Skip to navigation

Security Advisory Important: poppler security update

Advisory: RHSA-2009:0480-1
Type: Security Advisory
Severity: Important
Issued on: 2009-05-13
Last updated on: 2009-05-13
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux Long Life (v. 5.3 server)
CVEs (cve.mitre.org): CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
CVE-2009-0195
CVE-2009-0791
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-1182
CVE-2009-1183
CVE-2009-1187
CVE-2009-1188
CVE-2009-3604
CVE-2009-3606

Details

Updated poppler packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.

Multiple integer overflow flaws were found in poppler. An attacker could
create a malicious PDF file that would cause applications that use poppler
(such as Evince) to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)

Multiple buffer overflow flaws were found in poppler's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash or, potentially, execute
arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)

Multiple flaws were found in poppler's JBIG2 decoder that could lead to the
freeing of arbitrary memory. An attacker could create a malicious PDF file
that would cause applications that use poppler (such as Evince) to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0166,
CVE-2009-1180)

Multiple input validation flaws were found in poppler's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash or, potentially, execute
arbitrary code when opened. (CVE-2009-0800)

Multiple denial of service flaws were found in poppler's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash when opened. (CVE-2009-0799,
CVE-2009-1181, CVE-2009-1183)

Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product
Security team, and Will Dormann of the CERT/CC for responsibly reporting
these flaws.

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
poppler-0.5.4-4.4.el5_3.9.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 97f1b47b0103cb9134d96bfe0005c530
 
IA-32:
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 716ed1827fe0020d3e7f839a0ca8fabf
 
x86_64:
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 716ed1827fe0020d3e7f839a0ca8fabf
poppler-devel-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: b19b3f394536ecb01c9d23301078d7b3
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
poppler-0.5.4-4.4.el5_3.9.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 97f1b47b0103cb9134d96bfe0005c530
 
IA-32:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 5b54ba8d0d0724e73b466ba82af1b4d5
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 716ed1827fe0020d3e7f839a0ca8fabf
poppler-utils-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 97530a0c413178d3376723d216d82483
 
IA-64:
poppler-0.5.4-4.4.el5_3.9.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: eaf7bf93782cdf289bc4790000cc01f2
poppler-devel-0.5.4-4.4.el5_3.9.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: eb6ca63c62e7f2a7ea54b877cdb717a3
poppler-utils-0.5.4-4.4.el5_3.9.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 7fbc191f9b5243e3c14ec8b6291c6a0c
 
PPC:
poppler-0.5.4-4.4.el5_3.9.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: deeb5eb9cc9902ba7d0fd5fd6cfa1a7d
poppler-0.5.4-4.4.el5_3.9.ppc64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 59b748e079c1e603742101c8c74fd019
poppler-devel-0.5.4-4.4.el5_3.9.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: aada3c45dcab11f5de6f48f2b29d44f4
poppler-devel-0.5.4-4.4.el5_3.9.ppc64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 9b5ff489a13e7c65560c24a56a2c07c4
poppler-utils-0.5.4-4.4.el5_3.9.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: 961cdcc03281cd79d78c3ce5422781d2
 
s390x:
poppler-0.5.4-4.4.el5_3.9.s390.rpm
File outdated by:  RHBA-2013:1128
    MD5: ff4302a8a8f56e6209a7a6cdb7d4253d
poppler-0.5.4-4.4.el5_3.9.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: 14104d33b846d5fe519ce0ff80b36e26
poppler-devel-0.5.4-4.4.el5_3.9.s390.rpm
File outdated by:  RHBA-2013:1128
    MD5: 844fbb4de3211c59feadd3998ac54186
poppler-devel-0.5.4-4.4.el5_3.9.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: 5e9dfaac55b13dceb870d369405e21d6
poppler-utils-0.5.4-4.4.el5_3.9.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: fcaac72973611513d57c5a7572adab22
 
x86_64:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 5b54ba8d0d0724e73b466ba82af1b4d5
poppler-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 8895b70b968d3a56821fc73ff48de227
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 716ed1827fe0020d3e7f839a0ca8fabf
poppler-devel-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: b19b3f394536ecb01c9d23301078d7b3
poppler-utils-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 7f544fe12984014690768237e250d445
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
poppler-0.5.4-4.4.el5_3.9.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 97f1b47b0103cb9134d96bfe0005c530
 
IA-32:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 5b54ba8d0d0724e73b466ba82af1b4d5
poppler-utils-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 97530a0c413178d3376723d216d82483
 
x86_64:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 5b54ba8d0d0724e73b466ba82af1b4d5
poppler-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 8895b70b968d3a56821fc73ff48de227
poppler-utils-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 7f544fe12984014690768237e250d445
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)

SRPMS:
poppler-0.5.4-4.4.el5_3.9.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 97f1b47b0103cb9134d96bfe0005c530
 
IA-32:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 5b54ba8d0d0724e73b466ba82af1b4d5
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 716ed1827fe0020d3e7f839a0ca8fabf
poppler-utils-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 97530a0c413178d3376723d216d82483
 
IA-64:
poppler-0.5.4-4.4.el5_3.9.ia64.rpm
File outdated by:  RHBA-2009:1537
    MD5: eaf7bf93782cdf289bc4790000cc01f2
poppler-devel-0.5.4-4.4.el5_3.9.ia64.rpm
File outdated by:  RHBA-2009:1537
    MD5: eb6ca63c62e7f2a7ea54b877cdb717a3
poppler-utils-0.5.4-4.4.el5_3.9.ia64.rpm
File outdated by:  RHBA-2009:1537
    MD5: 7fbc191f9b5243e3c14ec8b6291c6a0c
 
PPC:
poppler-0.5.4-4.4.el5_3.9.ppc.rpm
File outdated by:  RHBA-2009:1537
    MD5: deeb5eb9cc9902ba7d0fd5fd6cfa1a7d
poppler-0.5.4-4.4.el5_3.9.ppc64.rpm
File outdated by:  RHBA-2009:1537
    MD5: 59b748e079c1e603742101c8c74fd019
poppler-devel-0.5.4-4.4.el5_3.9.ppc.rpm
File outdated by:  RHBA-2009:1537
    MD5: aada3c45dcab11f5de6f48f2b29d44f4
poppler-devel-0.5.4-4.4.el5_3.9.ppc64.rpm
File outdated by:  RHBA-2009:1537
    MD5: 9b5ff489a13e7c65560c24a56a2c07c4
poppler-utils-0.5.4-4.4.el5_3.9.ppc.rpm
File outdated by:  RHBA-2009:1537
    MD5: 961cdcc03281cd79d78c3ce5422781d2
 
s390x:
poppler-0.5.4-4.4.el5_3.9.s390.rpm
File outdated by:  RHBA-2009:1537
    MD5: ff4302a8a8f56e6209a7a6cdb7d4253d
poppler-0.5.4-4.4.el5_3.9.s390x.rpm
File outdated by:  RHBA-2009:1537
    MD5: 14104d33b846d5fe519ce0ff80b36e26
poppler-devel-0.5.4-4.4.el5_3.9.s390.rpm
File outdated by:  RHBA-2009:1537
    MD5: 844fbb4de3211c59feadd3998ac54186
poppler-devel-0.5.4-4.4.el5_3.9.s390x.rpm
File outdated by:  RHBA-2009:1537
    MD5: 5e9dfaac55b13dceb870d369405e21d6
poppler-utils-0.5.4-4.4.el5_3.9.s390x.rpm
File outdated by:  RHBA-2009:1537
    MD5: fcaac72973611513d57c5a7572adab22
 
x86_64:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 5b54ba8d0d0724e73b466ba82af1b4d5
poppler-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2009:1537
    MD5: 8895b70b968d3a56821fc73ff48de227
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 716ed1827fe0020d3e7f839a0ca8fabf
poppler-devel-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2009:1537
    MD5: b19b3f394536ecb01c9d23301078d7b3
poppler-utils-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2009:1537
    MD5: 7f544fe12984014690768237e250d445
 
Red Hat Enterprise Linux Long Life (v. 5.3 server)

SRPMS:
poppler-0.5.4-4.4.el5_3.9.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 97f1b47b0103cb9134d96bfe0005c530
 
IA-32:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 5b54ba8d0d0724e73b466ba82af1b4d5
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 716ed1827fe0020d3e7f839a0ca8fabf
poppler-utils-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 97530a0c413178d3376723d216d82483
 
IA-64:
poppler-0.5.4-4.4.el5_3.9.ia64.rpm
File outdated by:  RHBA-2009:1537
    MD5: eaf7bf93782cdf289bc4790000cc01f2
poppler-devel-0.5.4-4.4.el5_3.9.ia64.rpm
File outdated by:  RHBA-2009:1537
    MD5: eb6ca63c62e7f2a7ea54b877cdb717a3
poppler-utils-0.5.4-4.4.el5_3.9.ia64.rpm
File outdated by:  RHBA-2009:1537
    MD5: 7fbc191f9b5243e3c14ec8b6291c6a0c
 
x86_64:
poppler-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 5b54ba8d0d0724e73b466ba82af1b4d5
poppler-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2009:1537
    MD5: 8895b70b968d3a56821fc73ff48de227
poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm
File outdated by:  RHBA-2009:1537
    MD5: 716ed1827fe0020d3e7f839a0ca8fabf
poppler-devel-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2009:1537
    MD5: b19b3f394536ecb01c9d23301078d7b3
poppler-utils-0.5.4-4.4.el5_3.9.x86_64.rpm
File outdated by:  RHBA-2009:1537
    MD5: 7f544fe12984014690768237e250d445
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

490612 - CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)
490614 - CVE-2009-0147 xpdf: Multiple integer overflows in JBIG2 decoder
490625 - CVE-2009-0166 xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder
495886 - CVE-2009-0799 PDF JBIG2 decoder OOB read
495887 - CVE-2009-0800 PDF JBIG2 multiple input validation flaws
495889 - CVE-2009-1179 PDF JBIG2 integer overflow
495892 - CVE-2009-1180 PDF JBIG2 invalid free()
495894 - CVE-2009-1181 PDF JBIG2 NULL dereference
495896 - CVE-2009-1182 PDF JBIG2 MMR decoder buffer overflows
495899 - CVE-2009-1183 PDF JBIG2 MMR infinite loop DoS
495906 - CVE-2009-1187 poppler CairoOutputDev integer overflow
495907 - CVE-2009-1188 poppler SplashBitmap integer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/