FrSIRT - Fedora Security Update Fixes Poppler Multiple Code Execution Issues / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Poppler Multiple Code Execution Issues

Title : Fedora Security Update Fixes Poppler Multiple Code Execution Issues
Advisory ID : FrSIRT/ADV-2007-4163
CVE ID : CVE-2007-4352 - CVE-2007-5392 - CVE-2007-5393
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-12-11

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system [...]

Solution

Upgrade the affected packages :

0c9851f6b9ffe42539c5d9fb43e47b3aaa05c7b9 poppler-qt4-devel-0.6.2-1.fc8.ppc64.rpm
028de2680d8ebb8a42ca982081da62e19bcb406d poppler-qt-0.6.2-1.fc8.ppc64.rpm
ea445e1b656b4d9a585aed2b68e94a69c9bd624d poppler-utils-0.6.2-1.fc8.ppc64.rpm
c2b7d030d1da81f109ffca45474a5379cf9d7d73 poppler-debuginfo-0.6.2-1.fc8.ppc64.rpm
d0dd9cc63247186ada14c78691680fa8de9d2eb0 poppler-devel-0.6.2-1.fc8.ppc64.rpm
ee889757047917504d9455ce0e0870dfd0f36e84 poppler-qt-devel-0.6.2-1.fc8.ppc64.rpm
923435e882374ba89c01736979ed5ef7d39b0440 poppler-qt4-0.6.2-1.fc8.ppc64.rpm
ce256cb36395801af37ad9ea84f9c57e22fd9a55 poppler-0.6.2-1.fc8.ppc64.rpm
72a3e4e1e9ed9b4f941b7e4ead0611bd112e8015 poppler-0.6.2-1.fc8.i386.rpm
aad9ebb05ffd9d0f7bffc0624836338344078eab poppler-qt4-devel-0.6.2-1.fc8.i386.rpm
8944feffb9ea65c23e9a58f0f6d2ff3ae3665412 poppler-qt-0.6.2-1.fc8.i386.rpm
0505e3dbd85f9b1c6b2f85d06c655f0a291d4c83 poppler-qt-devel-0.6.2-1.fc8.i386.rpm
0f6f8f9c3d3ebe3de70a3fa5079e2218097a874e poppler-qt4-0.6.2-1.fc8.i386.rpm
5a283196d93fa30c5c2874a9c4673e78182c3419 poppler-utils-0.6.2-1.fc8.i386.rpm
faad91d4c46e77ee29a1553a855d4a6ed7f1a880 poppler-devel-0.6.2-1.fc8.i386.rpm
b5be7a72550f13cc598128a5e302329bd6c35aba poppler-debuginfo-0.6.2-1.fc8.i386.rpm
9bc67d6896991d4df11204ce756760fc8d2a2c7a poppler-qt-devel-0.6.2-1.fc8.x86_64.rpm
46ec229251c30785052fa103caa03057573e6e0f poppler-devel-0.6.2-1.fc8.x86_64.rpm
bee2bb7629cbe5dc080f1b93f79eb299062a2680 poppler-qt-0.6.2-1.fc8.x86_64.rpm
0de9a7577b6bb370bc01a212820bed5b88295a81 poppler-qt4-devel-0.6.2-1.fc8.x86_64.rpm
31604cd49c7a4469281cc296bf0b3bd59304522c poppler-utils-0.6.2-1.fc8.x86_64.rpm
4209f89c4ea8b6c33d6b3b537db29b7d79a5e61f poppler-debuginfo-0.6.2-1.fc8.x86_64.rpm
c71b0fc1e3c3666c607586a0b5c10ef742f252bd poppler-qt4-0.6.2-1.fc8.x86_64.rpm
56a9e902b1686ed5c43861194e346e5933f83f5a poppler-0.6.2-1.fc8.x86_64.rpm
9b4ab89827e78fa2cb48e86c0aebefbbcaff4096 poppler-devel-0.6.2-1.fc8.ppc.rpm
6f70a12b0250482a1d792a477b665585cb6a65e3 poppler-qt-devel-0.6.2-1.fc8.ppc.rpm
5be5cdd743324b3710a47c20c0d1cf868df71c64 poppler-utils-0.6.2-1.fc8.ppc.rpm
9b5e8b4a3165198e6d0eb72bba258f9958046f64 poppler-qt-0.6.2-1.fc8.ppc.rpm
c83a9807adf852a6bebfaaa0273f9b6efca71095 poppler-qt4-0.6.2-1.fc8.ppc.rpm
5bdbf7ad0c649f3e60a1bc5ed971ca6de45d9742 poppler-debuginfo-0.6.2-1.fc8.ppc.rpm
328a33bd7ea2a6c8b31072a59e412331355ab975 poppler-qt4-devel-0.6.2-1.fc8.ppc.rpm
ebd38a306be4ffa1dc8137e5bcf38c6b7eebb034 poppler-0.6.2-1.fc8.ppc.rpm
d16b8e1303a5b45fec4d857dfeef1ef3f96f0a83 poppler-0.6.2-1.fc8.src.rpm

ChangeLog

2007-12-11 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities
	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability