Bug 490612 (CVE-2009-0146, CVE-2009-0195)
Summary: | CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | bressers, jnovy, jrb, kreilly, ltinkl, mjc, mkasik, osoukup, rvokal, security-response-team, than, twaugh, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-05-07 08:38:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 490707, 490708, 490710, 490711, 490712, 490713, 490714, 490715, 490716, 490717, 490727, 490728, 490729, 490730, 492384, 492385, 492386, 492387, 496942, 496943, 496944, 577322, 577323, 577328, 577329, 833914 | ||
Bug Blocks: | 491864 |
Description
Jan Lieskovsky
2009-03-17 10:18:30 UTC
attachment 336465 [details] has the updated patch that should be used for this issue.
Embargo has been lifted. xpdf-3.02-13.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/xpdf-3.02-13.fc9 xpdf-3.02-13.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/xpdf-3.02-13.fc10 cups-1.3.10-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/cups-1.3.10-1.fc9 cups-1.3.10-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/cups-1.3.10-1.fc10 cups-1.3.10-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. cups-1.3.10-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. xpdf-3.02-13.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. xpdf-3.02-13.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 3 Via RHSA-2009:0430 https://rhn.redhat.com/errata/RHSA-2009-0430.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0431 https://rhn.redhat.com/errata/RHSA-2009-0431.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0429 https://rhn.redhat.com/errata/RHSA-2009-0429.html This problem was independently discovered by Alin Rad Pop of Secunia Research and got assigned another CVE id: CVE-2009-0195 Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. http://secunia.com/secunia_research/2009-17/ http://secunia.com/secunia_research/2009-18/ This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:0458 https://rhn.redhat.com/errata/RHSA-2009-0458.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0480 https://rhn.redhat.com/errata/RHSA-2009-0480.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0399 https://rhn.redhat.com/errata/RHSA-2010-0399.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0400 https://rhn.redhat.com/errata/RHSA-2010-0400.html |