Skip to navigation

Security Advisory Important: poppler security update

Advisory: RHSA-2007:1026-3
Type: Security Advisory
Severity: Important
Issued on: 2007-11-07
Last updated on: 2007-11-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
CVEs (cve.mitre.org): CVE-2007-4352
CVE-2007-5392
CVE-2007-5393

Details

Updated poppler packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Poppler is a PDF rendering library, used by applications such as evince.

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause an application
linked with poppler to crash, or potentially execute arbitrary code when
opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
poppler-0.5.4-4.3.el5_1.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 69632e7868ae30f5c7511421493a01be
 
IA-32:
poppler-devel-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 53b761d6d293af2a3b9cd32f13f2e89a
 
x86_64:
poppler-devel-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 53b761d6d293af2a3b9cd32f13f2e89a
poppler-devel-0.5.4-4.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: a3f589c0d86eb34e982bf1c52ae63ce1
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
poppler-0.5.4-4.3.el5_1.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 69632e7868ae30f5c7511421493a01be
 
IA-32:
poppler-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 840ac371305da7343736841e554b93e5
poppler-devel-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 53b761d6d293af2a3b9cd32f13f2e89a
poppler-utils-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: b365b83be4738430b7c0e9d4a96f08fd
 
IA-64:
poppler-0.5.4-4.3.el5_1.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 89db64c41392198fa374d3bf30ade381
poppler-devel-0.5.4-4.3.el5_1.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: aad3e4d678645b86c9bd77bdd4a504ad
poppler-utils-0.5.4-4.3.el5_1.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: f6181b9d6b21df64fa2e359c37a61643
 
PPC:
poppler-0.5.4-4.3.el5_1.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: 0a47709c4831e6f4e3568ddeed38f118
poppler-0.5.4-4.3.el5_1.ppc64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 23983ce4d9ff84f859a2e863b0d86abd
poppler-devel-0.5.4-4.3.el5_1.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: 9f77a5dc7816c09217dd0735d3bc6ded
poppler-devel-0.5.4-4.3.el5_1.ppc64.rpm
File outdated by:  RHBA-2013:1128
    MD5: f7f8106f4936cc062c9f598d1342fbf7
poppler-utils-0.5.4-4.3.el5_1.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: d8bfb3b5a50b48e003adf4c0cb06dadf
 
s390x:
poppler-0.5.4-4.3.el5_1.s390.rpm
File outdated by:  RHBA-2013:1128
    MD5: fabd0d9a73d044bc6be045570ff7415e
poppler-0.5.4-4.3.el5_1.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: 88f22b3e51c067ef57ba1686e6a6445f
poppler-devel-0.5.4-4.3.el5_1.s390.rpm
File outdated by:  RHBA-2013:1128
    MD5: 1ac050d1a6d423a4fdc3727df4802632
poppler-devel-0.5.4-4.3.el5_1.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: 20eaefea09f74e92239b66002d4fe895
poppler-utils-0.5.4-4.3.el5_1.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: 62f185765cec355ca7b1d8c1ca89aede
 
x86_64:
poppler-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 840ac371305da7343736841e554b93e5
poppler-0.5.4-4.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: c4f9253e89bb71a5d4c7a1f4d7e10f63
poppler-devel-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 53b761d6d293af2a3b9cd32f13f2e89a
poppler-devel-0.5.4-4.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: a3f589c0d86eb34e982bf1c52ae63ce1
poppler-utils-0.5.4-4.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 6a27df425f22244009394d770f58fc2c
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
poppler-0.5.4-4.3.el5_1.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 69632e7868ae30f5c7511421493a01be
 
IA-32:
poppler-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 840ac371305da7343736841e554b93e5
poppler-utils-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: b365b83be4738430b7c0e9d4a96f08fd
 
x86_64:
poppler-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 840ac371305da7343736841e554b93e5
poppler-0.5.4-4.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: c4f9253e89bb71a5d4c7a1f4d7e10f63
poppler-utils-0.5.4-4.3.el5_1.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 6a27df425f22244009394d770f58fc2c
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
poppler-0.5.4-4.3.el5_1.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 69632e7868ae30f5c7511421493a01be
 
IA-32:
poppler-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHSA-2008:0239
    MD5: 840ac371305da7343736841e554b93e5
poppler-devel-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHSA-2008:0239
    MD5: 53b761d6d293af2a3b9cd32f13f2e89a
poppler-utils-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHSA-2008:0239
    MD5: b365b83be4738430b7c0e9d4a96f08fd
 
IA-64:
poppler-0.5.4-4.3.el5_1.ia64.rpm
File outdated by:  RHSA-2008:0239
    MD5: 89db64c41392198fa374d3bf30ade381
poppler-devel-0.5.4-4.3.el5_1.ia64.rpm
File outdated by:  RHSA-2008:0239
    MD5: aad3e4d678645b86c9bd77bdd4a504ad
poppler-utils-0.5.4-4.3.el5_1.ia64.rpm
File outdated by:  RHSA-2008:0239
    MD5: f6181b9d6b21df64fa2e359c37a61643
 
PPC:
poppler-0.5.4-4.3.el5_1.ppc.rpm
File outdated by:  RHSA-2008:0239
    MD5: 0a47709c4831e6f4e3568ddeed38f118
poppler-0.5.4-4.3.el5_1.ppc64.rpm
File outdated by:  RHSA-2008:0239
    MD5: 23983ce4d9ff84f859a2e863b0d86abd
poppler-devel-0.5.4-4.3.el5_1.ppc.rpm
File outdated by:  RHSA-2008:0239
    MD5: 9f77a5dc7816c09217dd0735d3bc6ded
poppler-devel-0.5.4-4.3.el5_1.ppc64.rpm
File outdated by:  RHSA-2008:0239
    MD5: f7f8106f4936cc062c9f598d1342fbf7
poppler-utils-0.5.4-4.3.el5_1.ppc.rpm
File outdated by:  RHSA-2008:0239
    MD5: d8bfb3b5a50b48e003adf4c0cb06dadf
 
s390x:
poppler-0.5.4-4.3.el5_1.s390.rpm
File outdated by:  RHSA-2008:0239
    MD5: fabd0d9a73d044bc6be045570ff7415e
poppler-0.5.4-4.3.el5_1.s390x.rpm
File outdated by:  RHSA-2008:0239
    MD5: 88f22b3e51c067ef57ba1686e6a6445f
poppler-devel-0.5.4-4.3.el5_1.s390.rpm
File outdated by:  RHSA-2008:0239
    MD5: 1ac050d1a6d423a4fdc3727df4802632
poppler-devel-0.5.4-4.3.el5_1.s390x.rpm
File outdated by:  RHSA-2008:0239
    MD5: 20eaefea09f74e92239b66002d4fe895
poppler-utils-0.5.4-4.3.el5_1.s390x.rpm
File outdated by:  RHSA-2008:0239
    MD5: 62f185765cec355ca7b1d8c1ca89aede
 
x86_64:
poppler-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHSA-2008:0239
    MD5: 840ac371305da7343736841e554b93e5
poppler-0.5.4-4.3.el5_1.x86_64.rpm
File outdated by:  RHSA-2008:0239
    MD5: c4f9253e89bb71a5d4c7a1f4d7e10f63
poppler-devel-0.5.4-4.3.el5_1.i386.rpm
File outdated by:  RHSA-2008:0239
    MD5: 53b761d6d293af2a3b9cd32f13f2e89a
poppler-devel-0.5.4-4.3.el5_1.x86_64.rpm
File outdated by:  RHSA-2008:0239
    MD5: a3f589c0d86eb34e982bf1c52ae63ce1
poppler-utils-0.5.4-4.3.el5_1.x86_64.rpm
File outdated by:  RHSA-2008:0239
    MD5: 6a27df425f22244009394d770f58fc2c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/