Bug 9390 - poppler new security issues CVE-2013-1788 and CVE-2013-1790
: poppler new security issues CVE-2013-1788 and CVE-2013-1790
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/542911/
: has_procedure mga2-32-ok mga2-64-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-03-14 19:01 CET by David Walser
Modified: 2013-03-16 22:45 CET (History)
3 users (show)

See Also:
Source RPM: poppler-0.18.4-2.mga2.src.rpm
CVE:


Attachments

Description David Walser 2013-03-14 19:01:48 CET
Fedora has issued an advisory on March 5:
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html

There were three CVEs (CVE-2013-1788, CVE-2013-1789, CVE-2013-1790) fixed upstream in 0.22.1, which we have in Cauldron.

There are reproducer PDFs for these bugs, but I don't know if they are publicly available.  If they are, they can be used as PoC's, and it'd be nice to check if CVE-2013-1789 affects 0.18.4 as Fedora didn't add a patch for that one.

There is also another bug that Fedora fixed that I haven't, but I could:
https://bugzilla.redhat.com/show_bug.cgi?id=817378

Advisory:
========================

Updated poppler packages fix security vulnerabilities:

Invalid memory access flaws in poppler before 0.22.1 (CVE-2013-1788).

An uninitialized memory read flaw in poppler before 0.22.1 (CVE-2013-1790).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html
========================

Updated packages in core/updates_testing:
========================
poppler-0.18.4-2.1.mga2
libpoppler19-0.18.4-2.1.mga2
libpoppler-devel-0.18.4-2.1.mga2
libpoppler-cpp0-0.18.4-2.1.mga2
libpoppler-qt4-devel-0.18.4-2.1.mga2
libpoppler-qt4-3-0.18.4-2.1.mga2
libpoppler-glib8-0.18.4-2.1.mga2
libpoppler-gir0.18-0.18.4-2.1.mga2
libpoppler-glib-devel-0.18.4-2.1.mga2
libpoppler-cpp-devel-0.18.4-2.1.mga2

from poppler-0.18.4-2.1.mga2.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-03-16 15:51:06 CET
Testing i586 with commands found with
urpmf poppler | grep bin
Comment 2 claire robinson 2013-03-16 15:56:59 CET
Testing some the backends by opening pdf's in okular, evince, epdfview
Comment 3 claire robinson 2013-03-16 16:20:31 CET
Testing complete mga2 32

$ pdffonts example.pdf
name                                 type              emb sub uni object ID
------------------------------------ ----------------- --- --- --- ---------
Courier-Bold                         Type 1            no  no  no    4293  0
Courier-Oblique                      Type 1            no  no  no    4294  0
Times-Roman                          Type 1            no  no  no    4295  0
Times-BoldItalic                     Type 1            no  no  no    4296  0
Courier                              Type 1            no  no  no    4297  0
Times-Italic                         Type 1            no  no  no    4298  0
Times-Bold                           Type 1            no  no  no    4299  0

$ pdfimages -f 1 -l 10 example.pdf examplepdf
$ ls examplepdf*
examplepdf-000.ppm
$ gwenview examplepdf-000.ppm

$ pdfinfo example.pdf
Shows pdf info

$ pdftohtml -s -f 1 -l 10 example.pdf examplepdf
Page-1
Page-2
 link to page 7  link to page 7  link to page 8  link to page 8  link to page 9  link to page 9  link to page 10  link to page 10  link to page 12  link to page 12  link to page 15  link to page 15  link to page 16  link to page 16  link to page 23  link to page 23  link to page 26
etc..

$ ls examplepdf*
examplepdf-000.ppm  examplepdf004.png  examplepdf008.png    examplepdf-html.html
examplepdf001.png   examplepdf005.png  examplepdf009.png    examplepdfs.html
examplepdf002.png   examplepdf006.png  examplepdf010.png
examplepdf003.png   examplepdf007.png  examplepdf-10_1.png

$ konqueror examplepdf-html.html

$ okular example.pdf
$ evince example.pdf
$ epdfview example.pdf
Comment 4 claire robinson 2013-03-16 16:20:46 CET
No PoC's btw
Comment 5 Carolyn Rowse 2013-03-16 17:08:12 CET
Testing x86_64

Carolyn
Comment 6 Carolyn Rowse 2013-03-16 18:20:16 CET
Similar tests to Claire's on 64-bit, no problems found.

Testing complete.
Update validated.

See description for advisory and SRPM.

Could sysadmin please push from core/updates_testing to core/updates.

Thank you.

Carolyn
Comment 7 D Morgan 2013-03-16 22:45:09 CET
Update pushed: 
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0095

Note You need to log in before you can comment on or make changes to this bug.