[SECURITY] [DLA 2440-1] poppler security update

2020-11-0823:59:37

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

69.8%

JSON

Debian LTS Advisory DLA-2440-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
November 08, 2020 https://wiki.debian.org/LTS

Package : poppler
Version : 0.48.0-2+deb9u4
CVE ID : CVE-2017-14926 CVE-2017-14928 CVE-2018-19058
CVE-2018-20650 CVE-2018-20662 CVE-2019-7310
CVE-2019-9959 CVE-2019-10018 CVE-2019-14494
Debian Bug : 877239 877231 913177 917974 918158 926133
933812 921215 941776

Several issues were found and corrected in Poppler, a PDF rendering library,
that could lead to denial of service or possibly other unspecified impact when
processing maliciously crafted documents.

For Debian 9 stretch, these problems have been fixed in version
0.48.0-2+deb9u4.

We recommend that you upgrade your poppler packages.

For the detailed security status of poppler please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/poppler

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian10arm64libpoppler-cpp-dev< 0.71.0-5+deb10u1libpoppler-cpp-dev_0.71.0-5+deb10u1_arm64.deb
Debian10armhflibpoppler-glib-dev< 0.71.0-5+deb10u1libpoppler-glib-dev_0.71.0-5+deb10u1_armhf.deb
Debian10amd64libpoppler82< 0.71.0-5+deb10u1libpoppler82_0.71.0-5+deb10u1_amd64.deb
Debian9arm64libpoppler-glib8< 0.48.0-2+deb9u4libpoppler-glib8_0.48.0-2+deb9u4_arm64.deb
Debian9arm64poppler-dbg< 0.48.0-2+deb9u4poppler-dbg_0.48.0-2+deb9u4_arm64.deb
Debian9armhflibpoppler-cpp-dev< 0.48.0-2+deb9u4libpoppler-cpp-dev_0.48.0-2+deb9u4_armhf.deb
Debian8i386gir1.2-poppler-0.18< 0.26.5-2+deb8u8gir1.2-poppler-0.18_0.26.5-2+deb8u8_i386.deb
Debian8amd64libpoppler-cpp-dev< 0.26.5-2+deb8u8libpoppler-cpp-dev_0.26.5-2+deb8u8_amd64.deb
Debian8armhflibpoppler-qt5-1< 0.26.5-2+deb8u8libpoppler-qt5-1_0.26.5-2+deb8u8_armhf.deb
Debian10arm64gir1.2-poppler-0.18< 0.71.0-5+deb10u1gir1.2-poppler-0.18_0.71.0-5+deb10u1_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	arm64	libpoppler-cpp-dev	< 0.71.0-5+deb10u1	libpoppler-cpp-dev_0.71.0-5+deb10u1_arm64.deb
Debian	10	armhf	libpoppler-glib-dev	< 0.71.0-5+deb10u1	libpoppler-glib-dev_0.71.0-5+deb10u1_armhf.deb
Debian	10	amd64	libpoppler82	< 0.71.0-5+deb10u1	libpoppler82_0.71.0-5+deb10u1_amd64.deb
Debian	9	arm64	libpoppler-glib8	< 0.48.0-2+deb9u4	libpoppler-glib8_0.48.0-2+deb9u4_arm64.deb
Debian	9	arm64	poppler-dbg	< 0.48.0-2+deb9u4	poppler-dbg_0.48.0-2+deb9u4_arm64.deb
Debian	9	armhf	libpoppler-cpp-dev	< 0.48.0-2+deb9u4	libpoppler-cpp-dev_0.48.0-2+deb9u4_armhf.deb
Debian	8	i386	gir1.2-poppler-0.18	< 0.26.5-2+deb8u8	gir1.2-poppler-0.18_0.26.5-2+deb8u8_i386.deb
Debian	8	amd64	libpoppler-cpp-dev	< 0.26.5-2+deb8u8	libpoppler-cpp-dev_0.26.5-2+deb8u8_amd64.deb
Debian	8	armhf	libpoppler-qt5-1	< 0.26.5-2+deb8u8	libpoppler-qt5-1_0.26.5-2+deb8u8_armhf.deb
Debian	10	arm64	gir1.2-poppler-0.18	< 0.71.0-5+deb10u1	gir1.2-poppler-0.18_0.71.0-5+deb10u1_arm64.deb