Bug 530890 - CVE-2009-0791 CVE-2009-360{3,4,6,7,8,9} Multiple poppler vulnerabilities
CVE-2009-0791 CVE-2009-360{3,4,6,7,8,9} Multiple poppler vulnerabilities
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: poppler (Show other bugs)
rawhide
All Linux
high Severity high
: ---
: ---
Assigned To: Kristian Høgsberg
Fedora Extras Quality Assurance
http://fedoraproject.org/wiki/Securit...
: Security
Depends On:
Blocks: CVE-2009-0791/CVE-2009-3605 CVE-2009-3608 CVE-2009-3606 CVE-2009-3609 CVE-2009-3604 CVE-2009-3603 CVE-2009-3607
  Show dependency treegraph
 
Reported: 2009-10-25 17:16 EDT by Tomas Hoger
Modified: 2009-10-28 07:00 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-28 07:00:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
F-11 CVS diff (23.68 KB, patch)
2009-10-25 17:19 EDT, Tomas Hoger
no flags Details | Diff
F-10 CVS diff (23.46 KB, patch)
2009-10-25 17:20 EDT, Tomas Hoger
no flags Details | Diff
F-12 CVS diff (2.75 KB, patch)
2009-10-25 17:21 EDT, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2009-10-25 17:16:06 EDT
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in all affected branches.

For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.

	bug #526637: CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016)
	bug #526911: CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check
	bug #526915: CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow
	bug #526924: CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow
	bug #526877: CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow
	bug #526893: CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow
	bug #491840: CVE-2009-0791 xpdf: multiple integer overflows

When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available and only close this bug once all affected Fedora versions are fixed.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=526637,526911,526915,526924,526877,526893,491840
Comment 1 Tomas Hoger 2009-10-25 17:19:47 EDT
Created attachment 366044 [details]
F-11 CVS diff

Got some some smoke testing with both evince and okular.
Comment 2 Tomas Hoger 2009-10-25 17:20:37 EDT
Created attachment 366045 [details]
F-10 CVS diff

F10 backport
Comment 3 Tomas Hoger 2009-10-25 17:21:20 EDT
Created attachment 366046 [details]
F-12 CVS diff

upstream 0.12.1 is only missing 3607
Comment 4 Tomas Hoger 2009-10-28 07:00:56 EDT
Updates now in all current Fedora versions.  Thank you!

Note You need to log in before you can comment on or make changes to this bug.