poppler-0.5.4-4.4.11.1AXS3
エラータID: AXSA:2009-413:02
リリース日:
2009/10/20 Tuesday - 13:36
題名:
poppler-0.5.4-4.4.11.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Poppler の SplashBitmap::SplashBitmap 関数には整数オーバーフローが存在し、リモートの攻撃者が巧妙に作られた PDF ドキュメントによってヒープベースバッファオーバーフローを発生させ、任意のコードを実行する可能性のある脆弱性があります。(CVE-2009-3603)
- Poppler の ObjectStream::ObjectStream 関数には整数オーバーフローが存在し、リモー
トの攻撃者が巧妙に作られた PDF ドキュメントによってヒープベースバッファオーバーフローを発生させ、任意のコードを実行する可能性のある脆弱性があります。(CVE-2009-3608)
- Poppler の ImageStream::ImageStream 関数には整数オーバーフローが存在し、リモートの攻撃者が巧妙に作られた PDF ドキュメントによってヌルポインタ参照あるいはバッファオーバーリードを発生させ、サービス拒否 (アプリケーションのクラッシュ) を引き起こす脆弱性があります。(CVE-2009-3609)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-3603
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
CVE-2009-3608
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2009-3609
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
追加情報:
N/A
ダウンロード:
SRPMS
- poppler-0.5.4-4.4.11.1AXS3.src.rpm
MD5: 457160e695b6159a267a0e5344b7e5d6
SHA-256: d7d50f72134d1806afeae457a95e579de3db67a821bce52824b18daddad39b71
Size: 3.47 MB
Asianux Server 3 for x86
- poppler-0.5.4-4.4.11.1AXS3.i386.rpm
MD5: 3d03d1b70556a001b7e9a4b5a2c73215
SHA-256: 6f16f122084a39be9b0f49aa9d362d3f631693406217eaa087fd2b783a0b4393
Size: 3.01 MB - poppler-utils-0.5.4-4.4.11.1AXS3.i386.rpm
MD5: 77e432e1ccd0fc00024aa9fcc3edc9f8
SHA-256: cf2e6698d8e6265b41e10cb8f917aa48705ce80916f081df5184422f032b9878
Size: 72.61 kB
Asianux Server 3 for x86_64
- poppler-0.5.4-4.4.11.1AXS3.x86_64.rpm
MD5: be93b5f9555220ef6658d860e6ca10d9
SHA-256: 5dc1a7cde554a4231b54e4bc521da550640a26a71ca003bfafe95c34e25d613f
Size: 3.03 MB - poppler-utils-0.5.4-4.4.11.1AXS3.x86_64.rpm
MD5: b635fd9113cc5d2bb77c7571fe29caf4
SHA-256: 40d47b37026ac9cf726d78462d70ced8b7d654c3fbd18de8d89736394b36c0da
Size: 75.63 kB