Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0859

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.69160

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2010:0859

Summary: Redhat Security Advisory RHSA-2010:0859

Description: The remote host is missing updates announced in
advisory RHSA-2010:0859.

Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.

Two uninitialized pointer use flaws were discovered in poppler. An attacker
could create a malicious PDF file that, when opened, would cause
applications that use poppler (such as Evince) to crash or, potentially,
execute arbitrary code. (CVE-2010-3702, CVE-2010-3703)

An array index error was found in the way poppler parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause applications that use poppler (such as
Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0859.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3702
http://www.openwall.com/lists/oss-security/2010/10/04/6
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
Debian Security Information: DSA-2119 (Google Search)
http://www.debian.org/security/2010/dsa-2119
Debian Security Information: DSA-2135 (Google Search)
http://www.debian.org/security/2010/dsa-2135
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.redhat.com/support/errata/RHSA-2010-0749.html
http://www.redhat.com/support/errata/RHSA-2010-0750.html
http://www.redhat.com/support/errata/RHSA-2010-0751.html
http://www.redhat.com/support/errata/RHSA-2010-0752.html
http://www.redhat.com/support/errata/RHSA-2010-0753.html
http://www.redhat.com/support/errata/RHSA-2010-0754.html
http://www.redhat.com/support/errata/RHSA-2010-0755.html
http://www.redhat.com/support/errata/RHSA-2010-0859.html
RedHat Security Advisories: RHSA-2012:1201
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
SuSE Security Announcement: SUSE-SR:2010:022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://www.ubuntu.com/usn/USN-1005-1
BugTraq ID: 43845
http://www.securityfocus.com/bid/43845
http://secunia.com/advisories/42141
http://secunia.com/advisories/42397
http://secunia.com/advisories/42357
http://secunia.com/advisories/42691
http://secunia.com/advisories/43079
http://www.vupen.com/english/advisories/2010/2897
http://www.vupen.com/english/advisories/2010/3097
http://www.vupen.com/english/advisories/2011/0230
Common Vulnerability Exposure (CVE) ID: CVE-2010-3703
Common Vulnerability Exposure (CVE) ID: CVE-2010-3704
BugTraq ID: 43841
http://www.securityfocus.com/bid/43841

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.69160
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0859
Summary:	Redhat Security Advisory RHSA-2010:0859
Description:	The remote host is missing updates announced in advisory RHSA-2010:0859. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0859.html http://www.redhat.com/security/updates/classification/#important Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3702 http://www.openwall.com/lists/oss-security/2010/10/04/6 http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf Debian Security Information: DSA-2119 (Google Search) http://www.debian.org/security/2010/dsa-2119 Debian Security Information: DSA-2135 (Google Search) http://www.debian.org/security/2010/dsa-2135 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:228 http://www.mandriva.com/security/advisories?name=MDVSA-2010:229 http://www.mandriva.com/security/advisories?name=MDVSA-2010:230 http://www.mandriva.com/security/advisories?name=MDVSA-2010:231 http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 http://www.redhat.com/support/errata/RHSA-2010-0749.html http://www.redhat.com/support/errata/RHSA-2010-0750.html http://www.redhat.com/support/errata/RHSA-2010-0751.html http://www.redhat.com/support/errata/RHSA-2010-0752.html http://www.redhat.com/support/errata/RHSA-2010-0753.html http://www.redhat.com/support/errata/RHSA-2010-0754.html http://www.redhat.com/support/errata/RHSA-2010-0755.html http://www.redhat.com/support/errata/RHSA-2010-0859.html RedHat Security Advisories: RHSA-2012:1201 http://rhn.redhat.com/errata/RHSA-2012-1201.html http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720 SuSE Security Announcement: SUSE-SR:2010:022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://www.ubuntu.com/usn/USN-1005-1 BugTraq ID: 43845 http://www.securityfocus.com/bid/43845 http://secunia.com/advisories/42141 http://secunia.com/advisories/42397 http://secunia.com/advisories/42357 http://secunia.com/advisories/42691 http://secunia.com/advisories/43079 http://www.vupen.com/english/advisories/2010/2897 http://www.vupen.com/english/advisories/2010/3097 http://www.vupen.com/english/advisories/2011/0230 Common Vulnerability Exposure (CVE) ID: CVE-2010-3703 Common Vulnerability Exposure (CVE) ID: CVE-2010-3704 BugTraq ID: 43841 http://www.securityfocus.com/bid/43841
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com