Описание
ELSA-2020-1074: poppler and evince security update (MODERATE)
evince [3.28.2-9]
- Handle failure from TIFFReadRGBAImageOriented
- Resolves: #1717352
poppler [0.26.5-42]
- Fix potential integer overflow and check length for negative values
- Resolves: #1757283
[0.26.5-41]
- Ignore dict Length if it is broken
- Resolves: #1733026
[0.26.5-40]
- Fail gracefully if not all components of JPEG2000Stream
- have the same size
- Resolves: #1723504
[0.26.5-39]
- Check whether input is RGB in PSOutputDev::checkPageSlice()
- Resolves: #1697575
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
evince
3.28.2-9.el7
evince-browser-plugin
3.28.2-9.el7
evince-devel
3.28.2-9.el7
evince-dvi
3.28.2-9.el7
evince-libs
3.28.2-9.el7
evince-nautilus
3.28.2-9.el7
poppler
0.26.5-42.el7
poppler-cpp
0.26.5-42.el7
poppler-cpp-devel
0.26.5-42.el7
poppler-demos
0.26.5-42.el7
poppler-devel
0.26.5-42.el7
poppler-glib
0.26.5-42.el7
poppler-glib-devel
0.26.5-42.el7
poppler-qt
0.26.5-42.el7
poppler-qt-devel
0.26.5-42.el7
poppler-utils
0.26.5-42.el7
Oracle Linux x86_64
evince
3.28.2-9.el7
evince-browser-plugin
3.28.2-9.el7
evince-devel
3.28.2-9.el7
evince-dvi
3.28.2-9.el7
evince-libs
3.28.2-9.el7
evince-nautilus
3.28.2-9.el7
poppler
0.26.5-42.el7
poppler-cpp
0.26.5-42.el7
poppler-cpp-devel
0.26.5-42.el7
poppler-demos
0.26.5-42.el7
poppler-devel
0.26.5-42.el7
poppler-glib
0.26.5-42.el7
poppler-glib-devel
0.26.5-42.el7
poppler-qt
0.26.5-42.el7
poppler-qt-devel
0.26.5-42.el7
poppler-utils
0.26.5-42.el7
Ссылки на источники
Связанные уязвимости
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...