Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3674 [SECURITY] [DLA 1939-1] poppler security update 1 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: poppler Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-12493 CVE-2018-21009 CVE-2018-20650 Reference: ESB-2019.3467 ESB-2019.2987 ESB-2019.0187 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : poppler Version : 0.26.5-2+deb8u11 CVE ID : CVE-2018-20650 CVE-2018-21009 CVE-2019-12493 Several issues in poppler, a PDF rendering library, have been fixed. CVE-2018-20650 A missing check for the dict data type could lead to a denial of service. CVE-2018-21009 An integer overflow might happen in Parser::makeStream. CVE-2019-12493 A stack-based buffer over-read by a crafted PDF file might happen in PostScriptFunction::transform because some functions mishandle tint transformation. For Debian 8 "Jessie", these problems have been fixed in version 0.26.5-2+deb8u11. We recommend that you upgrade your poppler packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2SZahfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeCDQ//flO9VHvtRUMFIHI81ru/pGWGKqaa9qOF6gF17EXYe/3Nx4CWykvNYgoC XH72Vwt68II0VgGOAJDUDLIVn3Ao8wA1rDcNpb1GCg7dGlCLnZ00PMKVctfjm8UC mUnN9avnyvJk7sUrOEIL4YJWpNObUfsRQ/IThnt+2Yh28p0s3GD2xTbz0S85nU+Q mzhBIfUtYKJGQXUQhwzvBC9VttYNQodqNrveXRocbvmVlFL9+hvEGGrLurkDUU3H oOQ9BxHsRUHi2B+PZywNfuM57BaQQFgnEbXOnTZu/3DBoYaObz+Rc3jvwtD9Q2f+ zdiqu5YGN6ZIeukqqFkfxM3DVnKdFkmhh4NIpQjFGm1LLF5i9HV5mYvqFBICy0jn oStU2tUmumjCvjHkz3oSwepDHueDVqueIjR8fL4roXOKcI0uQXNGTPB8D4CteOml rqveHH49eo680gevmKOpnx2Z6PgP0b7iMu6dnbNTt6s0dVLR2jFjO5bU6CbuZ6gg J+OijBMYkpU4gdX3fg39Yu7pX/LQ50aD+3J1SqGHcA4R5FDYkH03p/L5nOSVnWYS VP+Zu4zH1gbdZ53f1mDuzX4px5gM+06dDNE84K9gscCvnWOQXebSFjTCKeC2VvUZ brL1c2TqOaPpeRpLOJO1Jl4fnGHvxnfIouMesVBUMsmnmG4PTb4= =rfBY - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXZLE8GaOgq3Tt24GAQjEnw/+KTWLblaLMlehwuoNXc6+dkWkn8kUtIhy LR+4Lxq47BLyL1cMtG7Cdc6jRCdnU5dt6jUW+cU7D6lpSeKyQGuqlYOIZfxslLuQ wPCa4YZbFh5+UPDUpeoF4PQ8238FM+mzFZSB8nKZ67tkaM+E624SxKmSK35B16TP TGlkRUL5KKnfBol4/7cioLd/UHkc9ESU3XzzfMDjlyGNjMeRB3SW/hNclxWoh/2o d6tgE++GS2OBRPdOl0jojz/LFl+exJxLbhd4QdtNCIwpXgL55uw9Ves4TcGBIGdQ esTOpH2J4KVCH5u9UPVo3XJmnkxZKmLbyGmOPH0CRvdhIw667SqyeIbaWA8Exl9b mefT68LW5YrUP7lJIC1vzOZcghyypc/TinRF18qVnV2mVQaruoTxIu/43lnrdPQp +WhtL+in4imOISZDUr//Pz8EkxeMKF6WrrV/PxOkTElNmXJ9vuFLIfcKyiY4WwSS d2qS0S1KrPXQDrap2+fqs7yeUR7jl9n0HSYl16S1MG/uDHNtAujmPauaHjy9tlwv CDT5Hj3SVDgBX33Gk1iMO2rd1MrqcDa3qFo/MAXyrwoOkd53Mv7mbkzqA/AGGaBg 2Z58KBbqcFeElm5I//hqf0ZLBisPviUJFUbnmm1mNWkvuZ075usP+ZdRkTbT6JLk S+4VdmuBFc4= =0waU -----END PGP SIGNATURE-----