Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.0116 -- [Debian]
New poppler packages fix several vulnerabilities
6 February 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: poppler
Publisher: Debian
Operating System: Debian GNU/Linux 4.0
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2007-5393 CVE-2007-5392 CVE-2007-4352
Ref: ESB-2007.0887
Original Bulletin: http://www.debian.org/security/2008/dsa-1480
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1480-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 05, 2008 http://www.debian.org/security/faq
- - ------------------------------------------------------------------------
Package : poppler
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Alin Rad Pop discovered several buffer overflows in the Poppler PDF
library, which could allow the execution of arbitrary code if a
malformed PDF file is opened.
For the stable distribution (etch), these problems have been fixed in
version 0.4.5-5.1etch2.
The old stable distribution (sarge) doesn't contain poppler.
We recommend that you upgrade your poppler packages.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 4.0 (stable)
- - -------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.diff.gz
Size/MD5 checksum: 484246 62ac8891f912e0297dee3bc875497ef7
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.dsc
Size/MD5 checksum: 749 d12234813b844d590e151f454c7f26fb
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
Size/MD5 checksum: 783752 2bb1c75aa3f9c42f0ba48b5492e6d32c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_alpha.deb
Size/MD5 checksum: 30374 498fdc2dcafa1368c76f22a26243bd18
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_alpha.deb
Size/MD5 checksum: 42932 5c37d6c62ed141bb1ea227e8ed4a02ac
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_alpha.deb
Size/MD5 checksum: 774474 25ee5518b1f66bdcab1276ae15104362
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_alpha.deb
Size/MD5 checksum: 33862 97c425d38d2a52013ecb777323fedcbf
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_alpha.deb
Size/MD5 checksum: 55184 6a8bc43d21cd7b053e4ff2e96039ecde
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_alpha.deb
Size/MD5 checksum: 504400 1873e99c14b49a16a97fa1853840393c
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_alpha.deb
Size/MD5 checksum: 86262 6e9bb738236eb858aa379a011722df5e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_amd64.deb
Size/MD5 checksum: 456402 b149225663d59f2a71f959c54dc9980a
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_amd64.deb
Size/MD5 checksum: 83490 503a5244ca6778e8934001fcb775863a
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_amd64.deb
Size/MD5 checksum: 45932 a4f161401bfa3dd4179e1f06f26ea2fc
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_amd64.deb
Size/MD5 checksum: 30518 caea56a87a7f3cbe810912043198944c
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_amd64.deb
Size/MD5 checksum: 613524 9f60fe935bf1a0d39cb476306a1cd877
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_amd64.deb
Size/MD5 checksum: 29574 765b2a6179f6de7bcd12577267f28bdc
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_amd64.deb
Size/MD5 checksum: 41628 d321bfeef8b4b1646ba1232c2b289e31
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_arm.deb
Size/MD5 checksum: 30290 ca3b42b4698fd95047d9d01da07c19f0
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_arm.deb
Size/MD5 checksum: 81660 b5ef96b6267053ef30530742cc7fc885
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_arm.deb
Size/MD5 checksum: 29290 cb56448209be77de26a8ae8370ade5e7
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_arm.deb
Size/MD5 checksum: 594802 ee6c3e505eca8dc598dc5128418d24c3
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_arm.deb
Size/MD5 checksum: 44606 44101c76d6b8148c26ad3e85dd72fe66
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_arm.deb
Size/MD5 checksum: 438018 eb2a802afd0da063c444c0cf2e4a1ed4
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_arm.deb
Size/MD5 checksum: 40054 a1c854be81c453ed1208c7f4f9c2f5eb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_i386.deb
Size/MD5 checksum: 443352 016dd5a98a0eb335af593d1e51e081d5
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_i386.deb
Size/MD5 checksum: 29378 8d28f47566c6ea599a9d008280d13129
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_i386.deb
Size/MD5 checksum: 80798 8a05f82badaa6b3f69e86b5ec524b0fa
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_i386.deb
Size/MD5 checksum: 44140 e344517322685ec03e9368569b1040ee
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_i386.deb
Size/MD5 checksum: 40610 3a31076ff600ff771e68180074b46a21
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_i386.deb
Size/MD5 checksum: 30134 194fbfb244f877cd07b00bc5564a0a30
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_i386.deb
Size/MD5 checksum: 573836 dda4a5aa4e8c0c931bb456daf3e7e38d
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_ia64.deb
Size/MD5 checksum: 105174 4d21ca486d0dfb96ab111110aea18184
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_ia64.deb
Size/MD5 checksum: 808710 fef48b747551e1f078e51a863db42d64
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_ia64.deb
Size/MD5 checksum: 47680 6c2a9d463679be4d6738009e01d53229
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_ia64.deb
Size/MD5 checksum: 33654 afe0b327c8cde6490cf3982450286911
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_ia64.deb
Size/MD5 checksum: 54716 5aef6fdb1721fd392e7a5b694774fe3f
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_ia64.deb
Size/MD5 checksum: 32070 d2981f21f801bd748cf0f429683de327
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_ia64.deb
Size/MD5 checksum: 613062 ddfb7f3ee5899b15576dccf1f7730af5
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mips.deb
Size/MD5 checksum: 31838 ee6109e671d1b520e4f0e139ce323d31
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mips.deb
Size/MD5 checksum: 674630 ced70154cf0bf69de7e3f0682a26efe7
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mips.deb
Size/MD5 checksum: 29444 80577ad366a7ff024f6bbcfe28e9423e
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mips.deb
Size/MD5 checksum: 86570 95f59eddb01635867c47ebefdf53148f
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mips.deb
Size/MD5 checksum: 457738 adb74127e8b2f75c08dc4d1140cfcf53
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mips.deb
Size/MD5 checksum: 50162 a9a20c39b24ffb935dd5c95e58225250
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mips.deb
Size/MD5 checksum: 41714 9eba45d7741fb6af5defe6cd13aa04b4
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mipsel.deb
Size/MD5 checksum: 32068 8f0e573a5d16b9c38647fd35af827f51
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mipsel.deb
Size/MD5 checksum: 444286 1a9c45b8d5110116e7327379448cb5e5
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mipsel.deb
Size/MD5 checksum: 49638 67f7ee08100eedef89ce6a10261e4cf3
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mipsel.deb
Size/MD5 checksum: 29716 d1695e641ec7f2025aed5f3b3092f432
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mipsel.deb
Size/MD5 checksum: 664980 b521ee4bdbc3f5c063522e14c93a49fb
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mipsel.deb
Size/MD5 checksum: 41074 a4d66ed0588b10960fe40da8e2114aa9
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mipsel.deb
Size/MD5 checksum: 86512 25a6b4c4a4a6b1bd8217c5cd7c824554
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_powerpc.deb
Size/MD5 checksum: 89176 40cc1c0ddbcb14c1bd88620e4427f2ad
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_powerpc.deb
Size/MD5 checksum: 43006 857e0d7a14ac3448d531a6e92badfaa7
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_powerpc.deb
Size/MD5 checksum: 651790 b85508f089275c45426271ab42af5852
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_powerpc.deb
Size/MD5 checksum: 31282 3b991e0a59044ad90bce84dab4a3c286
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_powerpc.deb
Size/MD5 checksum: 48000 0d4dcec8c85e63bf932cba1214e23e8a
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_powerpc.deb
Size/MD5 checksum: 472200 5f73beffafb62d0c609a1065e162dbaa
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_powerpc.deb
Size/MD5 checksum: 31310 689f8d2507230afdc69b2d967ce6dfc7
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_s390.deb
Size/MD5 checksum: 41554 d03144f78dde41a7eb0c33ee63436429
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_s390.deb
Size/MD5 checksum: 621764 ac5f100d5a18b4088a00503ad7d27347
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_s390.deb
Size/MD5 checksum: 30430 9f8575a73fa04ca2920ed97d3d30960f
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_s390.deb
Size/MD5 checksum: 46690 219c0e56d1ae87c01d984ddce2f576b1
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_s390.deb
Size/MD5 checksum: 29332 e34057f02956439dcd2c1643153a4320
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_s390.deb
Size/MD5 checksum: 80556 9bf0f20909214d5433c8b6986bd86813
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_s390.deb
Size/MD5 checksum: 453712 471ce86c951154e00d8e5c6e78170915
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_sparc.deb
Size/MD5 checksum: 444208 7108e0818b726a16e46d0fa8c41b3b9b
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_sparc.deb
Size/MD5 checksum: 44412 7773d4a704d458419c50e49eb6c2148f
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_sparc.deb
Size/MD5 checksum: 29146 9a3e1df71ee09b5b55703673153232c5
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_sparc.deb
Size/MD5 checksum: 78156 63a833e7ebdb56c067e69aa1a3988ed1
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_sparc.deb
Size/MD5 checksum: 40312 040a74fe179460b0b175e29bc0de26a6
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_sparc.deb
Size/MD5 checksum: 583836 2e40b8be7ad912d86235bd6ff59aeb92
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_sparc.deb
Size/MD5 checksum: 30494 a17ba5f32a555022213133d909dc01aa
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHqJkNXm3vHE4uyloRAhQ8AJ9ulePBYeJ608Al2+w7dSywS5pu+ACfTVsN
QpjR1imAMhG+OyXuNysn60s=
=3NL+
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR6jkiCh9+71yA2DNAQL8CwP/S2nn8PC2goPZydpj3uOjT1F6vmXUMhPq
VOtULxNMK1lliJzLjTmOW9oO+67C/d7v/yI6MsMnBKbe9nRBj6WsPWlSHZhI38y7
iS/Z6c4K6Wuj9bC6ax7U48yMkWuQt0g6oCqH/QoFMUNmNO4Fu+hjPgPjNFr0ju1k
HGSy4Hma8YA=
=c0+T
-----END PGP SIGNATURE-----