Univention Bugzilla – Bug 48935
poppler: Multiple issues (4.2)
Last modified: 2019-03-13 15:14:52 CET
New Debian poppler 0.26.5-2+deb8u8 fixes: This update addresses the following issues: * reachable abort in Object.h (CVE-2018-19058) * NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) * SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662) * heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/poppler_0.26.5-2+deb8u7.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/poppler_0.26.5-2+deb8u8.dsc @@ -1,3 +1,30 @@ +0.26.5-2+deb8u8 [Fri, 08 Mar 2019 19:09:06 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2018-19058: + A reachable abort in Object.h will lead to denial of service because + EmbFile::save2 in FileSpec.cc lacks a stream check before saving an + embedded file. + * Fix CVE-2018-20481: + Poppler mishandles unallocated XRef entries, which allows remote attackers + to cause a denial-of-service (NULL pointer dereference) via a crafted PDF + document. + * Fix CVE-2018-20662: + Poppler allows attackers to cause a denial-of-service (application crash + and segmentation fault by crafting a PDF file in which an xref data + structure is corrupted. + * Fix CVE-2019-7310: + A heap-based buffer over-read (due to an integer signedness error in the + XRef::getEntry function in XRef.cc) allows remote attackers to cause a + denial of service (application crash) or possibly have unspecified other + impact via a crafted PDF document. + * Fix CVE-2019-9200: + A heap-based buffer underwrite exists in ImageStream::getLine() located at + Stream.cc that can (for example) be triggered by sending + a crafted PDF file to the pdfimages binary. It allows an attacker to cause + denial-of-service (segmentation fault) or possibly have unspecified other + impact. + 0.26.5-2+deb8u7 [Wed, 12 Dec 2018 15:55:59 +0100] Mike Gabriel <sunweaver@debian.org>: * Non-maintainer upload by the LTS Team. <http://10.200.17.11/4.2-5/#927725818538961112>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 8804fbdb4d Bug #48935: poppler 0.26.5-2+deb8u8 doc/errata/staging/poppler.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [4.2-5] 34edb72b29 Bug #48935: poppler 0.26.5-2+deb8u8 doc/errata/staging/poppler.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<http://errata.software-univention.de/ucs/4.2/613.html>