| Summary: | poppler new security issue CVE-2022-27337 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, jani.valimaa, marja11, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | poppler-20.12.1-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-08-01 17:26:45 CEST
David Walser
2022-08-01 17:26:59 CEST
Status comment:
(none) =>
Fixed upstream in 22.04.0 Assigning to all packagers collectively, since there is no registered maintainer for this package. Assignee:
bugsquad =>
pkg-bugs Pushed poppler-20.12.1-1.1.mga8 to mga core/updates_testing. CC:
(none) =>
jani.valimaa libpoppler105-20.12.1-1.1.mga8 poppler-20.12.1-1.1.mga8 libpoppler-devel-20.12.1-1.1.mga8 libpoppler-qt5_1-20.12.1-1.1.mga8 libpoppler-glib-devel-20.12.1-1.1.mga8 libpoppler-glib8-20.12.1-1.1.mga8 libpoppler-gir0.18-20.12.1-1.1.mga8 libpoppler-cpp0-20.12.1-1.1.mga8 libpoppler-qt5-devel-20.12.1-1.1.mga8 libpoppler-cpp-devel-20.12.1-1.1.mga8 from poppler-20.12.1-1.1.mga8.src.rpm Status comment:
Fixed upstream in 22.04.0 =>
(none) mga8, x64 Updated all the packages and repeated tests used in earlier bugs. $ urpmq --whatrequires lib64poppler105 | uniq calligra-stage calligra-words gambas3-gb-pdf gambas3-gb-poppler inkscape lib64gdal27 lib64kpimitinerary5 lib64poppler-cpp0 lib64poppler-devel lib64poppler-gir0.18 lib64poppler-glib8 lib64poppler-qt5_1 lib64poppler105 libreoffice-pdfimport openboard pdf2djvu poppler scribus texlive $ pdffonts PythonCookbook_2.pdf Helvetica Type 1 WinAnsi no no no 10008 0 .... $ pdftohtml PythonCookbook_2.pdf python.html $ ll *.html -rw-r--r-- 1 lcl lcl 518 Aug 11 23:16 python.html -rw-r--r-- 1 lcl lcl 54126 Aug 11 23:16 python_ind.html -rw-r--r-- 1 lcl lcl 3551556 Aug 11 23:16 pythons.html Displayed the whole book with page index in a browser. All OK. Extracted 6900 images from a PDF file. $ pdfimages AN_2021_May.pdf AN $ display AN-6845.ppm Picture of a finder scope. Extracted several consecutive pages from a book. $ pdfseparate -f 3 -l 10 something.pdf page_%d $ file page_3 page_3: PDF document, version 1.4 All the pages could be read. $ pdftops page_4 page4.ps The postscript file looked fine in gs. $ pdftoppm page_5 page generates page-1.ppm which can be displayed. $ pdftocairo -jpeg page_7 page7 -> page7-1.jpg $ pdftocairo -tiff page_8 page8 $ tiffgt page8-1.tif OK and PNG format works as well. $ strace -o lo.trace libreoffice RustProgrammingLanguage.pdf That invoked LO draw - took some time to display the front cover but it worked fine. The assumption was that libreoffice-pdfimport would be used and thence poppler but there was no sign of poppler in the trace file. libpoppler is listed in the requires for libreoffice-pdfimport. CC:
(none) =>
tarazed25 $ strace -o djvu.trace pdf2djvu -o test.djv module_cheat_sheet.pdf module_cheat_sheet.pdf: - page #1 -> #1 0.021 bits/pixel; 6.079:1, 83.55% saved, 136259 bytes in, 22416 bytes out $ grep poppler djvu.trace openat(AT_FDCWD, "/lib64/libpoppler.so.105", O_RDONLY|O_CLOEXEC) = 3 It is used there anyway. Giving this a pass. Whiteboard:
(none) =>
MGA8-64-OK Validating. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-08-12 22:04:59 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0282.html Status:
NEW =>
RESOLVED |