poppler security update

2008-04-21T15:50:27
ID CESA-2008:0239
Type centos
Reporter CentOS Project
Modified 2008-04-21T15:50:27

Description

CentOS Errata and Security Advisory CESA-2008:0239

Poppler is a PDF rendering library, used by applications such as Evince.

Kees Cook discovered a flaw in the way poppler displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications that use poppler -- such as Evince -- to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693)

Users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-April/014856.html http://lists.centos.org/pipermail/centos-announce/2008-April/014857.html

Affected packages: poppler poppler-devel poppler-utils

Upstream details at: https://rhn.redhat.com/errata/RHSA-2008-0239.html