Ubuntu alert USN-2958-1 (poppler)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-2958-1] poppler vulnerabilities | |
| Date: | Mon, 2 May 2016 13:43:41 -0400 | |
| Message-ID: | <572791CD.209@canonical.com> |
========================================================================== Ubuntu Security Notice USN-2958-1 May 02, 2016 poppler vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: poppler could be made to crash or run programs if it opened a specially crafted file. Software Description: - poppler: PDF rendering library Details: It was discovered that the poppler pdfseparate tool incorrectly handled certain filenames. A local attacker could use this issue to cause the tool to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473, CVE-2013-4474) It was discovered that poppler incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2015-8868) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libpoppler-cpp0 0.33.0-0ubuntu3.1 libpoppler-glib8 0.33.0-0ubuntu3.1 libpoppler-qt4-4 0.33.0-0ubuntu3.1 libpoppler-qt5-1 0.33.0-0ubuntu3.1 libpoppler52 0.33.0-0ubuntu3.1 poppler-utils 0.33.0-0ubuntu3.1 Ubuntu 14.04 LTS: libpoppler-cpp0 0.24.5-2ubuntu4.4 libpoppler-glib8 0.24.5-2ubuntu4.4 libpoppler-qt4-4 0.24.5-2ubuntu4.4 libpoppler-qt5-1 0.24.5-2ubuntu4.4 libpoppler44 0.24.5-2ubuntu4.4 poppler-utils 0.24.5-2ubuntu4.4 Ubuntu 12.04 LTS: libpoppler-cpp0 0.18.4-1ubuntu3.2 libpoppler-glib8 0.18.4-1ubuntu3.2 libpoppler-qt4-3 0.18.4-1ubuntu3.2 libpoppler19 0.18.4-1ubuntu3.2 poppler-utils 0.18.4-1ubuntu3.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2958-1 CVE-2013-4473, CVE-2013-4474, CVE-2015-8868 Package Information: https://launchpad.net/ubuntu/+source/poppler/0.33.0-0ubun... https://launchpad.net/ubuntu/+source/poppler/0.24.5-2ubun... https://launchpad.net/ubuntu/+source/poppler/0.18.4-1ubun... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...