Ubuntu has issued an advisory today (January 8): https://usn.ubuntu.com/usn/usn-3517-1/ It fixes one issue that we haven't yet. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for poppler
CC: (none) => marja11, nicolas.salgueroAssignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. (CVE-2017-1000456) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000456 https://usn.ubuntu.com/usn/usn-3517-1/ ======================== Updated packages in core/updates_testing: ======================== poppler-0.52.0-3.6.mga6 lib(64)poppler66-0.52.0-3.6.mga6 lib(64)poppler-devel-0.52.0-3.6.mga6 lib(64)poppler-cpp0-0.52.0-3.6.mga6 lib(64)poppler-qt4-devel-0.52.0-3.6.mga6 lib(64)poppler-qt5-devel-0.52.0-3.6.mga6 lib(64)poppler-qt4_4-0.52.0-3.6.mga6 lib(64)poppler-qt5_1-0.52.0-3.6.mga6 lib(64)poppler-glib8-0.52.0-3.6.mga6 lib(64)poppler-gir0.18-0.52.0-3.6.mga6 lib(64)poppler-glib-devel-0.52.0-3.6.mga6 lib(64)poppler-cpp-devel-0.52.0-3.6.mga6 from SRPMS: poppler-0.52.0-3.6.mga6.src.rpm
Assignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2017-1000456Status: NEW => ASSIGNEDVersion: Cauldron => 6Whiteboard: MGA6TOO => (none)
Source RPM: poppler-0.60.1-2.mga7.src.rpm => poppler-0.52.0-3.5.mga6.src.rpm
Mageia 6 :: x86_64 All packages updated cleanly. CVE-2017-1000456 Invalid read demonstrated by the POC file from https://bugs.freedesktop.org/show_bug.cgi?id=103116 Before: $ pdftotext 0JBYrSy8_CRASHED.pdf poc.txt Syntax Error: Embedded font file may be invalid Syntax Error (20431): Unknown operator 'TJJJJJJJJJJJJJJ' Segmentation fault (core dumped) $ pdftotext 0JBYrSy8_CRASHED.pdf poc.txt Syntax Error: Embedded font file may be invalid Syntax Error (20431): Unknown operator 'TJJJJJJJJJJJJJJ' Syntax Warning: wordBaseIdx out of range Syntax Warning: wordBaseIdx out of range Syntax Warning: wordBaseIdx out of range Syntax Warning: wordBaseIdx out of range Syntax Error (17678): Bad 'Length' attribute in stream Syntax Warning: wordBaseIdx out of range That looks conclusive. Ran a few tests as in previous poppler bugs. $ pdfimages -all working-with-ruby-threads_p1_0.pdf threads $ ls threads* threads-000.png threads-004.png threads-008.png threads-012.png ................................ $ pdfseparate -f 16 -l 22 working-with-ruby-threads_p1_0.pdf threadsx%d.pdf $ ls threadsx* threadsx16.pdf threadsx18.pdf threadsx20.pdf threadsx22.pdf threadsx17.pdf threadsx19.pdf threadsx21.pdf $ pdfunite threads1*.pdf reunited.pdf This produced a readable PDF file containing pages 16-19 of the original book. $ pdftotext reunited.pdf pages.txt $ cat pages.txt end # The main thread sleeps to prevent it from finishing execution. # If it were allowed to run, it would simply exit, killing the other # thread and preventing it from doing its important work. sleep ......................................... The text file retained the original page numbers 16-19. Good for 64 bits.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
Cut and paste error there - insert "Afterwards:" after 'Segmentation fault'.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0068.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
Patch checked into Mageia 5 SVN.
Blocks: (none) => 22377