Bug 9390

Summary: poppler new security issues CVE-2013-1788 and CVE-2013-1790
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: cmrisolde, dmorganec, sysadmin-bugs
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/542911/
Whiteboard: has_procedure mga2-32-ok mga2-64-OK
Source RPM: poppler-0.18.4-2.mga2.src.rpm CVE:
Status comment:

Description David Walser 2013-03-14 19:01:48 CET 
Fedora has issued an advisory on March 5:
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html

There were three CVEs (CVE-2013-1788, CVE-2013-1789, CVE-2013-1790) fixed upstream in 0.22.1, which we have in Cauldron.

There are reproducer PDFs for these bugs, but I don't know if they are publicly available.  If they are, they can be used as PoC's, and it'd be nice to check if CVE-2013-1789 affects 0.18.4 as Fedora didn't add a patch for that one.

There is also another bug that Fedora fixed that I haven't, but I could:
https://bugzilla.redhat.com/show_bug.cgi?id=817378

Advisory:
========================

Updated poppler packages fix security vulnerabilities:

Invalid memory access flaws in poppler before 0.22.1 (CVE-2013-1788).

An uninitialized memory read flaw in poppler before 0.22.1 (CVE-2013-1790).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html
========================

Updated packages in core/updates_testing:
========================
poppler-0.18.4-2.1.mga2
libpoppler19-0.18.4-2.1.mga2
libpoppler-devel-0.18.4-2.1.mga2
libpoppler-cpp0-0.18.4-2.1.mga2
libpoppler-qt4-devel-0.18.4-2.1.mga2
libpoppler-qt4-3-0.18.4-2.1.mga2
libpoppler-glib8-0.18.4-2.1.mga2
libpoppler-gir0.18-0.18.4-2.1.mga2
libpoppler-glib-devel-0.18.4-2.1.mga2
libpoppler-cpp-devel-0.18.4-2.1.mga2

from poppler-0.18.4-2.1.mga2.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-03-16 15:51:06 CET 
Testing i586 with commands found with
urpmf poppler | grep bin

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2013-03-16 15:56:59 CET 
Testing some the backends by opening pdf's in okular, evince, epdfview
Comment 3 claire robinson 2013-03-16 16:20:31 CET 
Testing complete mga2 32

$ pdffonts example.pdf
name                                 type              emb sub uni object ID
------------------------------------ ----------------- --- --- --- ---------
Courier-Bold                         Type 1            no  no  no    4293  0
Courier-Oblique                      Type 1            no  no  no    4294  0
Times-Roman                          Type 1            no  no  no    4295  0
Times-BoldItalic                     Type 1            no  no  no    4296  0
Courier                              Type 1            no  no  no    4297  0
Times-Italic                         Type 1            no  no  no    4298  0
Times-Bold                           Type 1            no  no  no    4299  0

$ pdfimages -f 1 -l 10 example.pdf examplepdf
$ ls examplepdf*
examplepdf-000.ppm
$ gwenview examplepdf-000.ppm

$ pdfinfo example.pdf
Shows pdf info

$ pdftohtml -s -f 1 -l 10 example.pdf examplepdf
Page-1
Page-2
 link to page 7  link to page 7  link to page 8  link to page 8  link to page 9  link to page 9  link to page 10  link to page 10  link to page 12  link to page 12  link to page 15  link to page 15  link to page 16  link to page 16  link to page 23  link to page 23  link to page 26
etc..

$ ls examplepdf*
examplepdf-000.ppm  examplepdf004.png  examplepdf008.png    examplepdf-html.html
examplepdf001.png   examplepdf005.png  examplepdf009.png    examplepdfs.html
examplepdf002.png   examplepdf006.png  examplepdf010.png
examplepdf003.png   examplepdf007.png  examplepdf-10_1.png

$ konqueror examplepdf-html.html

$ okular example.pdf
$ evince example.pdf
$ epdfview example.pdf

Whiteboard: has_procedure => has_procedure mga2-32-ok

Comment 4 claire robinson 2013-03-16 16:20:46 CET 
No PoC's btw
Comment 5 Carolyn Rowse 2013-03-16 17:08:12 CET 
Testing x86_64

Carolyn

CC: (none) => isolde

Comment 6 Carolyn Rowse 2013-03-16 18:20:16 CET 
Similar tests to Claire's on 64-bit, no problems found.

Testing complete.
Update validated.

See description for advisory and SRPM.

Could sysadmin please push from core/updates_testing to core/updates.

Thank you.

Carolyn

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok mga2-64-OK

Comment 7 D Morgan 2013-03-16 22:45:09 CET 
Update pushed: 
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0095

Status: NEW => RESOLVED
CC: (none) => dmorganec
Resolution: (none) => FIXED