"Ubuntu Security Notice USN-850-3 November 02, 2009
poppler vulnerabilities
CVE-2009-3603, CVE-2009-3604, CVE-2009-3607, CVE-2009-3608,
CVE-2009-3609
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
libpoppler-glib4 0.12.0-0ubuntu2.1
libpoppler5 0.12.0-0ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-850-1 fixed vulnerabilities in poppler. This update provides the
corresponding updates for Ubuntu 9.10.
Original advisory details:
It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricke=
d
into opening a crafted PDF file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program.
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0u=
buntu2.1.diff.gz
Size/MD5: 15454 48a80d636158aa98b507c85607c379c7
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0u=
buntu2.1.dsc
Size/MD5: 1692 0e33aecf9e3c097fa1a5445bf4396f91
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0.or=
ig.tar.gz
Size/MD5: 1595424 399b25d9d71ad22bc9a2a9281769c49c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.=
12.0-0ubuntu2.1_amd64.deb
Size/MD5: 1051952 700c63d275b983dba55c6abfd9c3ec21
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-d=
ev_0.12.0-0ubuntu2.1_amd64.deb
Size/MD5: 147622 8f53a579169d196b59c865e6b34579a4
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_=
0.12.0-0ubuntu2.1_amd64.deb
Size/MD5: 75084 8d5d57f163087638bd61353fba3c82b6
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev=
_0.12.0-0ubuntu2.1_amd64.deb
Size/MD5: 55886 4fb8c88e15cae8a3f2bc03a7dd564612
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.=
12.0-0ubuntu2.1_amd64.deb
Size/MD5: 26020 0b157d328ea46a5cd2a5a637563c01f8
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_=
0.12.0-0ubuntu2.1_amd64.deb
Size/MD5: 169760 e6a9de15ef88077713abb5486a419a06
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-de=
v_0.12.0-0ubuntu2.1_amd64.deb
Size/MD5: 245990 72cba1a5cdf707e7cd95c8650c976ee7
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.=
0-0ubuntu2.1_amd64.deb
Size/MD5: 757804 6e2520a2a9ba32a4f3e28e39c34fead0
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.=
0-0ubuntu2.1_amd64.deb
Size/MD5: 3352280 2674ea34101cd26e76d359e4fa1ae1d0
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.1=
2.0-0ubuntu2.1_amd64.deb
Size/MD5: 84172 d2685cf3c57bd1102c210c18f55686b5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.=
12.0-0ubuntu2.1_i386.deb
Size/MD5: 989336 23134e2af4161b817e87d114f36bbb11
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-d=
ev_0.12.0-0ubuntu2.1_i386.deb
Size/MD5: 140976 67cb2da532b6af1009b71825227266ec
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_=
0.12.0-0ubuntu2.1_i386.deb
Size/MD5: 72378 2f7c93e9da887f145de10329aba0ef98
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev=
_0.12.0-0ubuntu2.1_i386.deb
Size/MD5: 53594 71e81f0cab72a786d4be9da566f57bf5
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.=
12.0-0ubuntu2.1_i386.deb
Size/MD5: 25628 8068a8f5872026777b6e3c659b0f7f94
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_=
0.12.0-0ubuntu2.1_i386.deb
Size/MD5: 166224 f632da6ffcf74bd16ea244aa62d32cf8
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-de=
v_0.12.0-0ubuntu2.1_i386.deb
Size/MD5: 231216 73f64210ed94368602bce01cb8623e9e
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.=
0-0ubuntu2.1_i386.deb
Size/MD5: 725724 47faef2db50f38de117fe8270b75d2b4
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.=
0-0ubuntu2.1_i386.deb
Size/MD5: 3274002 0faa823f34836a3046221ea840291ac3
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.1=
2.0-0ubuntu2.1_i386.deb
Size/MD5: 80140 56f7601d98080759427904a5cda8fc1c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubun=
tu2.1_lpia.deb
Size/MD5: 1004264 ab6c2ce6fca7bc156bb79ee9098db4a6
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-=
0ubuntu2.1_lpia.deb
Size/MD5: 142336 40691b4d045114f85022295f16bb715a
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ub=
untu2.1_lpia.deb
Size/MD5: 72620 949aefc47f714cd6bf04b572cd64a422
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0u=
buntu2.1_lpia.deb
Size/MD5: 53838 b28eb49e9f317a3ff62dad035e3c18d2
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubun=
tu2.1_lpia.deb
Size/MD5: 25578 6859e69db4d7b0e849c6ba0b07ceca22
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ub=
untu2.1_lpia.deb
Size/MD5: 167256 77527ca39229b2908deac999e98feb93
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0=
ubuntu2.1_lpia.deb
Size/MD5: 236556 5b472282eb85b9fd5f3f5adfe5bd579c
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2=
.1_lpia.deb
Size/MD5: 736340 6e298d3ae22ca1e235efca71adef1e77
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2=
.1_lpia.deb
Size/MD5: 3299736 e4317c538e932ef9f349ada04c49772e
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubunt=
u2.1_lpia.deb
Size/MD5: 81398 c3c07e4d1ca4afd89026c2e94b32d489
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubun=
tu2.1_powerpc.deb
Size/MD5: 1132462 fe92b06a1afaee95aab8e9fee5172ebd
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-=
0ubuntu2.1_powerpc.deb
Size/MD5: 154828 e8656dcfca021f74ef74d3305a3777dd
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ub=
untu2.1_powerpc.deb
Size/MD5: 79136 43bec50dd396f4e408e439dcff4050ee
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0u=
buntu2.1_powerpc.deb
Size/MD5: 56918 11e2b15a48bcd8f6dd4edf1b2a3f94f6
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubun=
tu2.1_powerpc.deb
Size/MD5: 26764 3a9015b5ef5e4456d99aed94d9795b13
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ub=
untu2.1_powerpc.deb
Size/MD5: 170914 364e184c49ad48bcbcb607a754820856
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0=
ubuntu2.1_powerpc.deb
Size/MD5: 251780 c68cee53af60cfc18123960426f71ebd
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2=
.1_powerpc.deb
Size/MD5: 796134 56d908a8957794858adf9fac1f05e69d
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2=
.1_powerpc.deb
Size/MD5: 3472754 e4df589ab148c9b4e10252edbccf6d63
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubunt=
u2.1_powerpc.deb
Size/MD5: 84200 11bd5fff3480bebdf34a3f448a4e19b9
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubun=
tu2.1_sparc.deb
Size/MD5: 1024090 f0aa671a65979f05b98a68c06702577a
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-=
0ubuntu2.1_sparc.deb
Size/MD5: 145424 0fa9ac58cbd89b973d473ea8b8097168
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ub=
untu2.1_sparc.deb
Size/MD5: 73066 44ea8c81756572a26c7cf91a2a28a22e
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0u=
buntu2.1_sparc.deb
Size/MD5: 53156 2d6b94d35ccd3edf77730f19ad142965
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubun=
tu2.1_sparc.deb
Size/MD5: 24208 6a4d8c3dd160266b3626aace0eb9cb2b
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ub=
untu2.1_sparc.deb
Size/MD5: 168684 414dea9f6db5bbe8cc1e32d7ea7b1a66
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0=
ubuntu2.1_sparc.deb
Size/MD5: 244118 39b3946c546ac384cdc9552257253981
http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2=
.1_sparc.deb
Size/MD5: 749070 5f96f15d3527c3d4311d4ca3746fc5cc
http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2=
.1_sparc.deb
Size/MD5: 3243548 25690cbe96ebf2d5da437fe176fe412c
http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubunt=
u2.1_sparc.deb
Size/MD5: 80606 e56113c88e7b1144f7979e869a6f0c2f
--=-IGYwISyibKOgeTuIp34k
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkrvUzIACgkQLMAs/0C4zNoXnACdHdX1fxZOHlMmPi2FgvMs0ZDF
CnIAnioK6sBrxg5/ZHfUGQaZA27DBLEE
=vKRJ
-----END PGP SIGNATURE-----
"
USN-845-1: Pan vulnerabilitySka Legends launch Liverpool Music Week
This entry was posted
on 12:37 PM
.
Archives
-
▼
2009
(488)
-
▼
November
(49)
- RHSA-2009:1620-01 Moderate: bind security update
- RHSA-2009:1615-01 Moderate: xerces-j2 security update
- DSA 1942-1: New wireshark packages fix several vul...
- GLSA 200911-04 dstat: Untrusted search path
- GLSA 200911-06 PEAR Net_Traceroute: Command injec...
- DSA 1939-1: New libvorbis packages fix several vul...
- DSA 1941-1: New poppler packages fix several vulne...
- RHSA-2009:1601-01 Critical: kdelibs security update
- GLSA 200911-05 Wireshark: Multiple vulnerabilities
- USN-861-1: libvorbis vulnerabilities
- DSA 1938-1: New php-mail packages fix insufficient...
- DSA 1937-1: New gforge packages fix cross-site scr...
- DSA-1934-1: New apache2 packages fix several issues
- USN-859-1: OpenJDK vulnerabilities
- USN-860-1: Apache vulnerabilities
- RHSA-2009:1595-01 Moderate: cups security update
- RHSA-2009:1587-01 Important: kernel security and b...
- GLSA 200911-02 Sun JDK/JRE: Multiple vulnerabilites
- DSA 1936-1: New libgd2 packages fix several vulner...
- RHSA-2009:1588-02 Important: kernel security update
- DSA 1935-1: New gnutls23/gnutls26 packages fix SSL...
- RHSA-2009:1585-01 Moderate: samba3x security and b...
- RHSA-2009:1584-01 Important: java-1.6.0-openjdk se...
- RHSA-2009:1580-02 Moderate: httpd security update
- DSA 1933-1: New cups packages fix cross-site scrip...
- USN-858-1: OpenLDAP vulnerability
- DSA 1932-1: New pidgin packages fix arbitrary code...
- RHSA-2009:1582-01 Critical: java-1.6.0-ibm securit...
- RHSA-2009:1561-01 Important: libvorbis security up...
- RHSA-2009:1562-01 Important: tomcat security update
- USN-853-2: Firefox and Xulrunner regression
- USN-854-1: GD library vulnerabilities
- DSA 1928-1: New Linux 2.6.24 packages fix several ...
- RHSA-2009:1540-01 Important: kernel-rt security, b...
- RHSA-2009:1550-01 Important: kernel security and b...
- RHSA-2009:1541-01 Important: kernel security update
- USN-850-3: poppler vulnerabilities
- DSA 1927-1: New Linux 2.6.26 packages fix several ...
- USN-855-1: libhtml-parser-perl vulnerability
- RHSA-2009:1548-01 Important: kernel security and b...
- RHSA-2009:1530-01 Critical: firefox security update
- DSA 1924-1: New mahara packages fix several vulner...
- USN-853-1: Firefox and Xulrunner vulnerabilities
- RHSA-2009:1528-01 Moderate: samba security and bug...
- RHSA-2009:1531-01 Critical: seamonkey security update
- DSA 1922-1: New xulrunner packages fix several vul...
- DSA 1923-1: New libhtml-parser-perl packages fix d...
- RHSA-2009:1535-01 Moderate: pidgin security update
- DSA 1921-1: New expat packages fix denial of service
-
▼
November
(49)