Gentoo: 201310-03 Poppler: Multiple vulnerabilities
Posted by Benjamin D. Thomas   
Gentoo Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201310-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Poppler: Multiple vulnerabilities
     Date: October 06, 2013
     Bugs: #263028, #290430, #290464, #308017, #338878, #352581,
           #459866, #480366
       ID: 201310-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Poppler, some of which may
allow execution of arbitrary code.

Background
==========

Poppler is a cross-platform PDF rendering library originally based on
Xpdf.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-text/poppler           < 0.22.2-r1              >= 0.22.2-r1

Description
===========

Multiple vulnerabilities have been discovered in Poppler. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could entice a user to open a specially crafted PDF
file, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Poppler users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-text/poppler-0.22.2-r1"

References
==========

[  1 ] CVE-2009-0146
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0146
[  2 ] CVE-2009-0147
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0147
[  3 ] CVE-2009-0165
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0165
[  4 ] CVE-2009-0166
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0166
[  5 ] CVE-2009-0195
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0195
[  6 ] CVE-2009-0799
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0799
[  7 ] CVE-2009-0800
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0800
[  8 ] CVE-2009-1179
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1179
[  9 ] CVE-2009-1180
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1180
[ 10 ] CVE-2009-1181
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1181
[ 11 ] CVE-2009-1182
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1182
[ 12 ] CVE-2009-1183
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1183
[ 13 ] CVE-2009-1187
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1187
[ 14 ] CVE-2009-1188
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1188
[ 15 ] CVE-2009-3603
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3603
[ 16 ] CVE-2009-3604
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3604
[ 17 ] CVE-2009-3605
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3605
[ 18 ] CVE-2009-3606
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3606
[ 19 ] CVE-2009-3607
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3607
[ 20 ] CVE-2009-3608
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3608
[ 21 ] CVE-2009-3609
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3609
[ 22 ] CVE-2009-3938
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3938
[ 23 ] CVE-2010-3702
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702
[ 24 ] CVE-2010-3703
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3703
[ 25 ] CVE-2010-3704
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704
[ 26 ] CVE-2010-4653
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4653
[ 27 ] CVE-2010-4654
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4654
[ 28 ] CVE-2012-2142
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2142
[ 29 ] CVE-2013-1788
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1788
[ 30 ] CVE-2013-1789
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1789
[ 31 ] CVE-2013-1790
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1790

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201310-03.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5