Description: | Description: The remote host is missing an update to poppler announced via advisory FEDORA-2009-10823.
Update Information:
This build addresses several recent security issues.
ChangeLog:
* Sun Oct 25 2009 Rex Dieter - 0.8.8-7 - CVE-2009-3603 SplashBitmap::SplashBitmap integer overflow (#526915) - CVE-2009-3604 Splash::drawImage integer overflow and missing allocation return value check(#526911) - CVE-2009-3606 PSOutputDev::doImageL1Sep integer overflow (#526877) - CVE-2009-3607 create_surface_from_thumbnail_data integer overflow (#526924) - CVE-2009-3608 integer overflow in ObjectStream::ObjectStream (#526637) - CVE-2009-3609 ImageStream::ImageStream integer overflow (#526893)
References:
[ 1 ] Bug #526915 - CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526915 [ 2 ] Bug #526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check https://bugzilla.redhat.com/show_bug.cgi?id=526911 [ 3 ] Bug #526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526877 [ 4 ] Bug #526924 - CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526924 [ 5 ] Bug #526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) https://bugzilla.redhat.com/show_bug.cgi?id=526637 [ 6 ] Bug #526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=526893
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update poppler' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10823
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|