Issued:
2008-04-17
Updated:
2008-04-17

RHSA-2008:0239 - Security Advisory

Synopsis

Important: poppler security update

Type/Severity

Security Advisory: Important

Topic

Updated poppler packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Poppler is a PDF rendering library, used by applications such as Evince.

Kees Cook discovered a flaw in the way poppler displayed malformed fonts
embedded in PDF files. An attacker could create a malicious PDF file that
would cause applications that use poppler -- such as Evince -- to crash,
or, potentially, execute arbitrary code when opened. (CVE-2008-1693)

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 5.1 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.1 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.1 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

(none)

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
poppler-0.5.4-4.4.el5_1.src.rpm SHA-256: a92acb11d49928d331d5c99a815eca187ed0e6582633a542cd0eac887c3bde06
x86_64
poppler-0.5.4-4.4.el5_1.i386.rpm SHA-256: 060df39e1494dd92a8400b7e63946ae8ca7b89f0c249d96925b9c070e6bb5957
poppler-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: 8a5774ba2b294ff7942b5f70e550fab5a377f362c535ed9a87b1e9695e57259d
poppler-devel-0.5.4-4.4.el5_1.i386.rpm SHA-256: b3ef9ae187d3a565a3aabb21ae18c5b1d0fca9649bbf2cb0efe620f034fdb67e
poppler-devel-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: 7c451b04ba10ac869b4acf8587e2ed2c310d9f3cdef732763d5187d9bf1636df
poppler-utils-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: e438d4ae5af4aa3897d660740a9fba00a1d8eb64cdec0e5e32c19e8ebf50e92e
ia64
poppler-0.5.4-4.4.el5_1.ia64.rpm SHA-256: 8d8da54691aa18d40a4a298359f41961a47fae0b3aa035aa3d38428b0452c1e7
poppler-devel-0.5.4-4.4.el5_1.ia64.rpm SHA-256: e431186bc4564519e3a10ef2a17c336dea4efe57f3c1db4f4ffa70a7cf26fbc8
poppler-utils-0.5.4-4.4.el5_1.ia64.rpm SHA-256: 493be33ce3ea9f67fe0c495c57cadd0086d7d680c0af7f3803f6905510569bc9
i386
poppler-0.5.4-4.4.el5_1.i386.rpm SHA-256: 060df39e1494dd92a8400b7e63946ae8ca7b89f0c249d96925b9c070e6bb5957
poppler-devel-0.5.4-4.4.el5_1.i386.rpm SHA-256: b3ef9ae187d3a565a3aabb21ae18c5b1d0fca9649bbf2cb0efe620f034fdb67e
poppler-utils-0.5.4-4.4.el5_1.i386.rpm SHA-256: 242ceb4a2a20fdb622c04cd8b869dcf580e9bed3d50b096a29a9fc3bb85155c8

Red Hat Enterprise Linux Workstation 5

SRPM
poppler-0.5.4-4.4.el5_1.src.rpm SHA-256: a92acb11d49928d331d5c99a815eca187ed0e6582633a542cd0eac887c3bde06
x86_64
poppler-0.5.4-4.4.el5_1.i386.rpm SHA-256: 060df39e1494dd92a8400b7e63946ae8ca7b89f0c249d96925b9c070e6bb5957
poppler-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: 8a5774ba2b294ff7942b5f70e550fab5a377f362c535ed9a87b1e9695e57259d
poppler-devel-0.5.4-4.4.el5_1.i386.rpm SHA-256: b3ef9ae187d3a565a3aabb21ae18c5b1d0fca9649bbf2cb0efe620f034fdb67e
poppler-devel-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: 7c451b04ba10ac869b4acf8587e2ed2c310d9f3cdef732763d5187d9bf1636df
poppler-utils-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: e438d4ae5af4aa3897d660740a9fba00a1d8eb64cdec0e5e32c19e8ebf50e92e
i386
poppler-0.5.4-4.4.el5_1.i386.rpm SHA-256: 060df39e1494dd92a8400b7e63946ae8ca7b89f0c249d96925b9c070e6bb5957
poppler-devel-0.5.4-4.4.el5_1.i386.rpm SHA-256: b3ef9ae187d3a565a3aabb21ae18c5b1d0fca9649bbf2cb0efe620f034fdb67e
poppler-utils-0.5.4-4.4.el5_1.i386.rpm SHA-256: 242ceb4a2a20fdb622c04cd8b869dcf580e9bed3d50b096a29a9fc3bb85155c8

Red Hat Enterprise Linux Desktop 5

SRPM
poppler-0.5.4-4.4.el5_1.src.rpm SHA-256: a92acb11d49928d331d5c99a815eca187ed0e6582633a542cd0eac887c3bde06
x86_64
poppler-0.5.4-4.4.el5_1.i386.rpm SHA-256: 060df39e1494dd92a8400b7e63946ae8ca7b89f0c249d96925b9c070e6bb5957
poppler-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: 8a5774ba2b294ff7942b5f70e550fab5a377f362c535ed9a87b1e9695e57259d
poppler-utils-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: e438d4ae5af4aa3897d660740a9fba00a1d8eb64cdec0e5e32c19e8ebf50e92e
i386
poppler-0.5.4-4.4.el5_1.i386.rpm SHA-256: 060df39e1494dd92a8400b7e63946ae8ca7b89f0c249d96925b9c070e6bb5957
poppler-utils-0.5.4-4.4.el5_1.i386.rpm SHA-256: 242ceb4a2a20fdb622c04cd8b869dcf580e9bed3d50b096a29a9fc3bb85155c8

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
poppler-0.5.4-4.4.el5_1.src.rpm SHA-256: a92acb11d49928d331d5c99a815eca187ed0e6582633a542cd0eac887c3bde06
s390x
poppler-0.5.4-4.4.el5_1.s390.rpm SHA-256: b929d3749c0a682648d4196c75126fe6f2b594a194766601626372996ef2a59d
poppler-0.5.4-4.4.el5_1.s390x.rpm SHA-256: 7765b407f4bb6ed995c1ff7084cea6e4b37400c207f6a04c370eea853fe7d225
poppler-devel-0.5.4-4.4.el5_1.s390.rpm SHA-256: e34a1314b30eb8b71c8f1555ae97b637999856746f629861fec150fdeef493c2
poppler-devel-0.5.4-4.4.el5_1.s390x.rpm SHA-256: 6aed4c23c2e5efc8ee35b9953f3f120c0d25c390af04dff25654963e539d3149
poppler-utils-0.5.4-4.4.el5_1.s390x.rpm SHA-256: ac585ec641db2754ca8407c1700d6f4b0a7ffa77259c8913920d7737f4a1c027

Red Hat Enterprise Linux for Power, big endian 5

SRPM
poppler-0.5.4-4.4.el5_1.src.rpm SHA-256: a92acb11d49928d331d5c99a815eca187ed0e6582633a542cd0eac887c3bde06
ppc
poppler-0.5.4-4.4.el5_1.ppc.rpm SHA-256: 132fa09094a8911c64163e216e9f1e2bf7ec6068bdaa07863c9d30365641912b
poppler-0.5.4-4.4.el5_1.ppc64.rpm SHA-256: 99e8fa94bc62b0faa47f8e9f43ee2fec62a1303959874b5819d5bb178c7fac1d
poppler-devel-0.5.4-4.4.el5_1.ppc.rpm SHA-256: 3c447db40723a2432a41350a2f161d41390350e5aa6a9d07a7e143a5738244ba
poppler-devel-0.5.4-4.4.el5_1.ppc64.rpm SHA-256: 7e400fa59ef6a343de7fb4d028baff842a4ed091fc33ec77dcbc62c894f37fb8
poppler-utils-0.5.4-4.4.el5_1.ppc.rpm SHA-256: 5082e3747c69c286190cf9e798c8e2c7e4140e1f88ecbf85f9cb35dc7800cc88

Red Hat Enterprise Linux Server from RHUI 5

SRPM
poppler-0.5.4-4.4.el5_1.src.rpm SHA-256: a92acb11d49928d331d5c99a815eca187ed0e6582633a542cd0eac887c3bde06
x86_64
poppler-0.5.4-4.4.el5_1.i386.rpm SHA-256: 060df39e1494dd92a8400b7e63946ae8ca7b89f0c249d96925b9c070e6bb5957
poppler-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: 8a5774ba2b294ff7942b5f70e550fab5a377f362c535ed9a87b1e9695e57259d
poppler-devel-0.5.4-4.4.el5_1.i386.rpm SHA-256: b3ef9ae187d3a565a3aabb21ae18c5b1d0fca9649bbf2cb0efe620f034fdb67e
poppler-devel-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: 7c451b04ba10ac869b4acf8587e2ed2c310d9f3cdef732763d5187d9bf1636df
poppler-utils-0.5.4-4.4.el5_1.x86_64.rpm SHA-256: e438d4ae5af4aa3897d660740a9fba00a1d8eb64cdec0e5e32c19e8ebf50e92e
i386
poppler-0.5.4-4.4.el5_1.i386.rpm SHA-256: 060df39e1494dd92a8400b7e63946ae8ca7b89f0c249d96925b9c070e6bb5957
poppler-devel-0.5.4-4.4.el5_1.i386.rpm SHA-256: b3ef9ae187d3a565a3aabb21ae18c5b1d0fca9649bbf2cb0efe620f034fdb67e
poppler-utils-0.5.4-4.4.el5_1.i386.rpm SHA-256: 242ceb4a2a20fdb622c04cd8b869dcf580e9bed3d50b096a29a9fc3bb85155c8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.