French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Poppler Multiple Code Execution Issues

Title : Mandriva Security Update Fixes Poppler Multiple Code Execution Issues
Advisory ID : FrSIRT/ADV-2007-3917
CVE ID : CVE-2007-4352 - CVE-2007-5392 - CVE-2007-5393
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-20

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.1:
9f040875778bb940669bd2bfdbef248c 2007.1/i586/libpoppler-qt1-0.5.4-3.3mdv2007.1.i586.rpm
804046d0a838cb3a0a5e355fb118b1bc 2007.1/i586/libpoppler-qt1-devel-0.5.4-3.3mdv2007.1.i586.rpm
dd83d0b61f2ad91ea79f314752a0f514 2007.1/i586/libpoppler-qt4-1-0.5.4-3.3mdv2007.1.i586.rpm
05d0deb14ec5dad80d8d400756b3d183 2007.1/i586/libpoppler-qt4-1-devel-0.5.4-3.3mdv2007.1.i586.rpm
a23fb37129c8756e353fe47be6d6a8be 2007.1/i586/libpoppler1-0.5.4-3.3mdv2007.1.i586.rpm
6db198b349d7ebe355d809732ddb21bb 2007.1/i586/libpoppler1-devel-0.5.4-3.3mdv2007.1.i586.rpm
3e280873492799bebdec28872351052e 2007.1/i586/poppler-0.5.4-3.3mdv2007.1.i586.rpm
40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-3.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
b49094eb08c809397081d357f7251166 2007.1/x86_64/lib64poppler-qt1-0.5.4-3.3mdv2007.1.x86_64.rpm
e6f52d8bb5d9f84458ae6892cd7800da 2007.1/x86_64/lib64poppler-qt1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
4d08d7343c94a016928cef93490af098 2007.1/x86_64/lib64poppler-qt4-1-0.5.4-3.3mdv2007.1.x86_64.rpm
b0f8d4b4c5f1917c61687900a119e685 2007.1/x86_64/lib64poppler-qt4-1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
0955492bd1319fdc2e74c2528994e2bc 2007.1/x86_64/lib64poppler1-0.5.4-3.3mdv2007.1.x86_64.rpm
f918b50ec88a2aca954c156c33c605e8 2007.1/x86_64/lib64poppler1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
24fdcc57f5c7481e6732f45e43e49d51 2007.1/x86_64/poppler-0.5.4-3.3mdv2007.1.x86_64.rpm
40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-3.3mdv2007.1.src.rpm

Mandriva Linux 2008.0:
840730bb310636d43a3d07a6d4d4f281 2008.0/i586/libpoppler-devel-0.6-3.1mdv2008.0.i586.rpm
9d6109683ae8729ad549c56d2f8998c1 2008.0/i586/libpoppler-glib-devel-0.6-3.1mdv2008.0.i586.rpm
b69e7e912fe2f532c5a9ed7c3687eb42 2008.0/i586/libpoppler-glib2-0.6-3.1mdv2008.0.i586.rpm
cea89e4b36cbe99060e3568038474078 2008.0/i586/libpoppler-qt-devel-0.6-3.1mdv2008.0.i586.rpm
64a459904bf417570e4f2b8e0d550c77 2008.0/i586/libpoppler-qt2-0.6-3.1mdv2008.0.i586.rpm
5d1c9970275811b934599f95b5264d7d 2008.0/i586/libpoppler-qt4-2-0.6-3.1mdv2008.0.i586.rpm
7bbfdb4209d40f503bedc8e10e4687df 2008.0/i586/libpoppler-qt4-devel-0.6-3.1mdv2008.0.i586.rpm
812e34a9b25b4e28169bf84804da8325 2008.0/i586/libpoppler2-0.6-3.1mdv2008.0.i586.rpm
57380d8dcef7e2b404ed6a7571969bfe 2008.0/i586/poppler-0.6-3.1mdv2008.0.i586.rpm
697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
f64a05a64b742ac4a40a07b8c43b9545 2008.0/x86_64/lib64poppler-devel-0.6-3.1mdv2008.0.x86_64.rpm
5d9963749a1315a570e9a70783c078da 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.1mdv2008.0.x86_64.rpm
8d62d129c9279da1ed306a02785d5a7f 2008.0/x86_64/lib64poppler-glib2-0.6-3.1mdv2008.0.x86_64.rpm
f844c25e098d3b295cba161a07795b36 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.1mdv2008.0.x86_64.rpm
5bfdd34b678a33aeebeec9dc7b0d0dd7 2008.0/x86_64/lib64poppler-qt2-0.6-3.1mdv2008.0.x86_64.rpm
83334372f43c893ca9afdaefdd7b90d0 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.1mdv2008.0.x86_64.rpm
82099121bfc50561cb3a175d9d31152b 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.1mdv2008.0.x86_64.rpm
59a614072521db19cd3b502e6d49959a 2008.0/x86_64/lib64poppler2-0.6-3.1mdv2008.0.x86_64.rpm
0a5a8795e93dc014c5f07e2ab6e73393 2008.0/x86_64/poppler-0.6-3.1mdv2008.0.x86_64.rpm
697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-3.1mdv2008.0.src.rpm

Corporate 4.0:
86be8a80003ab4c7a36905eac276dbf6 corporate/4.0/i586/libpoppler-qt0-0.4.1-3.6.20060mlcs4.i586.rpm
32bae8fecaa6ec4e2b1e7e68458f889b corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.6.20060mlcs4.i586.rpm
e9aefa230a3c897361330d91583eb4b9 corporate/4.0/i586/libpoppler0-0.4.1-3.6.20060mlcs4.i586.rpm
280a9f7aea1b3766864996d5969e69ea corporate/4.0/i586/libpoppler0-devel-0.4.1-3.6.20060mlcs4.i586.rpm
aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-0.4.1-3.6.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
62f84dc6ac78997484c76c0e34c74063 corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.6.20060mlcs4.x86_64.rpm
5fda381aed07c4eaa47f48d7187449ee corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.6.20060mlcs4.x86_64.rpm
6abf5b15ba6ffa847dde37a2d0f049d0 corporate/4.0/x86_64/lib64poppler0-0.4.1-3.6.20060mlcs4.x86_64.rpm
bcbad9d141f0b9615740d5f027a24699 corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.6.20060mlcs4.x86_64.rpm
aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-0.4.1-3.6.20060mlcs4.src.rpm

ChangeLog

2007-11-20 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

Sun Solaris System Management Agent Buffer Overflow Vulnerability

Sun Update Fixes Mozilla Thunderbird Multiple Vulnerabilities

Sun Java JDK and JRE Code Execution and Security Bypass Issues

Sun Solaris DNS Protocol Remote Cache Poisoning Vulnerability

Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities

Sun Java System Access Manager XSLT Code Execution Vulnerability

Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities

Microsoft Office Word Document Handling Code Execution Vulnerability

Microsoft SQL Server Privilege Escalation Vulnerabilities (MS08-040)

Microsoft Exchange Server Cross Site Scripting Issues (MS08-039)

Microsoft Windows Explorer Remote Code Execution (MS08-038)

Microsoft Windows Multiple DNS Spoofing Vulnerabilities (MS08-037)

Microsoft Access Snapshot Viewer ActiveX Control Vulnerability

Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy