| Resumen: | The remote host is missing updates announced in;advisory RHSA-2009:0480.;;Poppler is a Portable Document Format (PDF) rendering library, used by;applications such as Evince.;;Multiple integer overflow flaws were found in poppler. An attacker could;create a malicious PDF file that would cause applications that use poppler;(such as Evince) to crash or, potentially, execute arbitrary code when;opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188);;Multiple buffer overflow flaws were found in poppler's JBIG2 decoder. An;attacker could create a malicious PDF file that would cause applications;that use poppler (such as Evince) to crash or, potentially, execute;arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182);;Multiple flaws were found in poppler's JBIG2 decoder that could lead to the;freeing of arbitrary memory. An attacker could create a malicious PDF file;that would cause applications that use poppler (such as Evince) to crash;or, potentially, execute arbitrary code when opened. (CVE-2009-0166,;CVE-2009-1180);;Multiple input validation flaws were found in poppler's JBIG2 decoder. An;attacker could create a malicious PDF file that would cause applications;that use poppler (such as Evince) to crash or, potentially, execute;arbitrary code when opened. (CVE-2009-0800);;Multiple denial of service flaws were found in poppler's JBIG2 decoder. An;attacker could create a malicious PDF file that would cause applications;that use poppler (such as Evince) to crash when opened. (CVE-2009-0799,;CVE-2009-1181, CVE-2009-1183);;Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product;Security team, and Will Dormann of the CERT/CC for responsibly reporting;these flaws.;;Users are advised to upgrade to these updated packages, which contain;backported patches to resolve these issues. |
| Descripción: | Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0480.
Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.
Multiple integer overflow flaws were found in poppler. An attacker could
create a malicious PDF file that would cause applications that use poppler
(such as Evince) to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)
Multiple buffer overflow flaws were found in poppler's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash or, potentially, execute
arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)
Multiple flaws were found in poppler's JBIG2 decoder that could lead to the
freeing of arbitrary memory. An attacker could create a malicious PDF file
that would cause applications that use poppler (such as Evince) to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0166,
CVE-2009-1180)
Multiple input validation flaws were found in poppler's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash or, potentially, execute
arbitrary code when opened. (CVE-2009-0800)
Multiple denial of service flaws were found in poppler's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash when opened. (CVE-2009-0799,
CVE-2009-1181, CVE-2009-1183)
Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product
Security team, and Will Dormann of the CERT/CC for responsibly reporting
these flaws.
Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
