Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: poppler vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-496-1 fixed a vulnerability in koffice. This update provides the corresponding updates for poppler, the library used for PDF handling in Gnome. Derek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor(). By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user's privileges.
Ubuntu Security Notice USN-496-2            August 07, 2007
poppler vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libpoppler1                              0.5.1-0ubuntu7.2

Ubuntu 6.10:
  libpoppler1                              0.5.4-0ubuntu4.2

Ubuntu 7.04:
  libpoppler1                              0.5.4-0ubuntu8.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-496-1 fixed a vulnerability in koffice.  This update provides the
corresponding updates for poppler, the library used for PDF handling in

Original advisory details:

 Derek Noonburg discovered an integer overflow in the Xpdf function
 StreamPredictor::StreamPredictor(). By importing a specially crafted PDF
 file into KWord, this could be exploited to run arbitrary code with the
 user's privileges.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:     9689 fd83cab364b869ead211c939f00600c8
      Size/MD5:     1725 d97c39626aa8fa19cf271c9d6adde9d6
      Size/MD5:   954930 a136cd731892f4570933034ba97c8704

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   719270 69d465f873de06c44b7b02729a645caa
      Size/MD5:    57132 52fb553e8d00a41b0cd060e4e472a1d0
      Size/MD5:    46302 5053a4394689efb866d988efba410f53
      Size/MD5:    51914 6d3c9d025a0fbdc4a68df8639b55ed98
      Size/MD5:    42524 3933ee0524a7c73145ea12eed24c0974
      Size/MD5:   536308 1da646e263fc345d8973d8f547ceb1ac
      Size/MD5:    99866 ee64cf9213680d235dc091f476c03a06

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   651382 6126b1f5dfb2e57b6f045ec2984ca862
      Size/MD5:    53836 170e8ece3dc2f8066f48c59e44052ef6
      Size/MD5:    44294 8099be233a67d2096eedffd106744cc8
      Size/MD5:    49820 8b15bafb3c8db3dd0e8673e9018e1ab2
      Size/MD5:    41412 fb47a72bcc3bc57e7ab7a9366c63a30f
      Size/MD5:   494400 8b29531d50d70e6eac672aa8b032a507
      Size/MD5:    93050 45169b5d3a7ac070d7b18b2b84effd6b

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   758382 c917bddc9440273bfd176858e3b3b474
      Size/MD5:    59126 a1f6bc920cf8503fba0312ab7f2ba5da
      Size/MD5:    46430 e057682bf00e58ac71954d8bd5da3868
      Size/MD5:    53142 f36b7d07b32037a635d81f41a88ae8a4
      Size/MD5:    43784 709aea77f79f7557d403e8e915fb0d7b
      Size/MD5:   542230 c0982391e273baab70a978536cbc8738
      Size/MD5:   104446 be80cc3eec3e0e4bf2ff2396de4444a6

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   680970 61b886e8bee5e9b684a042bb736aecd3
      Size/MD5:    55460 340a6cc62dafd2035ceec124b81d89ff
      Size/MD5:    44992 bbc6dc8040634556624b372803df4de3
      Size/MD5:    50212 4fa1229abd83b5429cc02a82c97242b9
      Size/MD5:    41258 03fdc871e90ce588a3efd59915c60d45
      Size/MD5:   507768 57bab8140e571aa1fcd910db7ca2edf1
      Size/MD5:    92452 87a1a12e1cd165dbc6ef41b0ab16c4a5

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:     9601 ecbc77e75f864d1647c8561bc25f3a57
      Size/MD5:     1557 5a87675fddc0fe39dc6eb160c79f1c3d
      Size/MD5:  1062401 053fdfd70533ecce1a06353fa945f061

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   820118 a421632d9036eb7707d53f0f4d307fae
      Size/MD5:    66046 f2bc082c1c3d4ed2dcc3e915a495cda1
      Size/MD5:    69102 d3516586010fd0739d2dbbedb321a34c
      Size/MD5:   183210 5ff535306f982f239a55924890ce31dc
      Size/MD5:    60146 cb0ead69c18e5030e75d2d485905ebee
      Size/MD5:   151872 48601fcbe7efcae7d414c130989bf531
      Size/MD5:    59796 306ed81a03c3781c199ff3edb2872f1a
      Size/MD5:   583148 305341c9c6c5eda651f880c18ba54263
      Size/MD5:   107540 ffbe9eddf81b7762c0d78f13be2b7ea5

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   764804 c8186d0c202a270210d86bb717bd8782
      Size/MD5:    63392 29ff54f1b67989585df8033c91d50cba
      Size/MD5:    65166 6dd629ccd92d8733f5b1d380a43e2650
      Size/MD5:   173972 1f57249a8b1d2a4364b6720cb8a13816
      Size/MD5:    58922 c1d360a9d2ddd86d42aabf922f854d53
      Size/MD5:   148602 beef247f595164e26d66eba0c6ea2e00
      Size/MD5:    58322 01f24832cb079b4ba900b89259ceec84
      Size/MD5:   556486 71f7c969241894146faedf84f7eb6b7b
      Size/MD5:   102404 ff30a9095bedf7caafd4624b3dbb15aa

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   865774 74c2ce51fb5ab5777eacec1df0ea4a82
      Size/MD5:    68330 d7d928de167fbb360223f28d4eb3cd7d
      Size/MD5:    69044 8091c622ab63bfacbe9fdd1760bf80df
      Size/MD5:   186016 44743cccc762b9bd101d54a02759ce60
      Size/MD5:    61322 a5f8450dd44e5f8e0cf6e935c8915a46
      Size/MD5:   149896 ca50d93b2068b4bab034bf8eecb1eff3
      Size/MD5:    60532 891d568f8fe308a4b542038903cdcfad
      Size/MD5:   593074 a8e145a7a6cf4c6d7a44084c1263a570
      Size/MD5:   112474 fa6f6c4c95b4c847454e1fc982ad7eee

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   786702 ab498caf4e6a37c9c324d16c79dc8329
      Size/MD5:    64262 5b7735169d575ccd8caad6ef7ddf6c3f
      Size/MD5:    65202 50966cd36b872bd26056a3ca45ecfac9
      Size/MD5:   172804 9dc54f3d797ae9e0e434ccea9f32188d
      Size/MD5:    58346 30c840eb8a1f69b154ff234838179c61
      Size/MD5:   148626 5c516724df0ff9f4e8a54095aecd998e
      Size/MD5:    57374 7c8c71e470fe5d103498926396c0c48c
      Size/MD5:   560062 dcf2f46e6e4c04665791b49b18305632
      Size/MD5:   100424 2c2ba3bed96074c1fbb4ab7b026dc344

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:    10312 80c58933dab4f6267d8b4d423bb2a00d
      Size/MD5:     1727 e4211e161e61ff6d60c4c30b1431141c
      Size/MD5:  1062401 053fdfd70533ecce1a06353fa945f061

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   820562 6219885deb486eb607f4e5102a99d837
      Size/MD5:   101988 0bdadcb05d6b44c7a61c62d8c56b6abc
      Size/MD5:    69388 ef8aa292263be9784b4c6f301c4ebc8d
      Size/MD5:   183684 b252dafd35bae3f441905c740f43902b
      Size/MD5:    73206 415aeb64521e1e2571e04503852963e7
      Size/MD5:   154664 c26aa44cc158ef62c7974c6627fc10e3
      Size/MD5:    61114 3b5a79fbfcf9ad34c243da65c8ba67f1
      Size/MD5:   601470 4545e6d0b5d5c021327191cbef6dc0df
      Size/MD5:   109366 1f6bb187ba6c96f1aba062c0f9736420

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   765928 a8557aeecb280b8172e920015d771a6b
      Size/MD5:    99398 22cc8d65cfbcd8535fd8d766b599cabb
      Size/MD5:    65416 43d652bf0781b83601eedb1dce6f04d1
      Size/MD5:   174286 d667ea8cfc556b7dcae272cebd88886a
      Size/MD5:    72092 1c0be256ec84dbc2d12edf5ee3125909
      Size/MD5:   152222 6066eb1d2f7e5c528dad3bf4bee6e31c
      Size/MD5:    60388 1dec271bd1149ad75fd57170467cee2f
      Size/MD5:   580544 938e5cbdc857aa24fb99433aa32b41d6
      Size/MD5:   104002 7c0b3581d99bab8ac823f00c3a4a8c45

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   870180 fe4a1d010ca9f32d6fd9d02353b7d13a
      Size/MD5:   104700 f651522032fda6e82d6a4f0ec6c9ce2f
      Size/MD5:    69292 3d75cef5abdc2d6b868a6f5859811d79
      Size/MD5:   186936 d9844682d0ae315f113e06f4d7809efd
      Size/MD5:    76980 a6058bce55751439084f4b9b8d052c49
      Size/MD5:   158662 2f87eec731d7478746d6cbd45dd406e4
      Size/MD5:    64506 46201adf5a532a212cb30d775014b6a1
      Size/MD5:   636086 eb2c45ab644c91d05ff8be3687c96ef8
      Size/MD5:   121580 f24f9acbf15e962173506a934e1da784

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   788272 dc409a8804ecf302809c71ce8a02bc43
      Size/MD5:    99772 05abfdda6a14ae9b341f65b0043b8e63
      Size/MD5:    65432 35cdfee2224325f8e3657ec5fd93a6ff
      Size/MD5:   173006 6983d2428457f2cba85a1cf1f879c368
      Size/MD5:    71022 c25113e52601c9f48ac793b1e34ee4cd
      Size/MD5:   152464 bbe9789d047b0dc3cc90415a1196c889
      Size/MD5:    59448 7eba23e6a13761a1132713cac329edda
      Size/MD5:   586020 95d3cb29ccbdcf7b032317f1985d1320
      Size/MD5:   104350 72e8a1028eede5149ae3019b2dcb89d5

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.