AXSA:2019-4277:01

Release date: 
Thursday, September 12, 2019 - 09:52
Subject: 
poppler-0.26.5-38.el7, evince-3.28.2-8.el7, okular-4.10.5-7.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.

Security Fix(es):

* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)

* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)

* poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)

* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)

* poppler: reachable abort in Object.h (CVE-2018-19058)

* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)

* poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)

* poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)

* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)

* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)

* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)

* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.7 Release Notes linked from the References section.

CVE-2018-16646
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
CVE-2018-18897
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
CVE-2018-19058
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
CVE-2018-19059
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
CVE-2018-19060
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
CVE-2018-19149
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVE-2018-20481
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
CVE-2018-20650
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
CVE-2018-20662
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
CVE-2019-7310
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
CVE-2019-9200

CVE-2019-9631
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
1. evince-3.28.2-8.el7.src.rpm
md5sum: a9cfc43e862e4d78100942dc35772663
sha256sum: 3b01843a2d823292af365714861fb4fc7dd6e67edbe26e7036a4078869fc69e4
Size: 3,355 Kb
2. okular-4.10.5-7.el7.src.rpm
md5sum: e6612c3f09b72ff1dcef83c8375888c5
sha256sum: 3106f5e5037243b2010933489c8b397d1fc22faa2afbca689068d97ec363da46
Size: 1,367 Kb
3. poppler-0.26.5-38.el7.src.rpm
md5sum: 932fb4d3cd2d6c342238c29650cf1708
sha256sum: eb897b2e0817efe3003d64105294c6382666a435d99d4f13f98fd0fc4d5a88ee
Size: 1,620 Kb

Asianux Server 7.0 for x86_64
1. evince-3.28.2-8.el7.x86_64.rpm
md5sum: 077045f264d6cc7b123c07de0e6550fe
sha256sum: 0f3a4fe47db9d777060fa721aff19abc74b62ac8c05ca4ebb88d59e6a7119eba
Size: 2,329 Kb
2. evince-dvi-3.28.2-8.el7.x86_64.rpm
md5sum: 244061b72dc6360349f8da68d64f2376
sha256sum: 757e8f5bda223ffa70916be439d53ac6a83b1856bf736444b72f3023c1049c64
Size: 95 Kb
3. evince-libs-3.28.2-8.el7.x86_64.rpm
md5sum: eda7fcbd2beb299987c8ec3b2530b934
sha256sum: 108a9b4c53987fc671469635a654881e26a1f59aaa3f619c78fecd59edb4297f
Size: 390 Kb
4. evince-nautilus-3.28.2-8.el7.x86_64.rpm
md5sum: 259ebe18da6994d918437bb3e7644a2b
sha256sum: 1455c367a1b8242f6be342fbf36abb5980eca0b0ac61fe4257e29e8fabe09133
Size: 41 Kb
5. evince-libs-3.28.2-8.el7.i686.rpm
md5sum: eb2c15765a560dd7d8e8f84e6bd0bd79
sha256sum: 80cf71f723d0d6fdc5568ac2218431b1755a32b7335bf205da4e09285eb00cc3
Size: 392 Kb
6. okular-4.10.5-7.el7.x86_64.rpm
md5sum: 17b9a127f7efbaeb339c7a692c488ed1
sha256sum: 7f6b4da98568112902a130edb35f52a5f97e51bac09a9445fa87f0dcfd7f175a
Size: 413 Kb
7. okular-devel-4.10.5-7.el7.x86_64.rpm
md5sum: 61ea046f43d065a37c39bd78477bec55
sha256sum: 3f7eae721d66c725069d8a959abc72c3ef89f8b66bb91154fe558d0ff9ee419b
Size: 48 Kb
8. okular-libs-4.10.5-7.el7.x86_64.rpm
md5sum: 6219b91168a4a7131e956f6c91a47bdc
sha256sum: fb54cf61c629b3628ce80445c781bc9704e73d0da8b99a590831144368909a9d
Size: 228 Kb
9. okular-part-4.10.5-7.el7.x86_64.rpm
md5sum: 563e1d48239a1ac6314c30b04a151136
sha256sum: 73986fc2010a97f37f5a772e18631c765c2cdd6f907ab0288e2f9fa6c4c3ad4f
Size: 839 Kb
10. okular-devel-4.10.5-7.el7.i686.rpm
md5sum: 66e0e956ece77ba69c4e694e72c2a315
sha256sum: 703e0b90b1d71dd7eef888809a4894c86abd24fdbd33f27d3a9da7efc9736b13
Size: 48 Kb
11. okular-libs-4.10.5-7.el7.i686.rpm
md5sum: a36ecd747dd1b6bc423be73704b73c05
sha256sum: e9983d36d90e7d22267782952f7c74bd82cdf8fd3a44dbd4301f1d4fd68dcf15
Size: 237 Kb
12. poppler-0.26.5-38.el7.x86_64.rpm
md5sum: 5f600fef9a722fb27c6126c5f9316622
sha256sum: 09cee0ac41662dc38279b9b0bb262aec9f60dbfb719382b4d50c0f83d92cbeda
Size: 785 Kb
13. poppler-glib-0.26.5-38.el7.x86_64.rpm
md5sum: c3e70384f22cf7f21c49151038f37092
sha256sum: 0f74415730d313b631004e6e41400e4874480a2010b72bbf8092777b4fee8185
Size: 139 Kb
14. poppler-qt-0.26.5-38.el7.x86_64.rpm
md5sum: 9ab3dedcd9773b511b648578ed37dcee
sha256sum: 01ba02a2fe68f1f71db67a92892a14e356ae2a2b060c0155f7e816ed3a90c04c
Size: 168 Kb
15. poppler-utils-0.26.5-38.el7.x86_64.rpm
md5sum: bb0b12ccdb36070f653766d6c39192ff
sha256sum: 34d59e022dc9f0f83215cf710c7e0525f8384a8c39b5e02ecf62abff2d52e2e3
Size: 169 Kb
16. poppler-0.26.5-38.el7.i686.rpm
md5sum: 560481e203fc9335e8257e5f17a8adc3
sha256sum: f6e1f9fe0d5b97e5aff0844cd97cd7a440841a83594ab0594372d047312b7dd9
Size: 781 Kb
17. poppler-glib-0.26.5-38.el7.i686.rpm
md5sum: 546fa547ed3d662cae0bf7ce2bb347c6
sha256sum: cbe76fd177a010b0f965d1d9e317001e63d2f8b8f357eff4e504c567a5b47c9c
Size: 139 Kb
18. poppler-qt-0.26.5-38.el7.i686.rpm
md5sum: 2a131bbdba15d6761ac0b39f9c1a1e78
sha256sum: f21d3559fee350f74626d6e64675cb5326b575c1f92194b4077f2b805ce62424
Size: 172 Kb
Copyright© 2007-2015 Asianux. All rights reserved.