Description:
===========================================================Ubuntu Security Notice USN-850-2 October 22, 2009poppler regressionhttps://launchpad.net/bugs/457985===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.7 libpoppler1-glib 0.5.1-0ubuntu7.7Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.4 libpoppler2 0.6.4-1ubuntu3.4Ubuntu 8.10: libpoppler-glib3 0.8.7-1ubuntu0.5 libpoppler3 0.8.7-1ubuntu0.5Ubuntu 9.04: libpoppler-glib4 0.10.5-1ubuntu2.5 libpoppler4 0.10.5-1ubuntu2.5In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:USN-850-1 fixed vulnerabilities in poppler. The security fix forCVE-2009-3605 introduced a regression that would cause certainapplications, such as Okular, to segfault when opening certain PDF files.This update fixes the problem. We apologize for the inconvenience.Original advisory details: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.





More...