USN631-1 : poppler vulnerability
|
|
Article ID: 33760
Last updated: 27 Jan, 2009
|
|
|
|
Views: 345
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
USN631-1 : poppler vulnerability |
|
| Ubuntu Security Notice (C) 2008 Canonical, Inc. / NASL script (C) 2008 Tenable Network Security, Inc. |
|
|
| Family | Ubuntu Local Security Checks |
| Plugin ID | 33760 |
| Bugtraq ID |
|
| CVE ID | CVE-2008-2950
|
|
| Description: |
Synopsis :
These remote packages are missing security patches :
- libpoppler-dev
- libpoppler-glib-dev
- libpoppler-glib2
- libpoppler-qt-dev
- libpoppler-qt2
- libpoppler-qt4-2
- libpoppler-qt4-dev
- libpoppler2
- poppler-utils
Description :
Felipe Andres Manzano discovered that poppler did not correctly initialize
certain page widgets. If a user were tricked into viewing a malicious
PDF file, a remote attacker could exploit this to crash applications
linked against poppler, leading to a denial of service.
Solution :
Upgrade to :
- libpoppler-dev-0.6.4-1ubuntu3.1 (Ubuntu 8.04)
- libpoppler-glib-dev-0.6.4-1ubuntu3.1 (Ubuntu 8.04)
- libpoppler-glib2-0.6.4-1ubuntu3.1 (Ubuntu 8.04)
- libpoppler-qt-dev-0.6.4-1ubuntu3.1 (Ubuntu 8.04)
- libpoppler-qt2-0.6.4-1ubuntu3.1 (Ubuntu 8.04)
- libpoppler-qt4-2-0.6.4-1ubuntu3.1 (Ubuntu 8.04)
- libpoppler-qt4-dev-0.6.4-1ubuntu3.1 (Ubuntu 8.04)
- libpoppler2-0.6.4-1ubuntu3.1 (Ubuntu 8.04)
- poppler-utils-0.6.4-1ubuntu3.1 (Ubuntu 8.04)
Risk factor : High
|
|
