Skip to navigation

Security Advisory Important: poppler security and bug fix update

Advisory: RHSA-2009:1504-1
Type: Security Advisory
Severity: Important
Issued on: 2009-10-15
Last updated on: 2009-10-15
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
CVEs (cve.mitre.org): CVE-2009-3603
CVE-2009-3608
CVE-2009-3609

Details

Updated poppler packages that fix multiple security issues and a bug are
now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.

Multiple integer overflow flaws were found in poppler. An attacker could
create a malicious PDF file that would cause applications that use poppler
(such as Evince) to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609)

Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608
issue.

This update also corrects a regression introduced in the previous poppler
security update, RHSA-2009:0480, that prevented poppler from rendering
certain PDF documents correctly. (BZ#528147)

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
poppler-0.5.4-4.4.el5_4.11.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 594937542f07f2204f418e83149d53cd
 
IA-32:
poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: f44ff66ef34fc63350ea5cc55d610ac8
 
x86_64:
poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: f44ff66ef34fc63350ea5cc55d610ac8
poppler-devel-0.5.4-4.4.el5_4.11.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: b6094ca8210ae2b8e2c44df53c5ca46c
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
poppler-0.5.4-4.4.el5_4.11.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 594937542f07f2204f418e83149d53cd
 
IA-32:
poppler-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 3232ece506e2932a19f5442b6d4af45e
poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: f44ff66ef34fc63350ea5cc55d610ac8
poppler-utils-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 0b821d2a158b2c7f9126b783eb8d5f1c
 
IA-64:
poppler-0.5.4-4.4.el5_4.11.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 87a33c26812432564b9732c208a585fc
poppler-devel-0.5.4-4.4.el5_4.11.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: ece6628d9b292c006b754e451b000f60
poppler-utils-0.5.4-4.4.el5_4.11.ia64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 996cc8114528b931f80d944d52c9b724
 
PPC:
poppler-0.5.4-4.4.el5_4.11.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: 4cf313e36b1beee6d43c551002f9923d
poppler-0.5.4-4.4.el5_4.11.ppc64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 770849396d8edae316d3c9b4405c7664
poppler-devel-0.5.4-4.4.el5_4.11.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: 7571f27dc53969bdd79560db72b10765
poppler-devel-0.5.4-4.4.el5_4.11.ppc64.rpm
File outdated by:  RHBA-2013:1128
    MD5: c51e17cb3e412ff0d7ed4807d3c1c4b5
poppler-utils-0.5.4-4.4.el5_4.11.ppc.rpm
File outdated by:  RHBA-2013:1128
    MD5: f62c57581a4b5aa55fa4d9808e7fe9da
 
s390x:
poppler-0.5.4-4.4.el5_4.11.s390.rpm
File outdated by:  RHBA-2013:1128
    MD5: 2e77b7af51703f130e0b4fb6eb8b382a
poppler-0.5.4-4.4.el5_4.11.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: 27f390629e31fc5983be025972d87991
poppler-devel-0.5.4-4.4.el5_4.11.s390.rpm
File outdated by:  RHBA-2013:1128
    MD5: 9093aa21c8b8256decea594f586845f5
poppler-devel-0.5.4-4.4.el5_4.11.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: af389da4ab49624fa09842218ea2b984
poppler-utils-0.5.4-4.4.el5_4.11.s390x.rpm
File outdated by:  RHBA-2013:1128
    MD5: 66281239438c19ecc0ddd8567a4ff5ce
 
x86_64:
poppler-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 3232ece506e2932a19f5442b6d4af45e
poppler-0.5.4-4.4.el5_4.11.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 18269e1b077ef20d7496775ffb726539
poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: f44ff66ef34fc63350ea5cc55d610ac8
poppler-devel-0.5.4-4.4.el5_4.11.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: b6094ca8210ae2b8e2c44df53c5ca46c
poppler-utils-0.5.4-4.4.el5_4.11.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 7b9ac6305ba6350d8807aaa8df254a28
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
poppler-0.5.4-4.4.el5_4.11.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 594937542f07f2204f418e83149d53cd
 
IA-32:
poppler-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 3232ece506e2932a19f5442b6d4af45e
poppler-utils-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 0b821d2a158b2c7f9126b783eb8d5f1c
 
x86_64:
poppler-0.5.4-4.4.el5_4.11.i386.rpm
File outdated by:  RHBA-2013:1128
    MD5: 3232ece506e2932a19f5442b6d4af45e
poppler-0.5.4-4.4.el5_4.11.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 18269e1b077ef20d7496775ffb726539
poppler-utils-0.5.4-4.4.el5_4.11.x86_64.rpm
File outdated by:  RHBA-2013:1128
    MD5: 7b9ac6305ba6350d8807aaa8df254a28
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)

SRPMS:
poppler-0.5.4-4.4.el5_4.11.src.rpm
File outdated by:  RHBA-2013:1128
    MD5: 594937542f07f2204f418e83149d53cd
 
IA-32:
poppler-0.5.4-4.4.el5_4.11.i386.rpm     MD5: 3232ece506e2932a19f5442b6d4af45e
poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm     MD5: f44ff66ef34fc63350ea5cc55d610ac8
poppler-utils-0.5.4-4.4.el5_4.11.i386.rpm     MD5: 0b821d2a158b2c7f9126b783eb8d5f1c
 
IA-64:
poppler-0.5.4-4.4.el5_4.11.ia64.rpm     MD5: 87a33c26812432564b9732c208a585fc
poppler-devel-0.5.4-4.4.el5_4.11.ia64.rpm     MD5: ece6628d9b292c006b754e451b000f60
poppler-utils-0.5.4-4.4.el5_4.11.ia64.rpm     MD5: 996cc8114528b931f80d944d52c9b724
 
PPC:
poppler-0.5.4-4.4.el5_4.11.ppc.rpm     MD5: 4cf313e36b1beee6d43c551002f9923d
poppler-0.5.4-4.4.el5_4.11.ppc64.rpm     MD5: 770849396d8edae316d3c9b4405c7664
poppler-devel-0.5.4-4.4.el5_4.11.ppc.rpm     MD5: 7571f27dc53969bdd79560db72b10765
poppler-devel-0.5.4-4.4.el5_4.11.ppc64.rpm     MD5: c51e17cb3e412ff0d7ed4807d3c1c4b5
poppler-utils-0.5.4-4.4.el5_4.11.ppc.rpm     MD5: f62c57581a4b5aa55fa4d9808e7fe9da
 
s390x:
poppler-0.5.4-4.4.el5_4.11.s390.rpm     MD5: 2e77b7af51703f130e0b4fb6eb8b382a
poppler-0.5.4-4.4.el5_4.11.s390x.rpm     MD5: 27f390629e31fc5983be025972d87991
poppler-devel-0.5.4-4.4.el5_4.11.s390.rpm     MD5: 9093aa21c8b8256decea594f586845f5
poppler-devel-0.5.4-4.4.el5_4.11.s390x.rpm     MD5: af389da4ab49624fa09842218ea2b984
poppler-utils-0.5.4-4.4.el5_4.11.s390x.rpm     MD5: 66281239438c19ecc0ddd8567a4ff5ce
 
x86_64:
poppler-0.5.4-4.4.el5_4.11.i386.rpm     MD5: 3232ece506e2932a19f5442b6d4af45e
poppler-0.5.4-4.4.el5_4.11.x86_64.rpm     MD5: 18269e1b077ef20d7496775ffb726539
poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm     MD5: f44ff66ef34fc63350ea5cc55d610ac8
poppler-devel-0.5.4-4.4.el5_4.11.x86_64.rpm     MD5: b6094ca8210ae2b8e2c44df53c5ca46c
poppler-utils-0.5.4-4.4.el5_4.11.x86_64.rpm     MD5: 7b9ac6305ba6350d8807aaa8df254a28
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016)
526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow
526915 - CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow
528147 - latest poppler security fix breaks compatibility with Xerox WorkCentre generated pdf documents


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/