Bug 224448
Summary: | poppler appears to be hit by CVE-2007-0104 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michal Jaegermann <michal> | ||||
Component: | poppler | Assignee: | Kristian Høgsberg <krh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 9 | CC: | jonstanley, thoger, triage | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 | ||||||
Whiteboard: | bzcl34nup | ||||||
Fixed In Version: | poppler-0.5.9 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-08-01 10:06:06 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Michal Jaegermann
2007-01-25 19:13:03 UTC
Created attachment 146598 [details] patch for CVE-2007-0104 as applied to poppler Fedora apologizes that these issues have not been resolved yet. We're sorry it's taken so long for your bug to be properly triaged and acted on. We appreciate the time you took to report this issue and want to make sure no important bugs slip through the cracks. If you're currently running a version of Fedora Core between 1 and 6, please note that Fedora no longer maintains these releases. We strongly encourage you to upgrade to a current Fedora release. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained and closing them. http://fedoraproject.org/wiki/LifeCycle/EOL If this bug is still open against Fedora Core 1 through 6, thirty days from now, it will be closed 'WONTFIX'. If you can reporduce this bug in the latest Fedora version, please change to the respective version. If you are unable to do this, please add a comment to this bug requesting the change. Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we are following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again. And if you'd like to join the bug triage team to help make things better, check out http://fedoraproject.org/wiki/BugZappers I do not see in the current poppler changelog neither CVE-2007-0104 nor this bug number explicitely mentioned (there are later CVEs fixed though). Leaving that for a bug owner. This is against FC6, which will never be updated. Is this still currently an issue, or is that which you don't know? I just do not know. I would have to dig through a package code and I hoped that a package owner will know an answer right away (or if this is even applicable to the current poppler version). (Eh? Something ate half of my comment. Again.) I just do not know. I would have to dig through a package code and I hoped that a package owner will know an answer right away (or if this is even applicable to the current poppler version). Changelog for poppler-0.5.4-8.fc7 (the same code base) lists explicitely CVE-2007-3387 (#248194), CVE-2007-4352 (#345101), CVE-2007-5392 (#345111), CVE-2007-5393 (#345121) but for poppler-0.6.2-1.fc8 not even that. Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Michal, do you still believe this issue affects current versions of poppler as shipped in Fedora? Recent versions of xpdf and poppler seem to detect loops in page trees, so if you try to open MOAB-06-01-2007.pdf, you should get following error: Error: Loop in Pages tree instead of crash due to a stack memory exhaustion caused by a deep recursion. This check was added to poppler sources via sync with xpdf code base in the following commit: http://cgit.freedesktop.org/poppler/poppler/diff/poppler/Catalog.cc?id=bf7e0e980bf29994021cb1228f89f582adddf284 As you can see, it actually deprecates / removes previous check that used a fixed recursion limit. Loops should no longer be a problem. (I guess it may still be possible to create deep-enough tree that would cause stack memory exhaustion, but again, crash seems to be the only impact. If you are concerned, it's probably better to report it directly to upstream BZ.) Ok to close this bug? "do you still believe this issue affects current versions of poppler". It looks to me that notes in comment #8 show that this bug is indeed fixed and it should be closed. It still not clear from the above, nor from changelog, to which versions this may apply but I will leave that to "owners". Looking at the versions we had in Fedora, problem was present in 0.5.4. Loop detection is included in 0.5.9. Current stable Fedora versions are based on 0.6.2 (F-8) and 0.8.1 (F-9), hence include the fix. Btw: (In reply to comment #6) > Changelog for poppler-0.5.4-8.fc7 (the same code base) lists explicitely > CVE-2007-3387 (#248194), CVE-2007-4352 (#345101), > CVE-2007-5392 (#345111), CVE-2007-5393 (#345121) > but for poppler-0.6.2-1.fc8 not even that. IIRC, poppler was re-based to fixed upstream version in F-8 without fixes for those being mentioned in the RPM changelog. |