Mandriva: Updated poppler packages fix vulnerabilities
Posted by Benjamin D. Thomas   
Mandrake Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:227
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : poppler
 Date    : November 19, 2007
 Affected: 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Alin Rad Pop found several flaws in how PDF files are handled
 in poppler.  An attacker could create a malicious PDF file that
 would cause poppler to crash or potentially execute arbitrary code
 when opened.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 9f040875778bb940669bd2bfdbef248c  2007.1/i586/libpoppler-qt1-0.5.4-3.3mdv2007.1.i586.rpm
 804046d0a838cb3a0a5e355fb118b1bc  2007.1/i586/libpoppler-qt1-devel-0.5.4-3.3mdv2007.1.i586.rpm
 dd83d0b61f2ad91ea79f314752a0f514  2007.1/i586/libpoppler-qt4-1-0.5.4-3.3mdv2007.1.i586.rpm
 05d0deb14ec5dad80d8d400756b3d183  2007.1/i586/libpoppler-qt4-1-devel-0.5.4-3.3mdv2007.1.i586.rpm
 a23fb37129c8756e353fe47be6d6a8be  2007.1/i586/libpoppler1-0.5.4-3.3mdv2007.1.i586.rpm
 6db198b349d7ebe355d809732ddb21bb  2007.1/i586/libpoppler1-devel-0.5.4-3.3mdv2007.1.i586.rpm
 3e280873492799bebdec28872351052e  2007.1/i586/poppler-0.5.4-3.3mdv2007.1.i586.rpm 
 40600d9ccb1e7f7a76cb4ccf447e9e40  2007.1/SRPMS/poppler-0.5.4-3.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 b49094eb08c809397081d357f7251166  2007.1/x86_64/lib64poppler-qt1-0.5.4-3.3mdv2007.1.x86_64.rpm
 e6f52d8bb5d9f84458ae6892cd7800da  2007.1/x86_64/lib64poppler-qt1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
 4d08d7343c94a016928cef93490af098  2007.1/x86_64/lib64poppler-qt4-1-0.5.4-3.3mdv2007.1.x86_64.rpm
 b0f8d4b4c5f1917c61687900a119e685  2007.1/x86_64/lib64poppler-qt4-1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
 0955492bd1319fdc2e74c2528994e2bc  2007.1/x86_64/lib64poppler1-0.5.4-3.3mdv2007.1.x86_64.rpm
 f918b50ec88a2aca954c156c33c605e8  2007.1/x86_64/lib64poppler1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
 24fdcc57f5c7481e6732f45e43e49d51  2007.1/x86_64/poppler-0.5.4-3.3mdv2007.1.x86_64.rpm 
 40600d9ccb1e7f7a76cb4ccf447e9e40  2007.1/SRPMS/poppler-0.5.4-3.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 840730bb310636d43a3d07a6d4d4f281  2008.0/i586/libpoppler-devel-0.6-3.1mdv2008.0.i586.rpm
 9d6109683ae8729ad549c56d2f8998c1  2008.0/i586/libpoppler-glib-devel-0.6-3.1mdv2008.0.i586.rpm
 b69e7e912fe2f532c5a9ed7c3687eb42  2008.0/i586/libpoppler-glib2-0.6-3.1mdv2008.0.i586.rpm
 cea89e4b36cbe99060e3568038474078  2008.0/i586/libpoppler-qt-devel-0.6-3.1mdv2008.0.i586.rpm
 64a459904bf417570e4f2b8e0d550c77  2008.0/i586/libpoppler-qt2-0.6-3.1mdv2008.0.i586.rpm
 5d1c9970275811b934599f95b5264d7d  2008.0/i586/libpoppler-qt4-2-0.6-3.1mdv2008.0.i586.rpm
 7bbfdb4209d40f503bedc8e10e4687df  2008.0/i586/libpoppler-qt4-devel-0.6-3.1mdv2008.0.i586.rpm
 812e34a9b25b4e28169bf84804da8325  2008.0/i586/libpoppler2-0.6-3.1mdv2008.0.i586.rpm
 57380d8dcef7e2b404ed6a7571969bfe  2008.0/i586/poppler-0.6-3.1mdv2008.0.i586.rpm 
 697118d63ace272626e64555f7b8cffd  2008.0/SRPMS/poppler-0.6-3.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 f64a05a64b742ac4a40a07b8c43b9545  2008.0/x86_64/lib64poppler-devel-0.6-3.1mdv2008.0.x86_64.rpm
 5d9963749a1315a570e9a70783c078da  2008.0/x86_64/lib64poppler-glib-devel-0.6-3.1mdv2008.0.x86_64.rpm
 8d62d129c9279da1ed306a02785d5a7f  2008.0/x86_64/lib64poppler-glib2-0.6-3.1mdv2008.0.x86_64.rpm
 f844c25e098d3b295cba161a07795b36  2008.0/x86_64/lib64poppler-qt-devel-0.6-3.1mdv2008.0.x86_64.rpm
 5bfdd34b678a33aeebeec9dc7b0d0dd7  2008.0/x86_64/lib64poppler-qt2-0.6-3.1mdv2008.0.x86_64.rpm
 83334372f43c893ca9afdaefdd7b90d0  2008.0/x86_64/lib64poppler-qt4-2-0.6-3.1mdv2008.0.x86_64.rpm
 82099121bfc50561cb3a175d9d31152b  2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.1mdv2008.0.x86_64.rpm
 59a614072521db19cd3b502e6d49959a  2008.0/x86_64/lib64poppler2-0.6-3.1mdv2008.0.x86_64.rpm
 0a5a8795e93dc014c5f07e2ab6e73393  2008.0/x86_64/poppler-0.6-3.1mdv2008.0.x86_64.rpm 
 697118d63ace272626e64555f7b8cffd  2008.0/SRPMS/poppler-0.6-3.1mdv2008.0.src.rpm

 Corporate 4.0:
 86be8a80003ab4c7a36905eac276dbf6  corporate/4.0/i586/libpoppler-qt0-0.4.1-3.6.20060mlcs4.i586.rpm
 32bae8fecaa6ec4e2b1e7e68458f889b  corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.6.20060mlcs4.i586.rpm
 e9aefa230a3c897361330d91583eb4b9  corporate/4.0/i586/libpoppler0-0.4.1-3.6.20060mlcs4.i586.rpm
 280a9f7aea1b3766864996d5969e69ea  corporate/4.0/i586/libpoppler0-devel-0.4.1-3.6.20060mlcs4.i586.rpm 
 aab471f88ae46303acfef45c3464bce6  corporate/4.0/SRPMS/poppler-0.4.1-3.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 62f84dc6ac78997484c76c0e34c74063  corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.6.20060mlcs4.x86_64.rpm
 5fda381aed07c4eaa47f48d7187449ee  corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.6.20060mlcs4.x86_64.rpm
 6abf5b15ba6ffa847dde37a2d0f049d0  corporate/4.0/x86_64/lib64poppler0-0.4.1-3.6.20060mlcs4.x86_64.rpm
 bcbad9d141f0b9615740d5f027a24699  corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.6.20060mlcs4.x86_64.rpm 
 aab471f88ae46303acfef45c3464bce6  corporate/4.0/SRPMS/poppler-0.4.1-3.6.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team