.1.el5.i386.rpm 74075e576f12700d58e0efc1acf9ee4f poppler-debuginfo-0.5.4-4.1.el5.i386.rpm 3a0a155e5d530f15b12d1508ab88cef0 poppler-devel-0.5.4-4.1.el5.i386.rpm 30690d55d19c44b300b6d4288b9b5e03 poppler-utils-0.5.4-4.1.el5.i386.rpm ia64: 1d4f3f5ce403009575c2223ac3e708c8 poppler-0.5.4-4.1.el5.ia64.rpm 32fd4de6a79bfb319a8c181fe91b2775 poppler-debuginfo-0.5.4-4.1.el5.ia64.rpm 37de0141d0a978228886827686dfb034 poppler-devel-0.5.4-4.1.el5.ia64.rpm 4045e010707c2519a23e41bf081e8e5d poppler-utils-0.5.4-4.1.el5.ia64.rpm ppc: 6df67cdf707e8dcef58f2b66def0646e poppler-0.5.4-4.1.el5.ppc.rpm 676a4b1f1f25d2c5c0d72787ab2009e1 poppler-0.5.4-4.1.el5.ppc64.rpm 2cd14c9cebddc06476dff73c9b9fe35a poppler-debuginfo-0.5.4-4.1.el5.ppc.rpm feee81e8d354a9a8fb5c6c3754447f19 poppler-debuginfo-0.5.4-4.1.el5.ppc64.rpm 499d52521dfca164baedb43fc6856e83 poppler-devel-0.5.4-4.1.el5.ppc.rpm 7b128c68da3c46627c852f2e779423e2 poppler-devel-0.5.4-4.1.el5.ppc64.rpm a364ec9dff6e8c7d323d095a645b818c poppler-utils-0.5.4-4.1.el5.ppc.rpm s390x: 8c8a8e7fce73cf301d6a29b59ec7ebea poppler-0.5.4-4.1.el5.s390.rpm 16c42b5003fc1421ee4cb85fb4b02326 poppler-0.5.4-4.1.el5.s390x.rpm 819258ccfb8f51469d39073c7d318884 poppler-debuginfo-0.5.4-4.1.el5.s390.rpm 7af0f5f23d03cdd5b3cfe2437ba2e685 poppler-debuginfo-0.5.4-4.1.el5.s390x.rpm 1bbce665e57d59247b5aa335d892fa5c poppler-devel-0.5.4-4.1.el5.s390.rpm ac5cbd1c7966ee9871a83859f77172fd poppler-devel-0.5.4-4.1.el5.s390x.rpm 8b54d4827349fcbd1deb375eab436a50 poppler-utils-0.5.4-4.1.el5.s390x.rpm x86_64: 0b1a924d41c486698fb0ef170e3bea98 poppler-0.5.4-4.1.el5.i386.rpm 06c6b81657b4dfa4c16547af8eb5d917 poppler-0.5.4-4.1.el5.x86_64.rpm 74075e576f12700d58e0efc1acf9ee4f poppler-debuginfo-0.5.4-4.1.el5.i386.rpm 28870bd89ae8634f40c82347378191fc poppler-debuginfo-0.5.4-4.1.el5.x86_64.rpm 3a0a155e5d530f15b12d1508ab88cef0 poppler-devel-0.5.4-4.1.el5.i386.rpm ddc147c33c2e9c581ee2c7bba3e44596 poppler-devel-0.5.4-4.1.el5.x86_64.rpm d5217710ebb25c47aad59758cf11bdfa poppler-utils-0.5.4-4.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://www.cve.org/CVERecord?id=CVE-2007-3387 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2007 Red Hat, Inc. . Crucial Oracle notification regarding the ImageMagick update highlights buffer overflow vulnerabilities in image handling on Solaris 11 platforms.. Poppler Update, RHEL 5 Security, Integer Overflow, PDF Security Risk, Red Hat Advisory. . Severity: Important. LinuxSecurity.com Team
Jul 30, 2007
•Important
Red Hat
98
security advisoryRed Hat Enterprise Linuxsoftware upgradeRed Hat: RHSA-2007:0729-01 Important: kpdf Integer Overflow Risk
Updated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5.Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kdegraphics security update Advisory ID: RHSA-2007:0729-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0729.html Issue date: 2007-07-30 Updated on: 2007-07-30 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3387 - ---------------------------------------------------------------------1. Summary: Updated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of kdegraphics should upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bug IDs fixed (http://bugzilla.redhat.com/): 248194 - CVE-2007-3387 xpdf integer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm i386: 88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm 178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm ia64: b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm 3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm ppc: edab6a600164ee482d1d55171120c07b kdegraphics-3.3.1-4.RHEL4.ppc.rpm aad60b90f597ca5ecec87623632170b5 kdegraphics-debuginfo-3.3.1-4.RHEL4.ppc.rpm ca631d25d2471b473a33bde34f13d405 kdegraphics-devel-3.3.1-4.RHEL4.ppc.rpm s390: 2cf1fe87e50f7f480ac2321e47adf907 kdegraphics-3.3.1-4.RHEL4.s390.rpm de54109ab25d76ed7c9d1f7cd52b0403 kdegraphics-debuginfo-3.3.1-4.RHEL4.s390.rpm ff1a5a0c545d4118f6aee59aaa3d57dc kdegraphics-devel-3.3.1-4.RHEL4.s390.rpm s390x: 8eed01e12376df9e2f924338882e1e5a kdegraphics-3.3.1-4.RHEL4.s390x.rpm 450052f389766b6d58ce89fb5dac30cd kdegraphics-debuginfo-3.3.1-4.RHEL4.s390x.rpm 9361e2e1aac6fa7974e164a7a57c9688 kdegraphics-devel-3.3.1-4.RHEL4.s390x.rpm x86_64: ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm i386: 88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm 178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm x86_64: ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm i386: 88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm 178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm ia64: b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm 3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm x86_64: ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: b78ba0835fce93f721febd51318c1db6 kdegraphics-3.3.1-4.RHEL4.src.rpm i386: 88544438bb972a546c374cbcb53f8956 kdegraphics-3.3.1-4.RHEL4.i386.rpm c31a8d43003c21828dc3f563e0a5ebe8 kdegraphics-debuginfo-3.3.1-4.RHEL4.i386.rpm 178baf61f8c682d2ba9d9031afa23657 kdegraphics-devel-3.3.1-4.RHEL4.i386.rpm ia64: b114dcd33743deb25c856ea3cf7b545a kdegraphics-3.3.1-4.RHEL4.ia64.rpm db486d94a2d8800f792547c2d2200ceb kdegraphics-debuginfo-3.3.1-4.RHEL4.ia64.rpm 3381a1ff9e438b77d4905f9803c05b42 kdegraphics-devel-3.3.1-4.RHEL4.ia64.rpm x86_64: ca58ec39be68af1a6cacb443a3fc5615 kdegraphics-3.3.1-4.RHEL4.x86_64.rpm afb42e97c91596ee5994a2d127768450 kdegraphics-debuginfo-3.3.1-4.RHEL4.x86_64.rpm da78236e6660e3bf558f923aa3bb59f9 kdegraphics-devel-3.3.1-4.RHEL4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: 449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm i386: 26f52902c9f59744d25620f281eb47b8 kdegraphics-3.5.4-2.el5.i386.rpm 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm x86_64: f3c5a0c8328efe296bfaa1841fafca7b kdegraphics-3.5.4-2.el5.x86_64.rpm 6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: 449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm i386: 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm x86_64: 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm 72a9c49a87f2fc072084cb51c4c7caea kdegraphics-devel-3.5.4-2.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: 449672b607d1b707bdc3bab763b4828e kdegraphics-3.5.4-2.el5.src.rpm i386: 26f52902c9f59744d25620f281eb47b8 kdegraphics-3.5.4-2.el5.i386.rpm 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm x86_64: f3c5a0c8328efe296bfaa1841fafca7b kdegraphics-3.5.4-2.el5.x86_64.rpm 82f829719f108b1046f7e1f03e282c75 kdegraphics-debuginfo-3.5.4-2.el5.i386.rpm 6394160b918675dc57f5fb91e3a43f3c kdegraphics-debuginfo-3.5.4-2.el5.x86_64.rpm 98ce8d56bf736e4fea3489797ff7f349 kdegraphics-devel-3.5.4-2.el5.i386.rpm 72a9c49a87f2fc072084cb51c4c7caea kdegraphics-devel-3.5.4-2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2007-3387 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2007 Red Hat, Inc. . Critical news regarding kdegraphics tackles buffer overflow vulnerabilities in PDF processing for Red Hat platforms. Ensure you update immediately for enhanced protection.. kdegraphics Update, Red Hat Security Advisory, PDF Security, Software Upgrade. . Severity: Important. LinuxSecurity.com Team
Jul 30, 2007
•Important
Red Hat
89
security advisoryfedoracriticalFedora Core 4: Security Advisory for Poppler Remote Exec Threat
Chris Evans discovered several flaws in the way poppler processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. . ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-026 2006-01-10 ---------------------------------------------------------------------Product : Fedora Core 4 Name : poppler Version : 0.4.4 Release : 1.1 Summary : PDF rendering library Description : Poppler, a PDF rendering library, it's a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. ---------------------------------------------------------------------Update Information: Chris Evans discovered several flaws in the way poppler processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. ---------------------------------------------------------------------* Tue Jan 10 2006 Kristian Høgsberg 0.4.4-1.1 - Update to 0.4.4 release and drop poppler-0.4.3-CVE-2005-3191.patch. ---------------------------------------------------------------------This update can be downloaded from: 3690ab8e7d8e717f6fe2580a81738c579996357f SRPMS/poppler-0.4.4-1.1.src.rpm 1597b8461a8bd1972aee62d4e1b2027dcf2bbc42 ppc/poppler-0.4.4-1.1.ppc.rpm 363d5fcff948292d5f60663309df7bd147ddb7e7 ppc/poppler-devel-0.4.4-1.1.ppc.rpm e372992802a3e1867dcbab31e4a69720065809c8 ppc/debug/poppler-debuginfo-0.4.4-1.1.ppc.rpm 6c30672e65b4f257812f0a6c1e4443aa8354e687 x86_64/poppler-0.4.4-1.1.x86_64.rpm 9ad63986347bb0de8cadb1fca0df69d865cbef4a x86_64/poppler-devel-0.4.4-1.1.x86_64.rpm ed87f5deb75bcef2cfe15d2ea5a33991eb4227cb x86_64/debug/poppler-debuginfo-0.4.4-1.1.x86_64.rpm 1571c13ca07473bf880dad9712c2505fdf7d4e71 i386/poppler-0.4.4-1.1.i386.rpm 798f241bcec802e7d0c6ef09aebdaebd4f112d9c i386/poppler-devel-0.4.4-1.1.i386.rpm 2f18e087f3eb11a56204ef3caaedba900ba86eb9 i386/debug/poppler-debuginfo-0.4.4-1.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ----------------------------------------------------------------------- fedora-announce-list mailing list
Jan 27, 2006
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!