| Summary: | xpdf new security issues CVE-2019-1001[89], CVE-2019-1002[13], CVE-2019-16927 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, luigiwalser, mageia, marja11, sysadmin-bugs, tarazed25, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | xpdf-4.01.01-1.mga7.src.rpm | CVE: | CVE-2019-10018, CVE-2019-10019, CVE-2019-10021, CVE-2019-10023, CVE-2019-16927 |
| Status comment: | |||
| Bug Depends on: | 24504 | ||
| Bug Blocks: | |||
|
Description
Nicolas Salguero
2019-08-27 13:45:10 CEST
Nicolas Salguero
2019-08-27 13:45:58 CEST
CVE:
(none) =>
CVE-2019-10023
Nicolas Salguero
2019-08-27 16:55:05 CEST
Summary:
xpdf new security issue CVE-2019-10023 =>
xpdf new security issues CVE-2019-10018, CVE-2019-1002[13] References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10023 CVE:
CVE-2019-10018, CVE-2019-10021, CVE-2019-10023 =>
CVE-2019-10018, CVE-2019-10019, CVE-2019-10021, CVE-2019-10023 Assigning to all packagers collectively, since there is no registered maintainer for this package. CC:
(none) =>
marja11 new issue https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16927 which is fixed in 4.0.2 CC:
(none) =>
mageia cauldron was updated by "ns80"
Marc Krämer
2019-10-01 18:15:14 CEST
Depends on:
(none) =>
24504
Nicolas Salguero
2019-10-03 09:20:34 CEST
Whiteboard:
MGA7TOO, MGA6TOO =>
MGA7TOO Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. (CVE-2019-10018) An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. (CVE-2019-10019) An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. (CVE-2019-10021) An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. (CVE-2019-10023) Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. (CVE-2019-16927) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10023 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16927 ======================== Updated packages in core/updates_testing: ======================== xpdf-4.02-1.mga7 xpdf-common-4.02-1.mga7 from SRPMS: xpdf-4.02-1.mga7.src.rpm Assignee:
pkg-bugs =>
qa-bugs MGA7-64 Plasma on Lenovo B50 No installation issues, is new installation for xpdf. Tried pdf filess from different sources, with all of them xpdf shows the same behavior: When a document is freshly opened, I cannot scroll the pages with the arrows in the toolbar. I can scroll ith the "PageUp" - "PageDown" buttons on the keyboard, once Ido that the arrows work, but not beyond the last page I went to with the keyboard. E.g.when I open a 10 page pdf and scroll to page 6 with the keyboard, the toolbar arrows let me navigate up and down 1 to 6, but not beyond page 6. In an instance with a 63 page pdf, the down (left pointing) arrow scrolled eratically up or down pages. I tested the same pdf's with xpdf 3.04 on M6, and there xpdf worked perfectly OK. No good for me. CC:
(none) =>
herman.viaene OK Herman. Having a look at the proofs of concept just now. Shall see if your problem can be reproduced - if so that would need a separate bug report. Later. CC:
(none) =>
tarazed25 The POC files attached to these CVEs were run upstream in an asan framework against pdftotext, pdftoppm and pdftops (part of the poppler suite I think) as well as xpdf. The vulnerability affects common code. Saw later that these utilities are also regarded as xpdf tools. *Before the update* CVE-2019-10018 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 $ xpdf 'PostScriptFunction::exec@___FPE' Floating point exception (core dumped) $ xpdf 'PostScriptFunction::exec@Function.cc:1374-42___FPE' Floating point exception (core dumped) $ xpdf 'PostScriptFunction::exec@Function.cc:1420-42___FPE' Floating point exception (core dumped) CVE-2019-10019 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275 $ xpdf 'PSOutputDev::checkPageSlice@PSOutputDev.cc:4198-37___FPE' This invoked Xpdf Reader and showed a blank page. Using the suggested function: $ pdftops 'PSOutputDev::checkPageSlice@PSOutputDev.cc:4198-37___FPE' out.ps Syntax Warning: No valid XRef size in trailer <No FPE or abort> CVE-2019-10021 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 $ xpdf 'Splash::scaleImageYuXu@Splash.cc:5556-21___FPE' Floating point exception (core dumped) $ xpdf 'Splash::scaleImageYuXu@Splash.cc:5560-20___FPE' Floating point exception (core dumped) CVE-2019-10023 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 $ xpdf 'PostScriptFunction::exec@Function.cc:1420-42___FPE' Floating point exception (core dumped) CVE-2019-16927 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885 $ xpdf crashfile.pdf <There does not seem to be a problem with this, but...> $ pdftotext crashfile.pdf out.txt Syntax Error (29635): Illegal character '{' Internal Error: xref num 23 not found but needed, try to reconstruct<0a> Syntax Error (29635): Illegal character '{' Syntax Error: Failed to parse XRef entry [915]. [...] Syntax Error (71667): Unknown operator 'to' Syntax Error (71667): Too few (1) args to 'Tm' operator *After the update* CVE-2019-10018 $ xpdf 'PostScriptFunction::exec@___FPE' $ xpdf 'PostScriptFunction::exec@Function.cc:1374-42___FPE' $ xpdf 'PostScriptFunction::exec@Function.cc:1420-42___FPE' A page is displayed with a black rectangle at the bottom left corner in all three cases. CVE-2019-10019 $ xpdf 'PSOutputDev::checkPageSlice@PSOutputDev.cc:4198-37___FPE' <Same result as before.> $ pdftops 'PSOutputDev::checkPageSlice@PSOutputDev.cc:4198-37___FPE' out.ps Syntax Warning: No valid XRef size in trailer <As before> CVE-2019-10021 $ xpdf 'Splash::scaleImageYuXu@Splash.cc:5556-21___FPE' $ xpdf 'Splash::scaleImageYuXu@Splash.cc:5560-20___FPE' <Both display a blank page. No core dumps.> CVE-2019-10023 $ xpdf 'PostScriptFunction::exec@Function.cc:1420-42___FPE' <Displays black rectangle on a white page. No FPE.> CVE-2019-16927 $ xpdf crashfile.pdf <Normal display - full output - no complaints.> $ pdftotext crashfile.pdf out.txt <Same error output as before. out.txt is generated and echoes the earlier input.> All these results look good. There is an indication that the problem was already handled before the update in a few cases. Tried out xpdf on a variety of PDF books and had no trouble. Scrolled from start to finish, tested zoom, indexing, page number and search function. No problems. This should be released. Whiteboard:
(none) =>
MGA7-64-OK
Thomas Backlund
2019-10-06 17:30:58 CEST
Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0293.html Resolution:
(none) =>
FIXED This update also fixed CVE-2019-12493 CVE-2019-12515 CVE-2019-1295[78] CVE-2019-1328[1236]: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ CC:
(none) =>
luigiwalser |