Test ID:	1.3.6.1.4.1.25623.1.0.68332
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:230 (poppler)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to poppler announced via advisory MDVSA-2010:230. Multiple vulnerabilities were discovered and corrected in poppler: The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:230 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3702 42141 http://secunia.com/advisories/42141 42357 http://secunia.com/advisories/42357 42397 http://secunia.com/advisories/42397 42691 http://secunia.com/advisories/42691 43079 http://secunia.com/advisories/43079 43845 http://www.securityfocus.com/bid/43845 ADV-2010-2897 http://www.vupen.com/english/advisories/2010/2897 ADV-2010-3097 http://www.vupen.com/english/advisories/2010/3097 ADV-2011-0230 http://www.vupen.com/english/advisories/2011/0230 DSA-2119 http://www.debian.org/security/2010/dsa-2119 DSA-2135 http://www.debian.org/security/2010/dsa-2135 FEDORA-2010-15857 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html FEDORA-2010-15911 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html FEDORA-2010-15981 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html FEDORA-2010-16662 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html FEDORA-2010-16705 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html FEDORA-2010-16744 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html MDVSA-2010:228 http://www.mandriva.com/security/advisories?name=MDVSA-2010:228 MDVSA-2010:229 http://www.mandriva.com/security/advisories?name=MDVSA-2010:229 MDVSA-2010:230 http://www.mandriva.com/security/advisories?name=MDVSA-2010:230 MDVSA-2010:231 http://www.mandriva.com/security/advisories?name=MDVSA-2010:231 MDVSA-2012:144 http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 RHSA-2010:0749 http://www.redhat.com/support/errata/RHSA-2010-0749.html RHSA-2010:0750 http://www.redhat.com/support/errata/RHSA-2010-0750.html RHSA-2010:0751 http://www.redhat.com/support/errata/RHSA-2010-0751.html RHSA-2010:0752 http://www.redhat.com/support/errata/RHSA-2010-0752.html RHSA-2010:0753 http://www.redhat.com/support/errata/RHSA-2010-0753.html RHSA-2010:0754 http://www.redhat.com/support/errata/RHSA-2010-0754.html RHSA-2010:0755 http://www.redhat.com/support/errata/RHSA-2010-0755.html RHSA-2010:0859 http://www.redhat.com/support/errata/RHSA-2010-0859.html RHSA-2012:1201 http://rhn.redhat.com/errata/RHSA-2012-1201.html SSA:2010-324-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720 SUSE-SR:2010:022 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html SUSE-SR:2010:023 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html USN-1005-1 http://www.ubuntu.com/usn/USN-1005-1 [oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark http://www.openwall.com/lists/oss-security/2010/10/04/6 ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html https://bugzilla.redhat.com/show_bug.cgi?id=595245 Common Vulnerability Exposure (CVE) ID: CVE-2010-3704 43841 http://www.securityfocus.com/bid/43841 http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 https://bugzilla.redhat.com/show_bug.cgi?id=638960
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.