poppler-0.5.4-4.4.14.0.1.AXS3
エラータID: AXSA:2010-461:02
リリース日:
2010/10/14 Thursday - 15:37
題名:
poppler-0.5.4-4.4.14.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2010-3702, CVE-2010-3704 の情報が公開されておりません。
CVEの情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-3702
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVE-2010-3704
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
追加情報:
N/A
ダウンロード:
SRPMS
- poppler-0.5.4-4.4.14.0.1.AXS3.src.rpm
MD5: 60eeba68c9e1b2c8b5546b0ba2e784d2
SHA-256: 804dbc40b28d050647cff22be3d23b37b1fb846ca8acdf375e04aca19ba3447f
Size: 3.48 MB
Asianux Server 3 for x86
- poppler-0.5.4-4.4.14.0.1.AXS3.i386.rpm
MD5: 023ad43e08d6a58df6641d4f725139a4
SHA-256: ac29d27193d374fc57267714e0573e8866b2e27420d7627cd8c18696cec66bd5
Size: 3.01 MB - poppler-utils-0.5.4-4.4.14.0.1.AXS3.i386.rpm
MD5: 802371326b7d3a8c0e135594fbaeb6ea
SHA-256: fff1e1012158cf5cfcfd870710c3a2070c38141ae9451a8ed8c6709fb6e95b42
Size: 73.24 kB
Asianux Server 3 for x86_64
- poppler-0.5.4-4.4.14.0.1.AXS3.x86_64.rpm
MD5: 8d27485ec47a8ff6aee6ff13c63c4c1a
SHA-256: 5dc6e8919cc6ec82f9b35ed5833dc6a6954264cb33c5da8770bc70daa2b06b90
Size: 3.03 MB - poppler-utils-0.5.4-4.4.14.0.1.AXS3.x86_64.rpm
MD5: 9ec15d73a7feb09560545feaf8b79bcc
SHA-256: b41bcc26f2b7b41ec7248c60be1f3e90831177e79f4efc10696b9a968474fe0b
Size: 76.15 kB