Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilitie

From Moritz Muehlenhoff@1:229/2 to All on Wed Nov 25 23:40:02 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1941-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 25, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : poppler
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0755 CVE-2009-3903 CVE-2009-3904 CVE-2009-3905 CVE-2009-3906 CVE-2009-3907 CVE-2009-3908 CVE-2009-3909 CVE-2009-3938

Several integer overflows, buffer overflows and memory allocation
errors were discovered in the Poppler PDF rendering library, which may
lead to denial of service or the execution of arbitrary code if a user
is tricked into opening a malformed PDF document.

For the stable distribution (lenny), these problems have been fixed in
version 0.8.7-3.

An update for the old stable distribution (etch) will be issued soon as
version 0.4.5-5.1etch4.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your poppler packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7.orig.tar.gz
Size/MD5 checksum: 1469587 9af81429d6f8639c357a5eed25583365
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-3.diff.gz
Size/MD5 checksum: 23304 55a0a858e65401534120b10b08c62256
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-3.dsc
Size/MD5 checksum: 1481 4e0f8c954b0f7072d868b03da79799c7

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_alpha.deb
Size/MD5 checksum: 1334790 adc6ceeb368e0d4feebdf8163e2281e4
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_alpha.deb
Size/MD5 checksum: 196974 20d4df914f08ed2ccef0859dadcff863
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_alpha.deb
Size/MD5 checksum: 234664 f330cdb0bf1ee9001edb92677ff2d94d
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_alpha.deb
Size/MD5 checksum: 180372 701c9f92558359ec676ac7ed8c402abc
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_alpha.deb
Size/MD5 checksum: 220194 74703001f5c2588a415a53e0e61db107
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_alpha.deb
Size/MD5 checksum: 452496 45ec03d58a9b33c941625d29ea726514
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_alpha.deb
Size/MD5 checksum: 329740 9b5b796f66136fccdd68ee2fb4410239
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_alpha.deb
Size/MD5 checksum: 891178 06d13d1837a263952327b5e1910bb049
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_alpha.deb
Size/MD5 checksum: 302962 343524216b65fad03cf7292183ad4760
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_alpha.deb
Size/MD5 checksum: 3204196 077162dc4649e5e4e8e049e72ab2421c

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_amd64.deb
Size/MD5 checksum: 232070 24aa1dea8c17e539aacc23f5ca2ff683
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_amd64.deb
Size/MD5 checksum: 358464 8b52ef334b17065d7355c1f944407e3f
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_amd64.deb
Size/MD5 checksum: 3148528 fdaa186b15cd2ff806d3e69f9924b792
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_amd64.deb
Size/MD5 checksum: 178226 4b9ae48661be12327e3dc8f79f6cbd5f
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_amd64.deb
Size/MD5 checksum: 840192 690949b3a40aa59f1b2952cd48dea805
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_amd64.deb
Size/MD5 checksum: 1118416 34453c3ec346cc34b4ef94774d9bd975
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_amd64.deb
Size/MD5 checksum: 184820 3fc994f62c6e4f5c5615e48b5591574c
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_amd64.deb
Size/MD5 checksum: 313712 2f16ec788446b18a6ce0313ff233552b
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_amd64.deb
Size/MD5 checksum: 217370 51b12c5a9b716bef3cd8a5d29b4ac652
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_amd64.deb
Size/MD5 checksum: 274990 0f168bd7e2f0f201c4f1b5436c252987

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_arm.deb
Size/MD5 checksum: 1096672 01910f32db12361cf60f109f986f1324
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_arm.deb
Size/MD5 checksum: 341724 4795d7bae33531c80bb14fc51e8c9952
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_arm.deb
Size/MD5 checksum: 226514 2d2f7ab236403d3a7040aa09e7832b1c
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_arm.deb
Size/MD5 checksum: 389880 8a6b100417108055bf4dc1d40d77fa8b

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH
- Michal Wronka
  Thu Jun 4 23:13:51 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	142:13:35
Calls:	12,088
Calls today:	1
Files:	14,998
Messages:	6,517,451

[SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilitie

Who's Online

Recent Visitors

System Info