- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LRH
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: poppler security update
Advisory ID: RHSA-2019:2713-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2713
Issue date: 2019-09-10
CVE Names: CVE-2018-18897 CVE-2018-20481 CVE-2018-20551
CVE-2018-20650 CVE-2018-20662 CVE-2019-7310
CVE-2019-9200 CVE-2019-9631 CVE-2019-9903
CVE-2019-9959 CVE-2019-10871 CVE-2019-12293
=====================================================================
1. Summary:
An update for poppler is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) – aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) – aarch64, ppc64le, s390x, x86_64
3. Description:
Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.
Security Fix(es):
* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc
(CVE-2019-7310)
* poppler: heap-based buffer overflow in function ImageStream::getLine() in
Stream.cc (CVE-2019-9200)
* poppler: heap-based buffer over-read in function
PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)
* poppler: heap-based buffer over-read in JPXStream::init in
JPEG2000Stream.cc (CVE-2019-12293)
* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc
(CVE-2018-18897)
* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc
(CVE-2018-20481)
* poppler: reachable Object::getString assertion in AnnotRichMedia class in
Annot.c (CVE-2018-20551)
* poppler: reachable Object::dictLookup assertion in FileSpec class in
FileSpec.cc (CVE-2018-20650)
* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)
* poppler: heap-based buffer over-read in function
downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)
* poppler: stack consumption in function Dict::find() in Dict.cc
(CVE-2019-9903)
* poppler: integer overflow in JPXStream::init function leading to memory
consumption (CVE-2019-9959)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1646546 – CVE-2018-18897 poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc
1665259 – CVE-2018-20551 poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c
1665263 – CVE-2018-20650 poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc
1665266 – CVE-2018-20481 poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc
1665273 – CVE-2018-20662 poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc
1672419 – CVE-2019-7310 poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc
1683632 – CVE-2019-9200 poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc
1686802 – CVE-2019-9631 poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc
1691724 – CVE-2019-9903 poppler: stack consumption in function Dict::find() in Dict.cc
1696636 – CVE-2019-10871 poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc
1713582 – CVE-2019-12293 poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc
1732340 – CVE-2019-9959 poppler: integer overflow in JPXStream::init function leading to memory consumption
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
poppler-0.66.0-11.el8_0.12.src.rpm
aarch64:
poppler-0.66.0-11.el8_0.12.aarch64.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
poppler-debugsource-0.66.0-11.el8_0.12.aarch64.rpm
poppler-glib-0.66.0-11.el8_0.12.aarch64.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
poppler-utils-0.66.0-11.el8_0.12.aarch64.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
ppc64le:
poppler-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-debugsource-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-glib-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-utils-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
s390x:
poppler-0.66.0-11.el8_0.12.s390x.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
poppler-debugsource-0.66.0-11.el8_0.12.s390x.rpm
poppler-glib-0.66.0-11.el8_0.12.s390x.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
poppler-utils-0.66.0-11.el8_0.12.s390x.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
x86_64:
poppler-0.66.0-11.el8_0.12.i686.rpm
poppler-0.66.0-11.el8_0.12.x86_64.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
poppler-debugsource-0.66.0-11.el8_0.12.i686.rpm
poppler-debugsource-0.66.0-11.el8_0.12.x86_64.rpm
poppler-glib-0.66.0-11.el8_0.12.i686.rpm
poppler-glib-0.66.0-11.el8_0.12.x86_64.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
poppler-utils-0.66.0-11.el8_0.12.x86_64.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
poppler-cpp-0.66.0-11.el8_0.12.aarch64.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
poppler-cpp-devel-0.66.0-11.el8_0.12.aarch64.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
poppler-debugsource-0.66.0-11.el8_0.12.aarch64.rpm
poppler-devel-0.66.0-11.el8_0.12.aarch64.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
poppler-glib-devel-0.66.0-11.el8_0.12.aarch64.rpm
poppler-qt5-0.66.0-11.el8_0.12.aarch64.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
poppler-qt5-devel-0.66.0-11.el8_0.12.aarch64.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.aarch64.rpm
ppc64le:
poppler-cpp-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-cpp-devel-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-debugsource-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-devel-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-glib-devel-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-qt5-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-qt5-devel-0.66.0-11.el8_0.12.ppc64le.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.ppc64le.rpm
s390x:
poppler-cpp-0.66.0-11.el8_0.12.s390x.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
poppler-cpp-devel-0.66.0-11.el8_0.12.s390x.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
poppler-debugsource-0.66.0-11.el8_0.12.s390x.rpm
poppler-devel-0.66.0-11.el8_0.12.s390x.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
poppler-glib-devel-0.66.0-11.el8_0.12.s390x.rpm
poppler-qt5-0.66.0-11.el8_0.12.s390x.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
poppler-qt5-devel-0.66.0-11.el8_0.12.s390x.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.s390x.rpm
x86_64:
poppler-cpp-0.66.0-11.el8_0.12.i686.rpm
poppler-cpp-0.66.0-11.el8_0.12.x86_64.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-cpp-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
poppler-cpp-devel-0.66.0-11.el8_0.12.i686.rpm
poppler-cpp-devel-0.66.0-11.el8_0.12.x86_64.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
poppler-debugsource-0.66.0-11.el8_0.12.i686.rpm
poppler-debugsource-0.66.0-11.el8_0.12.x86_64.rpm
poppler-devel-0.66.0-11.el8_0.12.i686.rpm
poppler-devel-0.66.0-11.el8_0.12.x86_64.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-glib-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
poppler-glib-devel-0.66.0-11.el8_0.12.i686.rpm
poppler-glib-devel-0.66.0-11.el8_0.12.x86_64.rpm
poppler-qt5-0.66.0-11.el8_0.12.i686.rpm
poppler-qt5-0.66.0-11.el8_0.12.x86_64.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-qt5-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
poppler-qt5-devel-0.66.0-11.el8_0.12.i686.rpm
poppler-qt5-devel-0.66.0-11.el8_0.12.x86_64.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.i686.rpm
poppler-utils-debuginfo-0.66.0-11.el8_0.12.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-18897
https://access.redhat.com/security/cve/CVE-2018-20481
https://access.redhat.com/security/cve/CVE-2018-20551
https://access.redhat.com/security/cve/CVE-2018-20650
https://access.redhat.com/security/cve/CVE-2018-20662
https://access.redhat.com/security/cve/CVE-2019-7310
https://access.redhat.com/security/cve/CVE-2019-9200
https://access.redhat.com/security/cve/CVE-2019-9631
https://access.redhat.com/security/cve/CVE-2019-9903
https://access.redhat.com/security/cve/CVE-2019-9959
https://access.redhat.com/security/cve/CVE-2019-10871
https://access.redhat.com/security/cve/CVE-2019-12293
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXXi/19zjgjWX9erEAQiPdw/+LtA/G5SgnDzFpdhpxOa9X+noX5a+2dXO
Qiheg9ozVvajD+4qp2dUwq2r53dLH0tDeCt6wl0YIvUmfE3+UBPIuJG7ijD5GVg5
p+PdxeGm9NcpusPTLn3c2pkxW7XM6emrd/l+7ImmTvqaCeug8nEp5PVXuYSYajC1
gxvKxWq170qmiRBTC7ONzQy3cPWRliDZvw4ELtriuzXNveiur5+eBX1kcp5jCKhR
rjQvXLVgnng62+xUX5fsBVf1DjJ0Elg8n3Uo7kbC1AhlmhuEHLD1seyYWRQYoIM3
NCfwY+wu+rxHVXnr1k85OJZfWDK91qKScm61AZin1jsNu6H5NDTmbCn9mbZWw6RN
G9xm+GbRC+bdv5bqAsVRZTC1+LRXexvE3QbmQIX3iqdNOlE8dFjWChpUBdzxGppA
pNBm4boBMz45UVbZT0oC1A3sZfpNpKO7LkZZsNxRKBaUvbahTNIU/eYj9g2IdKoc
7mqYKRg95TugEThs1v+ie2zEJR5aLTbHKXplhiBKwoYhTlkZ3+ke61zkFm/jm9eZ
PwutkfaXhExPbt0ph9HxkxmersNNJii0AYt8c37oRBPBEvnl6yy3i79Y2ds51wdo
+qTH0WHlwVpL50PMGMl7yXyw9CraIc1GDDOAHJbc+y7VbCJ5Cu3QCX802ql48i79
57WGrb+WGyE=
=T3jS
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| Autor | Zvonimir Bosnjak |
| Cert id | NCERT-REF-2019-09-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
