USN-2958-1: poppler vulnerabilities

Ubuntu Security Notice USN-2958-1

2nd May, 2016

poppler vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

poppler could be made to crash or run programs if it opened a specially
crafted file.

Software description

  • poppler
    – PDF rendering library

Details

It was discovered that the poppler pdfseparate tool incorrectly handled
certain filenames. A local attacker could use this issue to cause the tool
to crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473,
CVE-2013-4474)

It was discovered that poppler incorrectly parsed certain malformed PDF
documents. If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial of service or possibly
execute arbitrary code with privileges of the user invoking the program.
(CVE-2015-8868)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
poppler-utils

0.33.0-0ubuntu3.1
libpoppler-cpp0

0.33.0-0ubuntu3.1
libpoppler-glib8

0.33.0-0ubuntu3.1
libpoppler-qt5-1

0.33.0-0ubuntu3.1
libpoppler-qt4-4

0.33.0-0ubuntu3.1
libpoppler52

0.33.0-0ubuntu3.1
Ubuntu 14.04 LTS:
poppler-utils

0.24.5-2ubuntu4.4
libpoppler-qt4-4

0.24.5-2ubuntu4.4
libpoppler44

0.24.5-2ubuntu4.4
libpoppler-glib8

0.24.5-2ubuntu4.4
libpoppler-cpp0

0.24.5-2ubuntu4.4
libpoppler-qt5-1

0.24.5-2ubuntu4.4
Ubuntu 12.04 LTS:
libpoppler-glib8

0.18.4-1ubuntu3.2
libpoppler-cpp0

0.18.4-1ubuntu3.2
libpoppler-qt4-3

0.18.4-1ubuntu3.2
libpoppler19

0.18.4-1ubuntu3.2
poppler-utils

0.18.4-1ubuntu3.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-4473,

CVE-2013-4474,

CVE-2015-8868

Leave a Reply