| Summary: | xpdf new security issues CVE-2020-35376 and CVE-2020-25725 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, jani.valimaa, joequant, mageia, nicolas.salguero, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-32-OK MGA8-64-OK | ||
| Source RPM: | xpdf-4.02-5.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-02-27 19:09:26 CET
David Walser
2021-02-27 19:09:44 CET
Whiteboard:
(none) =>
MGA8TOO, MGA7TOO Hi, thanks for reporting this. As there is no maintainer for this package I added the committers in CC. (Please set the status to 'assigned' if you are working on it) CC:
(none) =>
jani.valimaa, joequant, nicolas.salguero, ouaurelien fixed in cauldron.
Fixed in mga7/8
src:
- xpdf-4.03-1.mga7
- xpdf-4.03-1.mga8Status comment:
Fixed upstream in 4.03 =>
(none) The following 7 packages are going to be installed: - libqt5printsupport5-5.12.6-4.mga7.i586 - libqt5svg5-5.12.6-1.mga7.i586 - poppler-0.74.0-3.4.mga7.i586 - qtsvg5-5.12.6-1.mga7.i586 - x11-font-adobe-100dpi-1.0.3-7.mga7.noarch - xpdf-4.03-1.mga7.i586 - xpdf-common-4.03-1.mga7.i586 ---- ran xpdf against a large pdf no issues pdftotext properly extracted txt pdfinfo pulled heading information. Works as designed Whiteboard:
MGA7TOO =>
MGA7TOO MGA7_32_OK
Brian Rockwell
2021-03-01 04:30:17 CET
Whiteboard:
MGA7TOO MGA7_32_OK =>
MGA7TOO MGA7-32-OK $ uname -a Linux localhost 5.10.16-desktop-1.mga8 #1 SMP Sat Feb 13 16:27:22 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux The following 7 packages are going to be installed: - lib64qt5printsupport5-5.15.2-4.mga8.x86_64 - lib64qt5svg5-5.15.2-1.mga8.x86_64 - poppler-20.12.1-1.mga8.x86_64 - qtsvg5-5.15.2-1.mga8.x86_64 - x11-font-adobe-100dpi-1.0.3-9.mga8.noarch - xpdf-4.03-1.mga8.x86_64 - xpdf-common-4.03-1.mga8.x86_64 repeated the processes above as mga7. Worked as designed Whiteboard:
MGA7TOO MGA7-32-OK =>
MGA7TOO MGA7-32-OK MGA8-64-OK Package list: xpdf-4.03-1.mga7 xpdf-common-4.03-1.mga7 xpdf-4.03-1.mga8 xpdf-common-4.03-1.mga8 Validating. CC:
(none) =>
andrewsfarm, sysadmin-bugs Advisory: ======================== Updated xpdf packages fix security vulnerabilities: In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font (CVE-2020-25725). Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function (CVE-2020-35376). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35376 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/ Advisory pushed to SVN. Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0112.html Resolution:
(none) =>
FIXED |