- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Important: poppler security update
Advisory ID:       RHSA-2007:1026-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:1026.html
Issue date:        2007-11-07
Updated on:        2007-11-07
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 
- ---------------------------------------------------------------------1. Summary:

Updated poppler packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Poppler is a PDF rendering library, used by applications such as evince. 

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause an application
linked with poppler to crash, or potentially execute arbitrary code when
opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
69632e7868ae30f5c7511421493a01be  poppler-0.5.4-4.3.el5_1.src.rpm

i386:
840ac371305da7343736841e554b93e5  poppler-0.5.4-4.3.el5_1.i386.rpm
0f9a1f599941a1ac395dbfaa98d92c98  poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm
b365b83be4738430b7c0e9d4a96f08fd  poppler-utils-0.5.4-4.3.el5_1.i386.rpm

x86_64:
840ac371305da7343736841e554b93e5  poppler-0.5.4-4.3.el5_1.i386.rpm
c4f9253e89bb71a5d4c7a1f4d7e10f63  poppler-0.5.4-4.3.el5_1.x86_64.rpm
0f9a1f599941a1ac395dbfaa98d92c98  poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm
3a34912d2523ee3181a3238e4a793bf3  poppler-debuginfo-0.5.4-4.3.el5_1.x86_64.rpm
6a27df425f22244009394d770f58fc2c  poppler-utils-0.5.4-4.3.el5_1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
69632e7868ae30f5c7511421493a01be  poppler-0.5.4-4.3.el5_1.src.rpm

i386:
0f9a1f599941a1ac395dbfaa98d92c98  poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm
53b761d6d293af2a3b9cd32f13f2e89a  poppler-devel-0.5.4-4.3.el5_1.i386.rpm

x86_64:
0f9a1f599941a1ac395dbfaa98d92c98  poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm
3a34912d2523ee3181a3238e4a793bf3  poppler-debuginfo-0.5.4-4.3.el5_1.x86_64.rpm
53b761d6d293af2a3b9cd32f13f2e89a  poppler-devel-0.5.4-4.3.el5_1.i386.rpm
a3f589c0d86eb34e982bf1c52ae63ce1  poppler-devel-0.5.4-4.3.el5_1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
69632e7868ae30f5c7511421493a01be  poppler-0.5.4-4.3.el5_1.src.rpm

i386:
840ac371305da7343736841e554b93e5  poppler-0.5.4-4.3.el5_1.i386.rpm
0f9a1f599941a1ac395dbfaa98d92c98  poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm
53b761d6d293af2a3b9cd32f13f2e89a  poppler-devel-0.5.4-4.3.el5_1.i386.rpm
b365b83be4738430b7c0e9d4a96f08fd  poppler-utils-0.5.4-4.3.el5_1.i386.rpm

ia64:
89db64c41392198fa374d3bf30ade381  poppler-0.5.4-4.3.el5_1.ia64.rpm
b3d4ccf16dde38ae59deb5620a737131  poppler-debuginfo-0.5.4-4.3.el5_1.ia64.rpm
aad3e4d678645b86c9bd77bdd4a504ad  poppler-devel-0.5.4-4.3.el5_1.ia64.rpm
f6181b9d6b21df64fa2e359c37a61643  poppler-utils-0.5.4-4.3.el5_1.ia64.rpm

ppc:
0a47709c4831e6f4e3568ddeed38f118  poppler-0.5.4-4.3.el5_1.ppc.rpm
23983ce4d9ff84f859a2e863b0d86abd  poppler-0.5.4-4.3.el5_1.ppc64.rpm
e0b0cd09b8576a58a1eb2f3887de5f70  poppler-debuginfo-0.5.4-4.3.el5_1.ppc.rpm
d540e137d69684dbb002cfa0cd53ace7  poppler-debuginfo-0.5.4-4.3.el5_1.ppc64.rpm
9f77a5dc7816c09217dd0735d3bc6ded  poppler-devel-0.5.4-4.3.el5_1.ppc.rpm
f7f8106f4936cc062c9f598d1342fbf7  poppler-devel-0.5.4-4.3.el5_1.ppc64.rpm
d8bfb3b5a50b48e003adf4c0cb06dadf  poppler-utils-0.5.4-4.3.el5_1.ppc.rpm

s390x:
fabd0d9a73d044bc6be045570ff7415e  poppler-0.5.4-4.3.el5_1.s390.rpm
88f22b3e51c067ef57ba1686e6a6445f  poppler-0.5.4-4.3.el5_1.s390x.rpm
5dad2b459b268a1284dd5b67910643ff  poppler-debuginfo-0.5.4-4.3.el5_1.s390.rpm
c46630b15a1eb965c63375cd2dc1453c  poppler-debuginfo-0.5.4-4.3.el5_1.s390x.rpm
1ac050d1a6d423a4fdc3727df4802632  poppler-devel-0.5.4-4.3.el5_1.s390.rpm
20eaefea09f74e92239b66002d4fe895  poppler-devel-0.5.4-4.3.el5_1.s390x.rpm
62f185765cec355ca7b1d8c1ca89aede  poppler-utils-0.5.4-4.3.el5_1.s390x.rpm

x86_64:
840ac371305da7343736841e554b93e5  poppler-0.5.4-4.3.el5_1.i386.rpm
c4f9253e89bb71a5d4c7a1f4d7e10f63  poppler-0.5.4-4.3.el5_1.x86_64.rpm
0f9a1f599941a1ac395dbfaa98d92c98  poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm
3a34912d2523ee3181a3238e4a793bf3  poppler-debuginfo-0.5.4-4.3.el5_1.x86_64.rpm
53b761d6d293af2a3b9cd32f13f2e89a  poppler-devel-0.5.4-4.3.el5_1.i386.rpm
a3f589c0d86eb34e982bf1c52ae63ce1  poppler-devel-0.5.4-4.3.el5_1.x86_64.rpm
6a27df425f22244009394d770f58fc2c  poppler-utils-0.5.4-4.3.el5_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Important: poppler security update

Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5

Summary



Summary

Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit() 345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset() 345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
6. RPMs required:
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS: 69632e7868ae30f5c7511421493a01be poppler-0.5.4-4.3.el5_1.src.rpm
i386: 840ac371305da7343736841e554b93e5 poppler-0.5.4-4.3.el5_1.i386.rpm 0f9a1f599941a1ac395dbfaa98d92c98 poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm b365b83be4738430b7c0e9d4a96f08fd poppler-utils-0.5.4-4.3.el5_1.i386.rpm
x86_64: 840ac371305da7343736841e554b93e5 poppler-0.5.4-4.3.el5_1.i386.rpm c4f9253e89bb71a5d4c7a1f4d7e10f63 poppler-0.5.4-4.3.el5_1.x86_64.rpm 0f9a1f599941a1ac395dbfaa98d92c98 poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm 3a34912d2523ee3181a3238e4a793bf3 poppler-debuginfo-0.5.4-4.3.el5_1.x86_64.rpm 6a27df425f22244009394d770f58fc2c poppler-utils-0.5.4-4.3.el5_1.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS: 69632e7868ae30f5c7511421493a01be poppler-0.5.4-4.3.el5_1.src.rpm
i386: 0f9a1f599941a1ac395dbfaa98d92c98 poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm 53b761d6d293af2a3b9cd32f13f2e89a poppler-devel-0.5.4-4.3.el5_1.i386.rpm
x86_64: 0f9a1f599941a1ac395dbfaa98d92c98 poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm 3a34912d2523ee3181a3238e4a793bf3 poppler-debuginfo-0.5.4-4.3.el5_1.x86_64.rpm 53b761d6d293af2a3b9cd32f13f2e89a poppler-devel-0.5.4-4.3.el5_1.i386.rpm a3f589c0d86eb34e982bf1c52ae63ce1 poppler-devel-0.5.4-4.3.el5_1.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS: 69632e7868ae30f5c7511421493a01be poppler-0.5.4-4.3.el5_1.src.rpm
i386: 840ac371305da7343736841e554b93e5 poppler-0.5.4-4.3.el5_1.i386.rpm 0f9a1f599941a1ac395dbfaa98d92c98 poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm 53b761d6d293af2a3b9cd32f13f2e89a poppler-devel-0.5.4-4.3.el5_1.i386.rpm b365b83be4738430b7c0e9d4a96f08fd poppler-utils-0.5.4-4.3.el5_1.i386.rpm
ia64: 89db64c41392198fa374d3bf30ade381 poppler-0.5.4-4.3.el5_1.ia64.rpm b3d4ccf16dde38ae59deb5620a737131 poppler-debuginfo-0.5.4-4.3.el5_1.ia64.rpm aad3e4d678645b86c9bd77bdd4a504ad poppler-devel-0.5.4-4.3.el5_1.ia64.rpm f6181b9d6b21df64fa2e359c37a61643 poppler-utils-0.5.4-4.3.el5_1.ia64.rpm
ppc: 0a47709c4831e6f4e3568ddeed38f118 poppler-0.5.4-4.3.el5_1.ppc.rpm 23983ce4d9ff84f859a2e863b0d86abd poppler-0.5.4-4.3.el5_1.ppc64.rpm e0b0cd09b8576a58a1eb2f3887de5f70 poppler-debuginfo-0.5.4-4.3.el5_1.ppc.rpm d540e137d69684dbb002cfa0cd53ace7 poppler-debuginfo-0.5.4-4.3.el5_1.ppc64.rpm 9f77a5dc7816c09217dd0735d3bc6ded poppler-devel-0.5.4-4.3.el5_1.ppc.rpm f7f8106f4936cc062c9f598d1342fbf7 poppler-devel-0.5.4-4.3.el5_1.ppc64.rpm d8bfb3b5a50b48e003adf4c0cb06dadf poppler-utils-0.5.4-4.3.el5_1.ppc.rpm
s390x: fabd0d9a73d044bc6be045570ff7415e poppler-0.5.4-4.3.el5_1.s390.rpm 88f22b3e51c067ef57ba1686e6a6445f poppler-0.5.4-4.3.el5_1.s390x.rpm 5dad2b459b268a1284dd5b67910643ff poppler-debuginfo-0.5.4-4.3.el5_1.s390.rpm c46630b15a1eb965c63375cd2dc1453c poppler-debuginfo-0.5.4-4.3.el5_1.s390x.rpm 1ac050d1a6d423a4fdc3727df4802632 poppler-devel-0.5.4-4.3.el5_1.s390.rpm 20eaefea09f74e92239b66002d4fe895 poppler-devel-0.5.4-4.3.el5_1.s390x.rpm 62f185765cec355ca7b1d8c1ca89aede poppler-utils-0.5.4-4.3.el5_1.s390x.rpm
x86_64: 840ac371305da7343736841e554b93e5 poppler-0.5.4-4.3.el5_1.i386.rpm c4f9253e89bb71a5d4c7a1f4d7e10f63 poppler-0.5.4-4.3.el5_1.x86_64.rpm 0f9a1f599941a1ac395dbfaa98d92c98 poppler-debuginfo-0.5.4-4.3.el5_1.i386.rpm 3a34912d2523ee3181a3238e4a793bf3 poppler-debuginfo-0.5.4-4.3.el5_1.x86_64.rpm 53b761d6d293af2a3b9cd32f13f2e89a poppler-devel-0.5.4-4.3.el5_1.i386.rpm a3f589c0d86eb34e982bf1c52ae63ce1 poppler-devel-0.5.4-4.3.el5_1.x86_64.rpm 6a27df425f22244009394d770f58fc2c poppler-utils-0.5.4-4.3.el5_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.redhat.com/security/updates/classification/#important

Package List


Severity
Advisory ID: RHSA-2007:1026-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:1026.html
Issued Date: : 2007-11-07
Updated on: 2007-11-07
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64


Bugs Fixed


Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved