poppler security update

2010-10-10T18:51:57
ID CESA-2010:0749
Type centos
Reporter CentOS Project
Modified 2010-10-10T18:51:57

Description

CentOS Errata and Security Advisory CESA-2010:0749

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.

An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2010-October/017055.html http://lists.centos.org/pipermail/centos-announce/2010-October/017056.html

Affected packages: poppler poppler-devel poppler-utils

Upstream details at: https://rhn.redhat.com/errata/RHSA-2010-0749.html