Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3674
[SECURITY] [DLA 1939-1] poppler security update
1 October 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: poppler
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-12493 CVE-2018-21009 CVE-2018-20650
Reference: ESB-2019.3467
ESB-2019.2987
ESB-2019.0187
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : poppler
Version : 0.26.5-2+deb8u11
CVE ID : CVE-2018-20650 CVE-2018-21009 CVE-2019-12493
Several issues in poppler, a PDF rendering library, have been fixed.
CVE-2018-20650
A missing check for the dict data type could lead to a denial of
service.
CVE-2018-21009
An integer overflow might happen in Parser::makeStream.
CVE-2019-12493
A stack-based buffer over-read by a crafted PDF file might happen in
PostScriptFunction::transform because some functions mishandle tint
transformation.
For Debian 8 "Jessie", these problems have been fixed in version
0.26.5-2+deb8u11.
We recommend that you upgrade your poppler packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2SZahfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeCDQ//flO9VHvtRUMFIHI81ru/pGWGKqaa9qOF6gF17EXYe/3Nx4CWykvNYgoC
XH72Vwt68II0VgGOAJDUDLIVn3Ao8wA1rDcNpb1GCg7dGlCLnZ00PMKVctfjm8UC
mUnN9avnyvJk7sUrOEIL4YJWpNObUfsRQ/IThnt+2Yh28p0s3GD2xTbz0S85nU+Q
mzhBIfUtYKJGQXUQhwzvBC9VttYNQodqNrveXRocbvmVlFL9+hvEGGrLurkDUU3H
oOQ9BxHsRUHi2B+PZywNfuM57BaQQFgnEbXOnTZu/3DBoYaObz+Rc3jvwtD9Q2f+
zdiqu5YGN6ZIeukqqFkfxM3DVnKdFkmhh4NIpQjFGm1LLF5i9HV5mYvqFBICy0jn
oStU2tUmumjCvjHkz3oSwepDHueDVqueIjR8fL4roXOKcI0uQXNGTPB8D4CteOml
rqveHH49eo680gevmKOpnx2Z6PgP0b7iMu6dnbNTt6s0dVLR2jFjO5bU6CbuZ6gg
J+OijBMYkpU4gdX3fg39Yu7pX/LQ50aD+3J1SqGHcA4R5FDYkH03p/L5nOSVnWYS
VP+Zu4zH1gbdZ53f1mDuzX4px5gM+06dDNE84K9gscCvnWOQXebSFjTCKeC2VvUZ
brL1c2TqOaPpeRpLOJO1Jl4fnGHvxnfIouMesVBUMsmnmG4PTb4=
=rfBY
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXZLE8GaOgq3Tt24GAQjEnw/+KTWLblaLMlehwuoNXc6+dkWkn8kUtIhy
LR+4Lxq47BLyL1cMtG7Cdc6jRCdnU5dt6jUW+cU7D6lpSeKyQGuqlYOIZfxslLuQ
wPCa4YZbFh5+UPDUpeoF4PQ8238FM+mzFZSB8nKZ67tkaM+E624SxKmSK35B16TP
TGlkRUL5KKnfBol4/7cioLd/UHkc9ESU3XzzfMDjlyGNjMeRB3SW/hNclxWoh/2o
d6tgE++GS2OBRPdOl0jojz/LFl+exJxLbhd4QdtNCIwpXgL55uw9Ves4TcGBIGdQ
esTOpH2J4KVCH5u9UPVo3XJmnkxZKmLbyGmOPH0CRvdhIw667SqyeIbaWA8Exl9b
mefT68LW5YrUP7lJIC1vzOZcghyypc/TinRF18qVnV2mVQaruoTxIu/43lnrdPQp
+WhtL+in4imOISZDUr//Pz8EkxeMKF6WrrV/PxOkTElNmXJ9vuFLIfcKyiY4WwSS
d2qS0S1KrPXQDrap2+fqs7yeUR7jl9n0HSYl16S1MG/uDHNtAujmPauaHjy9tlwv
CDT5Hj3SVDgBX33Gk1iMO2rd1MrqcDa3qFo/MAXyrwoOkd53Mv7mbkzqA/AGGaBg
2Z58KBbqcFeElm5I//hqf0ZLBisPviUJFUbnmm1mNWkvuZ075usP+ZdRkTbT6JLk
S+4VdmuBFc4=
=0waU
-----END PGP SIGNATURE-----