Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened.
825fff34785109cf16b4ef4d19fe2069bdac7502d154d456862ff55a09f80ac0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:227
https://www.mandriva.com/security/
_______________________________________________________________________
Package : poppler
Date : November 19, 2007
Affected: 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Alin Rad Pop found several flaws in how PDF files are handled
in poppler. An attacker could create a malicious PDF file that
would cause poppler to crash or potentially execute arbitrary code
when opened.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
9f040875778bb940669bd2bfdbef248c 2007.1/i586/libpoppler-qt1-0.5.4-3.3mdv2007.1.i586.rpm
804046d0a838cb3a0a5e355fb118b1bc 2007.1/i586/libpoppler-qt1-devel-0.5.4-3.3mdv2007.1.i586.rpm
dd83d0b61f2ad91ea79f314752a0f514 2007.1/i586/libpoppler-qt4-1-0.5.4-3.3mdv2007.1.i586.rpm
05d0deb14ec5dad80d8d400756b3d183 2007.1/i586/libpoppler-qt4-1-devel-0.5.4-3.3mdv2007.1.i586.rpm
a23fb37129c8756e353fe47be6d6a8be 2007.1/i586/libpoppler1-0.5.4-3.3mdv2007.1.i586.rpm
6db198b349d7ebe355d809732ddb21bb 2007.1/i586/libpoppler1-devel-0.5.4-3.3mdv2007.1.i586.rpm
3e280873492799bebdec28872351052e 2007.1/i586/poppler-0.5.4-3.3mdv2007.1.i586.rpm
40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-3.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
b49094eb08c809397081d357f7251166 2007.1/x86_64/lib64poppler-qt1-0.5.4-3.3mdv2007.1.x86_64.rpm
e6f52d8bb5d9f84458ae6892cd7800da 2007.1/x86_64/lib64poppler-qt1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
4d08d7343c94a016928cef93490af098 2007.1/x86_64/lib64poppler-qt4-1-0.5.4-3.3mdv2007.1.x86_64.rpm
b0f8d4b4c5f1917c61687900a119e685 2007.1/x86_64/lib64poppler-qt4-1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
0955492bd1319fdc2e74c2528994e2bc 2007.1/x86_64/lib64poppler1-0.5.4-3.3mdv2007.1.x86_64.rpm
f918b50ec88a2aca954c156c33c605e8 2007.1/x86_64/lib64poppler1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
24fdcc57f5c7481e6732f45e43e49d51 2007.1/x86_64/poppler-0.5.4-3.3mdv2007.1.x86_64.rpm
40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-3.3mdv2007.1.src.rpm
Mandriva Linux 2008.0:
840730bb310636d43a3d07a6d4d4f281 2008.0/i586/libpoppler-devel-0.6-3.1mdv2008.0.i586.rpm
9d6109683ae8729ad549c56d2f8998c1 2008.0/i586/libpoppler-glib-devel-0.6-3.1mdv2008.0.i586.rpm
b69e7e912fe2f532c5a9ed7c3687eb42 2008.0/i586/libpoppler-glib2-0.6-3.1mdv2008.0.i586.rpm
cea89e4b36cbe99060e3568038474078 2008.0/i586/libpoppler-qt-devel-0.6-3.1mdv2008.0.i586.rpm
64a459904bf417570e4f2b8e0d550c77 2008.0/i586/libpoppler-qt2-0.6-3.1mdv2008.0.i586.rpm
5d1c9970275811b934599f95b5264d7d 2008.0/i586/libpoppler-qt4-2-0.6-3.1mdv2008.0.i586.rpm
7bbfdb4209d40f503bedc8e10e4687df 2008.0/i586/libpoppler-qt4-devel-0.6-3.1mdv2008.0.i586.rpm
812e34a9b25b4e28169bf84804da8325 2008.0/i586/libpoppler2-0.6-3.1mdv2008.0.i586.rpm
57380d8dcef7e2b404ed6a7571969bfe 2008.0/i586/poppler-0.6-3.1mdv2008.0.i586.rpm
697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-3.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
f64a05a64b742ac4a40a07b8c43b9545 2008.0/x86_64/lib64poppler-devel-0.6-3.1mdv2008.0.x86_64.rpm
5d9963749a1315a570e9a70783c078da 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.1mdv2008.0.x86_64.rpm
8d62d129c9279da1ed306a02785d5a7f 2008.0/x86_64/lib64poppler-glib2-0.6-3.1mdv2008.0.x86_64.rpm
f844c25e098d3b295cba161a07795b36 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.1mdv2008.0.x86_64.rpm
5bfdd34b678a33aeebeec9dc7b0d0dd7 2008.0/x86_64/lib64poppler-qt2-0.6-3.1mdv2008.0.x86_64.rpm
83334372f43c893ca9afdaefdd7b90d0 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.1mdv2008.0.x86_64.rpm
82099121bfc50561cb3a175d9d31152b 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.1mdv2008.0.x86_64.rpm
59a614072521db19cd3b502e6d49959a 2008.0/x86_64/lib64poppler2-0.6-3.1mdv2008.0.x86_64.rpm
0a5a8795e93dc014c5f07e2ab6e73393 2008.0/x86_64/poppler-0.6-3.1mdv2008.0.x86_64.rpm
697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-3.1mdv2008.0.src.rpm
Corporate 4.0:
86be8a80003ab4c7a36905eac276dbf6 corporate/4.0/i586/libpoppler-qt0-0.4.1-3.6.20060mlcs4.i586.rpm
32bae8fecaa6ec4e2b1e7e68458f889b corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.6.20060mlcs4.i586.rpm
e9aefa230a3c897361330d91583eb4b9 corporate/4.0/i586/libpoppler0-0.4.1-3.6.20060mlcs4.i586.rpm
280a9f7aea1b3766864996d5969e69ea corporate/4.0/i586/libpoppler0-devel-0.4.1-3.6.20060mlcs4.i586.rpm
aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-0.4.1-3.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
62f84dc6ac78997484c76c0e34c74063 corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.6.20060mlcs4.x86_64.rpm
5fda381aed07c4eaa47f48d7187449ee corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.6.20060mlcs4.x86_64.rpm
6abf5b15ba6ffa847dde37a2d0f049d0 corporate/4.0/x86_64/lib64poppler0-0.4.1-3.6.20060mlcs4.x86_64.rpm
bcbad9d141f0b9615740d5f027a24699 corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.6.20060mlcs4.x86_64.rpm
aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-0.4.1-3.6.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHQhenmqjQ0CJFipgRAl9SAJ9gU0uhZwFvHZ9tF4z8F15VUgUfNwCgjOhN
XrZ88C4TwK/FkZL+zC+zOLU=
=ehqr
-----END PGP SIGNATURE-----