[SECURITY] [DLA 1116-1] poppler security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1116-1] poppler security update
From: Markus Koschany <apo@debian.org>
Date: Wed, 27 Sep 2017 22:57:03 +0200
Message-id: <[🔎] 81d67ebc-9192-6c60-a8fc-529ae9665d48@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : poppler
Version        : 0.18.4-6+deb7u3
CVE ID         : CVE-2017-14517 CVE-2017-14519 CVE-2017-14617
Debian Bug     : 876086 876385 876079

It was discovered that poppler, a PDF rendering library, was affected
by several denial-of-service (application crash), null pointer
dereferences and memory corruption bugs:

CVE-2017-14517
    NULL Pointer Dereference in the XRef::parseEntry() function in
    XRef.cc

CVE-2017-14519
    Memory corruption occurs in a call to Object::streamGetChar that
    may lead to a denial of service or other unspecified impact.

CVE-2017-14617
    Potential buffer overflow in the ImageStream class in Stream.cc,
    which may lead to a denial of service or other unspecified impact.

For Debian 7 "Wheezy", these problems have been fixed in version
0.18.4-6+deb7u3.

We recommend that you upgrade your poppler packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlnMEJ9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSlgw/+JPy4ynnGh1DL/387Mn2nIfnRXoMrtUJXMiu3bRfijwgL1vmIzPYS91Ch
QXTdwml8PvnoCl69Pi0QJl3vvKQwJzIS/hG2pxzpHIBoc5thvMJy4rCpCGqs1WoL
VVGqVOWMdmCEjVmFYe72uqtgdpO6bnVYazxEcsiPVEJTql/g7oV3OwCp2cfnKLC4
GAl8kfauBO7p7/wvYkCAinMaIAevIBFrqUsz++XjGjwcCjFpgzJIeVe5usjGoZiv
iYEAr3uUODtQ89VJbDMhXgo+pPRxsAyj1m5YBP9qex7TBB2d4llMkh3WO4dDQL3Y
EuoOg/vjul4rVlkc4ktjuuFeF54Sg2P691QOlnInXrAOVK2YtDVxV1NuL+0USSky
w/eSmTvaBhQ1E7rNdkATbjf/35u/eSu3FeNk4j+4BDslzhQbjzssG2TMVV3tdaib
iyS+Sbm/rYidA5ertClOICpPIztilCpHOu21CkjwVJrtq1Pbi+0wBrA91gD1cg7/
vxcGcD/G6mm6JLYt/5pIKBs3aloMwDZPBPxKvjhcyCuK9kGghJIsgrGnNRuU5Oq3
SsmTO4hvxZrgYw+ERR6yWH0M9IxIfUPcLAd13tduod9BzC556+1dCDPY00wq+SeP
yeolypgAPh6ID0nlQ3khUOWH4mDPyodm9dHupwz5GJhsZv4huU0=
=YSAm
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1115-1] debsecan update
Next by Date: [SECURITY] [DLA 1117-1] opencv security update
Previous by thread: [SECURITY] [DLA 1115-1] debsecan update
Next by thread: [SECURITY] [DLA 1117-1] opencv security update
Index(es):
- Date
- Thread