You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa poppler

Sigurnosni nedostaci programskog paketa poppler

==========================================================================
Ubuntu Security Notice USN-4646-1
November 25, 2020

poppler vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in poppler.

Software Description:
– poppler: PDF rendering library

Details:

It was discovered that Poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.11
poppler-utils 0.62.0-2ubuntu2.11

Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.15
poppler-utils 0.41.0-0ubuntu1.15

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4646-1
CVE-2018-21009, CVE-2019-10871, CVE-2019-13283, CVE-2019-9959,
CVE-2020-27778

Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.11
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.15

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl++qRMACgkQZWnYVadE
vpNE/w//UQIbcjKPUxdJRFsfP3HNwYaQCJBxDhLvyoLeGZNAJNh5gluOogOYXETQ
j9ATn/4+aIIZ6p1H7PGlzh09nMSlhNmSlV7oyPad4z7/M5Bj77R1HP417wzwLBEd
X5EMIDzy5NRzzgflSf0ccfScawl31/6Kft8kfCa9DGEHk/o05B4CdYfSqZr2c8do
/K4TPsIdGIst12xC+ujrOcHZhoL/O4YGkqyurHAeF1osWvTm5Nohd8kB2AQph/+Y
1qhM1vRAz+5ZH/5YeBRJRiw4jhBCLfDnU7xXzB2cyzOvuA+ON49/SIglwb0NTkzd
mn1jH3d8hq3CZr6Bh9OYyqhHIsOutgG2NS1Bj0SqyeETvHomUjU8GqwBIdt0z5aO
YtoplTNCqNX6oO8Arzm3pAoDC6Bb+BGA7nyY/evKY1kw9TNvczOWZmh5jedGXExw
kQ4W1ZBwaNZudC76rnWJYJZXRy5QkIgmm/a9PlfhNLmiGfzMQ5kdsiWrbVH2RuLn
kgluWcOACYgRfTtftdvgeFKOGv0zrX9BC6ExxI+eC1m1l0U5+s+0e4yb0mJlKSDt
lnk24JV55XyLyvLU2DTVryygz9qdm9mu0t7h8oN9ChjtEi8eiLftwmE928m/HZAp
4nKcprBEzbIQ83dyHeK0Eh6ZgZ9HK/OdVmsc5r7pHtlVkxhfE7M=
=mhI9
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4646-2
November 26, 2020

poppler regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

USN-4646-1 introduced a regression in poppler.

Software Description:
– poppler: PDF rendering library

Details:

USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871
introduced a regression causing certain applications linked against poppler
to fail. This update backs out the fix pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.12
poppler-utils 0.62.0-2ubuntu2.12

Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.16
poppler-utils 0.41.0-0ubuntu1.16

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4646-2
https://usn.ubuntu.com/4646-1
https://launchpad.net/bugs/1905741

Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.12
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.16

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/ABN0ACgkQZWnYVadE
vpM+Vw//bpNM0iu/fR/E2vtOPYhQO6tjFOwuZ+aBPrngr+UmGn9qC1MB5ESpjYZ8
5Jzwv5/XSW3zYg6ROOClpgp8XRh42PB8qnqoBhJDKRcg65jjQbITJjD4fmtyxjzh
b7X7OsTpsHtiQhLVsFNWxlbzVyZaZ2Cwd4/PkP3oVeLJSMXQVwI04fMx/EIoqe+Q
GOly1+yQPImiDo9aopTTKcEICvxtS+iDXeNi58Z1VJskcvvQ8/Qol8tEfdVOUapI
KAD+cpN0j74L2vj8PphQtHVLiJTfRET0BuV2nUizDaIiH4G3b07RHk4ik9jl6JIB
hxH1Xh0F7XNRc21rOoLmtN2dQ6XyEzGXcq850iqrjWUesyNH8Dpmfv0Vod4wfY7B
tX0Srwh2zeVBdF5pmbWSGTLeMrJpL4pK/ABiT96ee/tlCM15MYKbEGgAYHiBcL7y
XXgnn10fQ2Br4bBqlNfWVrft4wfwAHSdZUQQXHIN6aPU6Ddygz3AkI+NFAbR8APP
gnVSLX2DG5ZxzgNNboNJAWyO6ued77oNh3y/kFkzwrVi6+/WhZ03vEs8l1SVLzVT
NpDzeib+ABRWeS3DRnWCE26XuMfOGIbrPX5hKsa6AKU0d7pQy6lUWKE1iMc97mBJ
PR7qRm6FpqWUN77IVYOvNuiwT7Tmi2+lKHuomR3RGekkQYbuGKA=
=r6VB
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa libxml2

Otkriven je sigurnosni nedostatak programske biblioteke libxml2 za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog koda....

Close