linux.debian.announce.security
[Top] [All Lists]
<prev [Date] next>
Google
 
<prev [Thread] next>

[SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code

from [Steve Kemp]
Subject: [SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code
From: Steve Kemp <skx@xxxxxxxxxx>
Date: Wed, 09 Jul 2008 20:00:14 +0200
Newsgroups: linux.debian.announce.security 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1606-1                  security@xxxxxxxxxx
http://www.debian.org/security/                               Steve Kemp
July 09, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : poppler
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE 2008-1693
Debian Bug     : 476842

It was discovered that poppler, a PDF rendering library, did not 
properly handle embedded fonts in PDF files, allowing attackers to
execute arbitrary code via a crafted font object.

For the stable distribution (etch), this problem has been fixed in version
0.4.5-5.1etch3.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.0-1.

We recommend that you upgrade your poppler package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.dsc
    Size/MD5 checksum:      757 1560882fd2916cf690dfab5b36caf393
  
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.diff.gz
    Size/MD5 checksum:   484328 8f9c696fb31d332b65515d263b9b29da
  
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
    Size/MD5 checksum:   783752 2bb1c75aa3f9c42f0ba48b5492e6d32c

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    30352 3a20e8e3a5f60e0c8a676a290e858a61
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    43058 9bb013f968577d9320de44b82e7fd1f1
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:   772710 d2b3b2490771162ac139f5246e85b231
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    86580 c396dba838001d108bf56d477f08cd4b
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    34056 5f12b52c57a11f9881e433bb9710acaa
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    55052 fd976b4ba5a06387095fd5ab0eb1ddd3
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:   504476 19e19093f81f966f0e8e2da723f8e07b

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:   613694 30e519a2a6a52073527556f7be56e368
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    30656 879a9f7b40b84395dec8667fbaed7a30
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    46070 3fca3fa3a27cd8591e3b654e0063d818
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    41768 0e876f9dde8c94548fb5a5f973d4d1fb
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:   456526 1aa5b6834c6605b9c0c89d76c527b085
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    29706 252693ce004ebe4da029cb8cac60c8ad
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    83614 4f3e6d766e655a6a6e48ce379853e720

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    40176 c220cbc637a1898a24f3d6facf2334b5
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    81782 513ca3c03a1d48caa5ab2ddd4ada7aed
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:   438142 f4b166156f43a8715d2cc8b27c621e53
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    44736 ae0bddb8502ebb76a4f9624dcac81604
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    29436 d43e6939e318a65c9c8e0c16cb02bd38
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    30426 0967f5e7fa741c8cf026ffb763ff014e
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:   594928 dac70571d0ad3f9a909198b26a28faa4

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:   540242 df8ce9c4c3a169f9be4e3926d994eee6
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    45668 74f74bfe2617742ead80785c9e11cbad
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    87808 41b1e8124adc89510682a7583c76923c
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    50304 a811b4590c717572d0e531b1c818f5a4
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    31084 357259aca7b21fa7971c9f884fb43726
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:   713728 a90e1e548048facb915ce56eccada131
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    31838 38bdf2ce3f6f7f5131d15d4b8a609630

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    41398 6e9efb137e66dfd94845df3317e21fd1
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:   577624 0fdd4127669e2a47670cb4047f9cd21d
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    30342 681d77159be64f8285d2292fa718ccc2
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    29758 790a89e5646fcaf5ffa5209fa17540d2
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    44856 09726e0b4b94ac65ad12d70ea485469f
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    80810 8b155f09a771e3ed179a973a7a7d06e4
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:   443684 817175329a0cfead2f00c128ad8f55f8

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:   613198 31d755b29e5623ee0ece5795bee720cc
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:    32206 aa89439c77d7ef337971944ee621b064
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:    54842 36132f7b438eac1b793cc7ba7c1a740a
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:    33788 0603447588cfbffd6969596a06f7ad57
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:   105274 679fe2ab7f9cc54b7e86b7b02c1f6eb7
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:   808860 774cbfee74f2b356689996d27c79bcb3
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:    47804 a1e68d3e0dc53644c5441fb7c1b03a64

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    50294 8598301860f891c34b5028950926e23c
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:   457928 b27722d07d500b168c8ac57e84c24d7c
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    41816 dd3ce7ee3f109ea7b391bebe67631708
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:   674736 3d4f077c3a79d1b1adb6ad5a2c79c8fc
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    31980 f170e8066e739f995a6bc7af43f22fde
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    86668 d8d6c0f593dbcf10984a171a77f36c77
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    29582 97643d32f0109d0a692b13942f48e413

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    89292 cd9cf091a64c2e3f98b07fcb82d8f850
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:   472336 2b6b5805523bda347c3a01473b068327
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    48130 eacfcf656af6fbc9c16cff979b37e75e
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    31438 b132335b02f73e42de78e173cbcbbfb6
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    31406 a091098584a0686afc4b28ae1fbf83c5
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:   651942 78df9e2410257f45d1eeb22da2ae805c
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    43162 4455826b656b6e8d5f966c470ca6ca03

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:   453844 9018dafb416a5fbb7cf6e67a98b7ca16
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    29504 e6d1179ace04c734f919a53c4ed20c85
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    46820 1e299394d64f0bf5a17dd340a41e55a0
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    80750 a61100d27837dc60ef1857b8d786fada
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    30596 8153c10261795e578b27c2ede5cc5528
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    41692 26f0d2342e4386061533faa2a55f5de3
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:   621930 27d8f7cc1cd2c307285eafddc3efb70b

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:   583994 e2d0fbcc107d82d95a774ad7b24dbd43
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    78276 e75355488b436d46872686c50397ef04
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    40438 d7b939665ce01d3773e76456a310d3bc
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    30616 96c7b850564ce3c51e75e0e0241ac6a1
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    29272 aed8c46365fd59e786288d4e55298792
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:   444346 2e2b0a2a3bd75ed2d534f48ef4a1b275
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    44546 7dcf884f27b08f31306b332e817f4571


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIdPlGwM/Gs81MDZ0RAu1eAKC9rgrnj6V8Fdk6+avR6/cBNTa7JgCgrl1k
XDZxfWQ3WS/oPJn0RZAE7ls=
=T3pa
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code, Steve Kemp <=
Previous by Date:  [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver, Florian Weimer
Next by Date:  [SECURITY] [DSA 1607-1] New iceweasel packages fix several vulnerabilities, Moritz Muehlenhoff
Previous by Thread:  [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver, Florian Weimer
Next by Thread:  [SECURITY] [DSA 1607-1] New iceweasel packages fix several vulnerabilities, Moritz Muehlenhoff
Indexes:  [Date] [Thread] [Top] [All Lists]