Fedora has issued an advisory on September 28: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PGEK33HOGRWVYRRGMZUMXWXBTQ3EGNQT/ The RedHat bug has a link to the upstream commit that fixed the issue: https://bugzilla.redhat.com/show_bug.cgi?id=1494582 Mageia 5 and Mageia 6 may also be affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Ubuntu has issued an advisory today (October 2): https://usn.ubuntu.com/usn/usn-3433-1/ It fixes two additional issues.
Severity: normal => majorSummary: poppler new security issue CVE-2017-14520 => poppler new security issues CVE-2017-1451[79] and CVE-2017-14520
According to Ubuntu, Mga5 is not affected by CVE-2017-14517.
CC: (none) => nicolas.salguero
Suggested advisory: ======================== The updated packages fix security vulnerabilities: In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. (CVE-2017-14517) In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). (CVE-2017-14519) In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. (CVE-2017-14520) References: ======================== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519 https://usn.ubuntu.com/usn/usn-3433-1/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520 https://bugzilla.redhat.com/show_bug.cgi?id=1494582 Updated packages in 5/core/updates_testing: ======================== poppler-0.26.5-2.4.mga5 lib(64)poppler46-0.26.5-2.4.mga5 lib(64)poppler-devel-0.26.5-2.4.mga5 lib(64)poppler-cpp0-0.26.5-2.4.mga5 lib(64)poppler-qt4-devel-0.26.5-2.4.mga5 lib(64)poppler-qt5-devel-0.26.5-2.4.mga5 lib(64)poppler-qt4_4-0.26.5-2.4.mga5 lib(64)poppler-qt5_1-0.26.5-2.4.mga5 lib(64)poppler-glib8-0.26.5-2.4.mga5 lib(64)poppler-gir0.18-0.26.5-2.4.mga5 lib(64)poppler-glib-devel-0.26.5-2.4.mga5 lib(64)poppler-cpp-devel-0.26.5-2.4.mga5 from SRPMS: poppler-0.26.5-2.4.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== poppler-0.52.0-3.2.mga6 lib(64)poppler66-0.52.0-3.2.mga6 lib(64)poppler-devel-0.52.0-3.2.mga6 lib(64)poppler-cpp0-0.52.0-3.2.mga6 lib(64)poppler-qt4-devel-0.52.0-3.2.mga6 lib(64)poppler-qt5-devel-0.52.0-3.2.mga6 lib(64)poppler-qt4_4-0.52.0-3.2.mga6 lib(64)poppler-qt5_1-0.52.0-3.2.mga6 lib(64)poppler-glib8-0.52.0-3.2.mga6 lib(64)poppler-gir0.18-0.52.0-3.2.mga6 lib(64)poppler-glib-devel-0.52.0-3.2.mga6 lib(64)poppler-cpp-devel-0.52.0-3.2.mga6 from SRPMS: poppler-0.52.0-3.2.mga6.src.rpm
Assignee: pkg-bugs => qa-bugsWhiteboard: MGA6TOO, MGA5TOO => MGA5TOOVersion: Cauldron => 6Source RPM: poppler-0.59.0-1.mga7.src.rpm => poppler-0.52.0-3.1.mga6.src.rpmStatus: NEW => ASSIGNED
Having a look at this one for both mga versions.
CC: (none) => tarazed25
mga6::x86_64 Mate Ensured that all needed packages were installed, leaving out the development packages. Downloaded the PoC PDF files from upstream. CVE-2017-14517 https://bugs.freedesktop.org/show_bug.cgi?id=102687 $ pdftohtml -q -s ./mal-XRef-cc-1539-4-49-SIGSEGV.pdf Segmentation fault (core dumped) CVE-2017-14519 https://bugs.freedesktop.org/show_bug.cgi?id=102701 $ pdftoppm -q mal-gfx-memory-corruption.pdf Segmentation fault (core dumped) CVE-2017-14520 https://bugs.freedesktop.org/show_bug.cgi?id=102719 $ pdftohtml -q -s mal-Splash-cc-4585-3-67-SIGFPE.pdf a Floating point exception (core dumped) Ran the updates: - lib64poppler-cpp0-0.52.0-3.2.mga6.x86_64 - lib64poppler-gir0.18-0.52.0-3.2.mga6.x86_64 - lib64poppler-glib8-0.52.0-3.2.mga6.x86_64 - lib64poppler-qt4_4-0.52.0-3.2.mga6.x86_64 - lib64poppler-qt5_1-0.52.0-3.2.mga6.x86_64 - lib64poppler66-0.52.0-3.2.mga6.x86_64 - poppler-0.52.0-3.2.mga6.x86_64 Tried out the PoCs. $ pdftohtml -q -s ./mal-XRef-cc-1539-4-49-SIGSEGV.pdf $ $ pdftoppm -q mal-gfx-memory-corruption.pdf <This sent a stream of binary characters to the screen. With an output argument the command showed no output and there was no resulting file which probably indicates that the output stream was terminated without closing because the infinite loop condition had been detected.> $ pdftoppm -q mal-gfx-memory-corruption.pdf b $ $ ls -l b ls: cannot access 'b': No such file or directory $ pdftohtml -q -s mal-Splash-cc-4585-3-67-SIGFPE.pdf a $ The PoC tests look good. Installed the development packages to show that there are no installation problems. Utility tests ------------- man pages re available for the individual pdf tools and help via -h parameter; pdfdetach, pdffonts, pdfimages, pdfinfo, pdfseparate, pdfsig, pdftocairo, pdftohtml, pdftoppm, pdftops, pdftotext, pdfunite. The poppler-glib-demo program is not on the system. It was difficult to find PDFs with attachments. These ebooks do not have any. $ pdfdetach -list MasteringPython.pdf 0 embedded files $ pdfdetach -list pragpub-2013-02.pdf 0 embedded files $ pdfdetach -list TheGoProgrammingLanguage.pdf 0 embedded files Fonts in a home-made pdf are correctly named. $ pdffonts abc-1.pdf name type encoding emb sub uni object ID ------------------------------------ ----------------- ---------------- --- --- --- --------- XRIKIW+BlueHighwayCondensed TrueType WinAnsi yes yes yes 8 0 MLTHUS+JorvikInformal Type 1C WinAnsi yes yes no 10 0 ======================================================= Extract embedded images from a PDF document. $ pdfimages -png jp2test.pdf test $ ls -l test*.png -rw-r--r-- 1 lcl lcl 142553 Oct 5 13:01 test-000.png <The image displayed correctly.> $ pdfimages LJ_TE38.pdf linux $ ls linux-*.ppm | wc -l 254 ======================================================= $ pdfinfo working-with-ruby-threads_p1_0.pdf Title: Working With Ruby Threads Subject: [Your book description] Keywords: [Your book keywords (comma-separated)] Author: Jesse Storimer Creator: The Pragmatic Bookshelf .............................. PDF version: 1.4 ======================================================= Extract pages 10-20 from a PDF document.. $ pdfseparate -f 10 -l 20 LJ_TE38.pdf LJ_%d $ ls LJ* LJ_10 LJ_12 LJ_14 LJ_16 LJ_18 LJ_20 LJ_TE38.pdf LJ_11 LJ_13 LJ_15 LJ_17 LJ_19 LJ_DRUPAL1.pdf $ file LJ_10 LJ_10: PDF document, version 1.6 Pages displayed fine in xpdf. ======================================================= Conversion to various image formats. $ pdftocairo -eps abc-1.pdf test2.ps $ gs test2.ps <displayed OK> $ pdftocairo -jpeg abc-1.pdf test3 $ ls test3* test3-1.jpg $ eom test3-1.jpg <displayed OK> ======================================================= Create an html file for the PDF document. $ pdftohtml UsingDocker.pdf abc.html This creates the three files abc.html, abc_ind.html and abcs.html and numerous abc*.png files in the current directory. Moved all these into a new directory and moved that to ~/Downloads which is bookmarked in my browser. Clicked on bookmark then abc.html and found the contents of the PDF file displayed with page index and embedded URLs. ======================================================= $ pdftoppm abc-1.pdf abcx abcx-1.ppm $ eom abcx-1.ppm Displays OK. That should be enough for a 64-bit OK.
Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OK
MGA6-32 on Asus A6000VM MATE No installation issues. Picking a few of Len's tests: at CLI $ pdftohtml -q -s ./mal-XRef-cc-1539-4-49-SIGSEGV.pdf generates html and 5 png files OK $ pdftoppm -q mal-gfx-memory-corruption.pdf as Len above: unreadable stream $ pdftohtml -q -s mal-Splash-cc-4585-3-67-SIGFPE.pdf a no feedback, no output file. And from bug 21516 Comment 3 $ pdftotext attachment.pdf attachment.txt Resulting txt file has all text info from PDF, so OK for me.
Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-64-OK MGA6-32-OKCC: (none) => herman.viaene
Installed and tested without issues. Tests are the same as the ones done by Len Lawrence in comment 6. System: Mageia 5, x86_64, Intel CPU. $ rpm -qa | grep poppler poppler-0.26.5-2.4.mga5 lib64poppler46-0.26.5-2.4.mga5 lib64poppler-glib8-0.26.5-2.4.mga5 lib64poppler-qt4_4-0.26.5-2.4.mga5 $ uname -a Linux marte 4.4.89-desktop-1.mga5 #1 SMP Wed Sep 27 16:25:14 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ wget -q 'https://bugs.freedesktop.org/attachment.cgi?id=134185' $ pdftohtml -q -s ./mal-XRef-cc-1539-4-49-SIGSEGV.pdf $ # OK, no segfault $ wget -q 'https://bugs.freedesktop.org/attachment.cgi?id=134196' $ pdftoppm -q ./mal-gfx-memory-corruption.pdf $ # OK, no segfault $ wget -q 'https://bugs.freedesktop.org/attachment.cgi?id=134210' $ pdftohtml -q -s mal-Splash-cc-4585-3-67-SIGFPE.pdf a $ # OK, no floating point exception $ # OK, PoC tests passed. $ find -ipath '*.pdf' -exec pdfdetach -saveall '{}' ';' <SNIP> $ # OK, bunch of *.joboptions saved. $ find -ipath '*.pdf' -exec pdffonts '{}' ';' name type encoding emb sub uni object ID ------------------------------------ ----------------- ---------------- --- --- --- --------- TimesNewRoman TrueType WinAnsi no no no 13 0 HLGIGC+Arial,Bold TrueType WinAnsi yes yes no 15 0 ILGIGC+TimesNewRoman,Bold TrueType WinAnsi yes yes no 17 0 JLGIGC+TimesNewRoman,Italic TrueType WinAnsi yes yes no 1370 0 <SNIP_MANY_MORE_LIKE_THE_ABOVE> $ # OK, seems to produce correct results. $ find /home/pedro/ -ipath '*.pdf' -exec pdfimages -png '{}' test ';' $ # OK, lots of PNG images saved. $ find /home/pedro/ -ipath '*.pdf' -exec pdfinfo '{}' ';' <SNIP_LONG_OUTPUT> $ # OK, information seems correct. $ pdfseparate -f 10 -l 20 test.pdf test_%d.pdf $ ls test_*.pdf test_10.pdf test_11.pdf test_12.pdf test_13.pdf test_14.pdf test_15.pdf test_16.pdf test_17.pdf test_18.pdf test_19.pdf test_20.pdf $ # OK. $ for U in test_*.pdf ; do pdftocairo -eps "$U" "$U.ps" ; okular "$U.ps" ; done $ # OK, PS files displayed correctly by okular $ ls test_*.pdf.ps test_11.pdf.ps test_12.pdf.ps test_13.pdf.ps test_14.pdf.ps test_15.pdf.ps test_16.pdf.ps test_17.pdf.ps test_18.pdf.ps test_19.pdf.ps test_20.pdf.ps $ for U in test_*.pdf ; do pdftocairo -jpeg "$U" "$U" ; gwenview "$U-1.jpg" ; done $ # OK, images displayed correctly by gwenview $ for U in test_*.pdf ; do pdftohtml "$U" "${U/.pdf/}" ; konqueror "./${U/.pdf/.html}" ; done <SNIP> $ # OK, html pages displayed correctly by konqueror $ for U in test_*.pdf ; do pdftoppm "$U" "$U" ; gwenview "$U-1.ppm" ; done $ # OK, images displayed correctly by gwenview
Whiteboard: MGA5TOO MGA6-64-OK MGA6-32-OK => MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OKCC: (none) => mageia
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0360.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED