openSUSE-SU-2016:1630-1

Опубликовано: 19 июн. 2016

Источник: suse-cvrf

Описание

Security update for poppler

This update for poppler fixes the following issues:

Security issues fixed:

CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

libpoppler-cpp0-0.24.4-12.1

libpoppler-devel-0.24.4-12.1

libpoppler-glib-devel-0.24.4-12.1

libpoppler-glib8-0.24.4-12.1

libpoppler-qt4-4-0.24.4-12.1

libpoppler-qt4-devel-0.24.4-12.1

libpoppler-qt5-1-0.24.4-12.1

libpoppler-qt5-devel-0.24.4-12.1

libpoppler44-0.24.4-12.1

poppler-0.24.4-12.1

poppler-qt-0.24.4-12.1

poppler-qt5-0.24.4-12.1

poppler-tools-0.24.4-12.1

typelib-1_0-Poppler-0_18-0.24.4-12.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html
E-Mail link for openSUSE-SU-2016:1630-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.

Затронутые продукты

openSUSE Leap 42.1:libpoppler-cpp0-0.24.4-12.1

openSUSE Leap 42.1:libpoppler-devel-0.24.4-12.1

openSUSE Leap 42.1:libpoppler-glib-devel-0.24.4-12.1

openSUSE Leap 42.1:libpoppler-glib8-0.24.4-12.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-8868.html
CVE-2015-8868
https://bugzilla.suse.com/976844
SUSE Bug 976844

openSUSE-SU-2016:1630-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2015-8868

Описание

Затронутые продукты

Ссылки