| |||||||||||||||||||
Pardus alert 2011-44 (poppler)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-44 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-14 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in poppler, which allows attackers to execute arbitrary commands with a specially crafted PDF file. Description =========== CVE-2010-4653: Due to an integer overflow when parsing CharCodes for fonts and a failure to check the return value of a memory allocation, it is possible to trigger writes to a narrow range of offsets from a NULL pointer. Affected packages: Pardus 2009: poppler, all before 0.10.7-34-9 Resolution ========== There are update(s) for poppler. You can update them via Package Manager or with a single command from console: pisi up poppler References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=16815 * http://comments.gmane.org/gmane.comp.security.oss.general... ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||