Security Advisory Important: poppler security update

Advisory: RHSA-2007:0732-2
Type: Security Advisory
Severity: Important
Issued on: 2007-07-30
Last updated on: 2007-07-30
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: com.redhat.rhsa-20070732.xml
CVEs (cve.mitre.org): CVE-2007-3387

Details

Updated poppler packages that fix a security issue in PDF handling are
now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Poppler is a PDF rendering library, used by applications such as evince.

Maurycy Prodeus discovered an integer overflow flaw in the processing
of PDF files. An attacker could create a malicious PDF file that would
cause an application linked with poppler to crash or potentially execute
arbitrary code when opened. (CVE-2007-3387)

All users of poppler should upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
poppler-0.5.4-4.1.el5.src.rpm
File outdated by:  RHSA-2009:1504		     2748243d5dab417ee98c0ff3b56c48bc
 
IA-32:
poppler-devel-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     3a0a155e5d530f15b12d1508ab88cef0
 
x86_64:
poppler-devel-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     3a0a155e5d530f15b12d1508ab88cef0
poppler-devel-0.5.4-4.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1504		     ddc147c33c2e9c581ee2c7bba3e44596
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
poppler-0.5.4-4.1.el5.src.rpm
File outdated by:  RHSA-2009:1504		     2748243d5dab417ee98c0ff3b56c48bc
 
IA-32:
poppler-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     0b1a924d41c486698fb0ef170e3bea98
poppler-devel-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     3a0a155e5d530f15b12d1508ab88cef0
poppler-utils-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     30690d55d19c44b300b6d4288b9b5e03
 
IA-64:
poppler-0.5.4-4.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1504		     1d4f3f5ce403009575c2223ac3e708c8
poppler-devel-0.5.4-4.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1504		     37de0141d0a978228886827686dfb034
poppler-utils-0.5.4-4.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1504		     4045e010707c2519a23e41bf081e8e5d
 
PPC:
poppler-0.5.4-4.1.el5.ppc.rpm
File outdated by:  RHSA-2009:1504		     6df67cdf707e8dcef58f2b66def0646e
poppler-0.5.4-4.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1504		     676a4b1f1f25d2c5c0d72787ab2009e1
poppler-devel-0.5.4-4.1.el5.ppc.rpm
File outdated by:  RHSA-2009:1504		     499d52521dfca164baedb43fc6856e83
poppler-devel-0.5.4-4.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1504		     7b128c68da3c46627c852f2e779423e2
poppler-utils-0.5.4-4.1.el5.ppc.rpm
File outdated by:  RHSA-2009:1504		     a364ec9dff6e8c7d323d095a645b818c
 
s390x:
poppler-0.5.4-4.1.el5.s390.rpm
File outdated by:  RHSA-2009:1504		     8c8a8e7fce73cf301d6a29b59ec7ebea
poppler-0.5.4-4.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1504		     16c42b5003fc1421ee4cb85fb4b02326
poppler-devel-0.5.4-4.1.el5.s390.rpm
File outdated by:  RHSA-2009:1504		     1bbce665e57d59247b5aa335d892fa5c
poppler-devel-0.5.4-4.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1504		     ac5cbd1c7966ee9871a83859f77172fd
poppler-utils-0.5.4-4.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1504		     8b54d4827349fcbd1deb375eab436a50
 
x86_64:
poppler-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     0b1a924d41c486698fb0ef170e3bea98
poppler-0.5.4-4.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1504		     06c6b81657b4dfa4c16547af8eb5d917
poppler-devel-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     3a0a155e5d530f15b12d1508ab88cef0
poppler-devel-0.5.4-4.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1504		     ddc147c33c2e9c581ee2c7bba3e44596
poppler-utils-0.5.4-4.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1504		     d5217710ebb25c47aad59758cf11bdfa
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
poppler-0.5.4-4.1.el5.src.rpm
File outdated by:  RHSA-2009:1504		     2748243d5dab417ee98c0ff3b56c48bc
 
IA-32:
poppler-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     0b1a924d41c486698fb0ef170e3bea98
poppler-utils-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     30690d55d19c44b300b6d4288b9b5e03
 
x86_64:
poppler-0.5.4-4.1.el5.i386.rpm
File outdated by:  RHSA-2009:1504		     0b1a924d41c486698fb0ef170e3bea98
poppler-0.5.4-4.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1504		     06c6b81657b4dfa4c16547af8eb5d917
poppler-utils-0.5.4-4.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1504		     d5217710ebb25c47aad59758cf11bdfa
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

248194 - CVE-2007-3387 xpdf integer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/