Bug 33298

Summary: poppler new security issue CVE-2024-4141
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, sysadmin-bugs, tarazed25
Version: 9Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA9-64-OK
Source RPM: poppler-23.02.0-1.1.mga9.src.rpm CVE: CVE-2024-4141
Status comment:

Description Nicolas Salguero 2024-06-12 15:31:15 CEST 
SUSE has isued an advisory on June 11:
https://lists.suse.com/pipermail/sle-updates/2024-June/035557.html

Mageia 9 is also affected.
Nicolas Salguero 2024-06-12 15:31:54 CEST

CVE: (none) => CVE-2024-4141
Source RPM: (none) => poppler-24.06.0-1.mga10.src.rpm
Whiteboard: (none) => MGA9TOO
Status comment: (none) => Patch available from openSUSE

Comment 1 Nicolas Salguero 2024-06-13 14:04:51 CEST 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

Out-of-bounds array write. (CVE-2024-4141)

References:
https://lists.suse.com/pipermail/sle-updates/2024-June/035557.html
========================

Updated packages in core/updates_testing:
========================
lib(64)poppler-cpp0-23.02.0-1.2.mga9
lib(64)poppler-cpp-devel-23.02.0-1.2.mga9
lib(64)poppler-devel-23.02.0-1.2.mga9
lib(64)poppler-gir0.18-23.02.0-1.2.mga9
lib(64)poppler-glib8-23.02.0-1.2.mga9
lib(64)poppler-glib-devel-23.02.0-1.2.mga9
lib(64)poppler-qt5_1-23.02.0-1.2.mga9
lib(64)poppler-qt5-devel-23.02.0-1.2.mga9
lib(64)poppler-qt6_3-23.02.0-1.2.mga9
lib(64)poppler-qt6-devel-23.02.0-1.2.mga9
lib(64)poppler126-23.02.0-1.2.mga9
poppler-23.02.0-1.2.mga9

from SRPM:
poppler-23.02.0-1.2.mga9.src.rpm

Status comment: Patch available from openSUSE => (none)
Status: NEW => ASSIGNED
Source RPM: poppler-24.06.0-1.mga10.src.rpm => poppler-23.02.0-1.1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Assignee: bugsquad => qa-bugs

katnatek 2024-06-13 19:35:26 CEST

Keywords: (none) => advisory

Comment 2 Len Lawrence 2024-06-13 23:27:17 CEST 
mga9, x64
No luck finding PoC.
All the packages updated cleanly over the ...1.1 versions.
Referred to bug 30690 for testing hints.

$ pdftohtml PythonProjectsForKids.pdf
A lot of diagnostic output.  
A file with the same name but an html extension was generated.
$ firefox PythonProjectsForKids.pdf
opened a new tab in Firefox, displaying the frontispiece for the book and a hyperlink page index on the left.
Extracted 190 images from the same book as PPM and JPEG images, most of which are code samples.
$ pdfimages PythonProjectsForKids.pdf pythonkids

Separated pages 2 to 4 from a PDF file.
$ pdfseparate -f 2 -l 4 The_Haunting_of_Eleanor_and_Annie.pdf page_%d
lcl@yildun:books $ ls page*
page_2  page_3  page_4
$ file page_3
page_3: PDF document, version 1.5, 1 pages

Used xpdf to display the page, which looked fine.

lcl@yildun:books $ strace -o djvu.trace pdf2djvu -o test.djv module_cheat_sheet.pdf
module_cheat_sheet.pdf:
- page #1 -> #1
0.021 bits/pixel; 6.080:1, 83.55% saved, 136259 bytes in, 22410 bytes out
$ grep poppler djvu.trace
openat(AT_FDCWD, "/usr/lib64/libpoppler.so.126", O_RDONLY|O_CLOEXEC) = 3

This all looks good so far.  Giving it an OK.

CC: (none) => tarazed25
Whiteboard: (none) => MGA9-64-OK

Comment 3 Thomas Andrews 2024-06-14 02:38:23 CEST 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 4 Mageia Robot 2024-06-14 03:33:35 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0218.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED