Skip to navigation

Security Advisory Important: poppler security update

Advisory: RHSA-2010:0749-1
Type: Security Advisory
Severity: Important
Issued on: 2010-10-07
Last updated on: 2010-10-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-3702
CVE-2010-3704

Details

Updated poppler packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.

An uninitialized pointer use flaw was discovered in poppler. An attacker
could create a malicious PDF file that, when opened, would cause
applications that use poppler (such as Evince) to crash or, potentially,
execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way poppler parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause applications that use poppler (such as
Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
poppler-0.5.4-4.4.el5_5.14.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 18f53de7f1cfe0a078cc947e5fe3cda3
SHA-256: bf01ad380c48a20273906187592572cacbec00f067ec2b043a17c6c15a30f1b4
 
IA-32:
poppler-devel-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 4f6305faf840ad35899465a8b101d1b2
SHA-256: 1c57241d8d656051641cfc032d789edcf4904da338a5933e04f1bcc4ab9b6120
 
x86_64:
poppler-devel-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 4f6305faf840ad35899465a8b101d1b2
SHA-256: 1c57241d8d656051641cfc032d789edcf4904da338a5933e04f1bcc4ab9b6120
poppler-devel-0.5.4-4.4.el5_5.14.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 9264bb75cbede60d8aca86f134b292a4
SHA-256: 4d4e296e267640452277fbc904466db29a05dddebfd8c0692725aec0d436029f
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
poppler-0.5.4-4.4.el5_5.14.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 18f53de7f1cfe0a078cc947e5fe3cda3
SHA-256: bf01ad380c48a20273906187592572cacbec00f067ec2b043a17c6c15a30f1b4
 
IA-32:
poppler-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: da47113145a161b70fc7454e80e6688e
SHA-256: 7e37981e57ed5c053ee34065a710d09dffa1bec2f9c337f64b5ab19cc028eb65
poppler-devel-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 4f6305faf840ad35899465a8b101d1b2
SHA-256: 1c57241d8d656051641cfc032d789edcf4904da338a5933e04f1bcc4ab9b6120
poppler-utils-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 64d0f2122c2f5760346088168303e0ba
SHA-256: 1234644a78ba45507a1ec519bede2a735027d16411453bbd3e4f811d6e57494d
 
IA-64:
poppler-0.5.4-4.4.el5_5.14.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 58b4caf5100053555276ff4e5d304cf1
SHA-256: 3e86b5e668a091de768be8e2aed08eef4d772dac696aa7b626fe15466a1186a7
poppler-devel-0.5.4-4.4.el5_5.14.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 3410c13bb8bbbf58fae26430199aebaf
SHA-256: 8d217e6d20b83816ce7f9b0c052abc7989bb934fea92a779686ad2aa476f203a
poppler-utils-0.5.4-4.4.el5_5.14.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 7581d81c8399c2f83711bef6725108cb
SHA-256: b844960f35183af023f7106f03bf659d02f5984d9ffbd78c4939eb2fd42b0a1c
 
PPC:
poppler-0.5.4-4.4.el5_5.14.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: 880b93f378c06b6acac51831f1697b4d
SHA-256: 9430e4e45fcd843f1bb6d76361ac1b72fe996b67736ef312040522481c5d0737
poppler-0.5.4-4.4.el5_5.14.ppc64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 1b1a4f867f6906b688e05865ddc1f9c4
SHA-256: 0da11616815a152eea3153528968e4d5431ebeb674d4a982ca2215e12fa7c2f5
poppler-devel-0.5.4-4.4.el5_5.14.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: cf2cd8330c9b4cd2315d998fa4dce650
SHA-256: c5fa285385820eedf3c9111e9dd39af6591d51d3b67fd1c6cbeac03bd3d08baf
poppler-devel-0.5.4-4.4.el5_5.14.ppc64.rpm
File outdated by:  RHBA-2013:1128
    MD5: bad24cdcbef788fa5c85deb4d03ebf0a
SHA-256: cbd0c8301a4f65670f915700e4c2a756c8fa53e740f7e0093b468e1255de3599
poppler-utils-0.5.4-4.4.el5_5.14.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: 4bdc3ed0937eca71ef28119af61f4964
SHA-256: 53fe28e84913095908c1ad882fe255bf7119c7ab7f735072ed913fc94a330321
 
s390x:
poppler-0.5.4-4.4.el5_5.14.s390.rpm
File outdated by:  RHBA-2013:1128
    MD5: 5b21d6a1b63d9cbb7e0c27964a2decd3
SHA-256: c57e686c287d80d5d09aae8b4e3e1cd6db37b9ede3655f4448aa41a07f319132
poppler-0.5.4-4.4.el5_5.14.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: 3ad81b7db7008645b3b68fa27f387bc4
SHA-256: bafc03560b36d1b1abcb0077f06419f9e649d576ed4420a3b185f98e418c63ba
poppler-devel-0.5.4-4.4.el5_5.14.s390.rpm
File outdated by:  RHBA-2013:1128
    MD5: a707ff30acbe2f6ad1b9fc7299daf24a
SHA-256: c58aa9505fb2f224486bd82c20d29c4cf54801cc655ded4a3b5832b87bc86cbd
poppler-devel-0.5.4-4.4.el5_5.14.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: df1e5fd2295111965e280c63df2064dc
SHA-256: a998ea7a86dd6ce749bcde54b97ca218b4e8fb0c01746a0b2c81f469537040ca
poppler-utils-0.5.4-4.4.el5_5.14.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: 0aa27678cd5173477a967693fb1686da
SHA-256: c8f6e19dcb5757a4175471c54d2bff1a6eb04c0bd5e538e86243438cbc87c0b8
 
x86_64:
poppler-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: da47113145a161b70fc7454e80e6688e
SHA-256: 7e37981e57ed5c053ee34065a710d09dffa1bec2f9c337f64b5ab19cc028eb65
poppler-0.5.4-4.4.el5_5.14.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: b95ee3862d78728c5ea5867713852cc4
SHA-256: 69d6a8484dcecb35daa6cc60b49fb5a763c6015b7b9f6994ada764a52681af11
poppler-devel-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 4f6305faf840ad35899465a8b101d1b2
SHA-256: 1c57241d8d656051641cfc032d789edcf4904da338a5933e04f1bcc4ab9b6120
poppler-devel-0.5.4-4.4.el5_5.14.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 9264bb75cbede60d8aca86f134b292a4
SHA-256: 4d4e296e267640452277fbc904466db29a05dddebfd8c0692725aec0d436029f
poppler-utils-0.5.4-4.4.el5_5.14.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 7600466fa43db3bd261e4d15857c1dd5
SHA-256: 4915f4978bea1bee42c72b0dbdb3513e99e355ced9ef85c3a53472f19ef92867
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
poppler-0.5.4-4.4.el5_5.14.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 18f53de7f1cfe0a078cc947e5fe3cda3
SHA-256: bf01ad380c48a20273906187592572cacbec00f067ec2b043a17c6c15a30f1b4
 
IA-32:
poppler-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: da47113145a161b70fc7454e80e6688e
SHA-256: 7e37981e57ed5c053ee34065a710d09dffa1bec2f9c337f64b5ab19cc028eb65
poppler-utils-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 64d0f2122c2f5760346088168303e0ba
SHA-256: 1234644a78ba45507a1ec519bede2a735027d16411453bbd3e4f811d6e57494d
 
x86_64:
poppler-0.5.4-4.4.el5_5.14.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: da47113145a161b70fc7454e80e6688e
SHA-256: 7e37981e57ed5c053ee34065a710d09dffa1bec2f9c337f64b5ab19cc028eb65
poppler-0.5.4-4.4.el5_5.14.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: b95ee3862d78728c5ea5867713852cc4
SHA-256: 69d6a8484dcecb35daa6cc60b49fb5a763c6015b7b9f6994ada764a52681af11
poppler-utils-0.5.4-4.4.el5_5.14.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 7600466fa43db3bd261e4d15857c1dd5
SHA-256: 4915f4978bea1bee42c72b0dbdb3513e99e355ced9ef85c3a53472f19ef92867
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/