{"cve": [{"lastseen": "2020-12-09T20:13:28", "description": "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-10T15:29:00", "title": "CVE-2017-18267", "type": "cve", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18267"], "modified": "2020-07-23T12:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:freedesktop:poppler:0.64.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:redhat:ansible_tower:3.3", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-18267", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18267", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:poppler:0.64.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-10-03T13:38:39", "description": "FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-08T23:29:00", "title": "CVE-2019-11026", "type": "cve", "cwe": ["CWE-674"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11026"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/a:freedesktop:poppler:0.75.0"], "id": "CVE-2019-11026", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11026", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:poppler:0.75.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:35", "description": "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-25T23:29:00", "title": "CVE-2018-13988", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13988"], "modified": "2019-04-25T14:16:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:redhat:openshift_container_platform:3.11", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:freedesktop:poppler:0.62.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:redhat:ansible_tower:3.3.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-13988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13988", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_tower:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:poppler:0.62.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-10-03T13:39:01", "description": "PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-03-21T18:29:00", "title": "CVE-2019-9903", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9903"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/a:freedesktop:poppler:0.74.0"], "id": "CVE-2019-9903", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9903", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:32:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2017-18267", "CVE-2019-11026", "CVE-2019-9903"], "description": "The remote host is missing an update for the ", "modified": "2019-05-17T00:00:00", "published": "2019-05-08T00:00:00", "id": "OPENVAS:1361412562310876324", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876324", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2019-3193a75b06", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876324\");\n script_version(\"2019-05-17T10:04:07+0000\");\n script_cve_id(\"CVE-2019-9903\", \"CVE-2019-11026\", \"CVE-2018-13988\", \"CVE-2017-18267\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:04:07 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-08 02:10:53 +0000 (Wed, 08 May 2019)\");\n script_name(\"Fedora Update for poppler FEDORA-2019-3193a75b06\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3193a75b06\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the FEDORA-2019-3193a75b06 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler is a PDF rendering library.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.62.0~22.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2017-18267"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191010", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1010)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1010\");\n script_version(\"2020-01-23T11:27:13+0000\");\n script_cve_id(\"CVE-2017-18267\", \"CVE-2018-13988\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:27:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:27:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1010)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1010\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1010\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-1010 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler: out of bounds read in pdfunite (CVE-2018-13988)\n\npoppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.26.5~17.h14.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.26.5~17.h14.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.26.5~17.h14.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.26.5~17.h14.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2017-18267"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-08-02T00:00:00", "id": "OPENVAS:1361412562310874879", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874879", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2018-c8c7d35b83", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c8c7d35b83_poppler_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for poppler FEDORA-2018-c8c7d35b83\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874879\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-02 06:04:19 +0200 (Thu, 02 Aug 2018)\");\n script_cve_id(\"CVE-2018-13988\", \"CVE-2017-18267\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for poppler FEDORA-2018-c8c7d35b83\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"poppler on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c8c7d35b83\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFJ4HNVK37HLZUQTQNVGRX53R37JIFL2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.62.0~3.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7310", "CVE-2018-13988", "CVE-2017-18267"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191054", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1054)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1054\");\n script_version(\"2020-01-23T11:29:18+0000\");\n script_cve_id(\"CVE-2017-18267\", \"CVE-2018-13988\", \"CVE-2019-7310\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:29:18 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:29:18 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1054)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1054\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1054\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-1054 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc(CVE-2019-7310)\n\npoppler: out of bounds read in pdfunite (CVE-2018-13988)\n\npoppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.26.5~17.h13\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.26.5~17.h13\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.26.5~17.h13\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.26.5~17.h13\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:32:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2018-10768", "CVE-2017-18267"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181393", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2018-1393)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1393\");\n script_version(\"2020-01-23T11:24:25+0000\");\n script_cve_id(\"CVE-2017-18267\", \"CVE-2018-13988\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:24:25 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:24:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2018-1393)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1393\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1393\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2018-1393 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768)\n\npoppler: out of bounds read in pdfunite (CVE-2018-13988)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.26.5~17.h13\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.26.5~17.h13\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.26.5~17.h13\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.26.5~17.h13\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:09:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2018-10768", "CVE-2017-18267", "CVE-2018-16646"], "description": "Various security issues were discovered in the poppler PDF rendering\nshared library.\n\nCVE-2017-18267\n\nThe FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler\nthrough 0.64.0 allows remote attackers to cause a denial of service\n(infinite recursion) via a crafted PDF file, as demonstrated by\npdftops.\n\nThe applied fix in FoFiType1C::cvtGlyph prevents infinite recursion\non such malformed documents.\n\nCVE-2018-10768\n\nA NULL pointer dereference in the AnnotPath::getCoordsLength function\nin Annot.h in Poppler 0.24.5 had been discovered. A crafted input\nwill lead to a remote denial of service attack. Later versions of\nPoppler such as 0.41.0 are not affected.\n\nThe applied patch fixes the crash on AnnotInk::draw for malformed\ndocuments.\n\nCVE-2018-13988\n\nPoppler through 0.62 contains an out of bounds read vulnerability due\nto an incorrect memory access that is not mapped in its memory space,\nas demonstrated by pdfunite. This can result in memory corruption and\ndenial of service. This may be exploitable when a victim opens a\nspecially crafted PDF file.\n\nThe applied patch fixes crashes when Object has negative number.\n(Specs say, number has to be > 0 and gen >= 0).\n\nFor Poppler in Debian jessie, the original upstream patch has been\nbackported to Poppler", "modified": "2020-01-29T00:00:00", "published": "2018-11-05T00:00:00", "id": "OPENVAS:1361412562310891562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891562", "type": "openvas", "title": "Debian LTS: Security Advisory for poppler (DLA-1562-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891562\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-18267\", \"CVE-2018-10768\", \"CVE-2018-13988\", \"CVE-2018-16646\");\n script_name(\"Debian LTS: Security Advisory for poppler (DLA-1562-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-05 00:00:00 +0100 (Mon, 05 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"poppler on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.26.5-2+deb8u5.\n\nWe recommend that you upgrade your poppler packages.\");\n\n script_tag(name:\"summary\", value:\"Various security issues were discovered in the poppler PDF rendering\nshared library.\n\nCVE-2017-18267\n\nThe FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler\nthrough 0.64.0 allows remote attackers to cause a denial of service\n(infinite recursion) via a crafted PDF file, as demonstrated by\npdftops.\n\nThe applied fix in FoFiType1C::cvtGlyph prevents infinite recursion\non such malformed documents.\n\nCVE-2018-10768\n\nA NULL pointer dereference in the AnnotPath::getCoordsLength function\nin Annot.h in Poppler 0.24.5 had been discovered. A crafted input\nwill lead to a remote denial of service attack. Later versions of\nPoppler such as 0.41.0 are not affected.\n\nThe applied patch fixes the crash on AnnotInk::draw for malformed\ndocuments.\n\nCVE-2018-13988\n\nPoppler through 0.62 contains an out of bounds read vulnerability due\nto an incorrect memory access that is not mapped in its memory space,\nas demonstrated by pdfunite. This can result in memory corruption and\ndenial of service. This may be exploitable when a victim opens a\nspecially crafted PDF file.\n\nThe applied patch fixes crashes when Object has negative number.\n(Specs say, number has to be > 0 and gen >= 0).\n\nFor Poppler in Debian jessie, the original upstream patch has been\nbackported to Poppler's old Object API.\n\nCVE-2018-16646\n\nIn Poppler 0.68.0, the Parser::getObj() function in Parser.cc may\ncause infinite recursion via a crafted file. A remote attacker can\nleverage this for a DoS attack.\n\nA range of upstream patches has been applied to Poppler's XRef.cc in\nDebian jessie to consolidate a fix for this issue.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"gir1.2-poppler-0.18\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-cpp-dev\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-cpp0\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib-doc\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib8\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-private-dev\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt4-4\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt5-1\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt5-dev\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler46\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.26.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7310", "CVE-2018-13988", "CVE-2017-18267", "CVE-2018-20662"], "description": "The remote host is missing an update for the ", "modified": "2019-04-03T00:00:00", "published": "2019-04-03T00:00:00", "id": "OPENVAS:1361412562310875533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875533", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2019-8b5e704a73", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875533\");\n script_version(\"2019-04-03T06:51:51+0000\");\n script_cve_id(\"CVE-2018-20662\", \"CVE-2019-7310\", \"CVE-2018-13988\", \"CVE-2017-18267\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-03 06:51:51 +0000 (Wed, 03 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-03 06:51:51 +0000 (Wed, 03 Apr 2019)\");\n script_name(\"Fedora Update for poppler FEDORA-2019-8b5e704a73\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8b5e704a73\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the FEDORA-2019-8b5e704a73 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler is a PDF rendering library.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.62.0~16.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2017-18267", "CVE-2018-20662", "CVE-2019-9631", "CVE-2019-9200"], "description": "The remote host is missing an update for\n the ", "modified": "2019-04-06T00:00:00", "published": "2019-04-06T00:00:00", "id": "OPENVAS:1361412562310875551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875551", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2019-13ba3be562", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875551\");\n script_version(\"2019-04-06T02:12:52+0000\");\n script_cve_id(\"CVE-2018-20662\", \"CVE-2019-9631\", \"CVE-2019-9200\", \"CVE-2018-13988\", \"CVE-2017-18267\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-06 02:12:52 +0000 (Sat, 06 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-06 02:12:52 +0000 (Sat, 06 Apr 2019)\");\n script_name(\"Fedora Update for poppler FEDORA-2019-13ba3be562\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-13ba3be562\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'poppler' package(s) announced via the FEDORA-2019-13ba3be562 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler is a PDF rendering library.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.62.0~20.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11026"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192296", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2296)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2296\");\n script_version(\"2020-01-23T12:45:47+0000\");\n script_cve_id(\"CVE-2019-11026\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:45:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:45:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2296)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2296\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2296\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-2296 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.(CVE-2019-11026)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.67.0~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.67.0~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.67.0~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.67.0~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19058", "CVE-2018-13988", "CVE-2018-19059", "CVE-2017-18267", "CVE-2018-19060", "CVE-2018-16646"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-12-04T00:00:00", "id": "OPENVAS:1361412562310875291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875291", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2018-54ed26a423", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_54ed26a423_poppler_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for poppler FEDORA-2018-54ed26a423\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875291\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-16646\", \"CVE-2018-19058\", \"CVE-2018-19059\",\n \"CVE-2018-19060\", \"CVE-2018-13988\", \"CVE-2017-18267\");\n script_bugtraq_id(106054);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 12:40:45 +0530 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for poppler FEDORA-2018-54ed26a423\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-54ed26a423\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ5WSZTPZ3WOIMO2P3MZYR6NKNLSLQBM\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the FEDORA-2018-54ed26a423 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"poppler on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.62.0~10.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11026", "CVE-2019-9903"], "description": "poppler is a PDF rendering library. ", "modified": "2019-04-30T02:28:22", "published": "2019-04-30T02:28:22", "id": "FEDORA:240BE601B296", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: poppler-0.67.0-18.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18267", "CVE-2018-13988"], "description": "poppler is a PDF rendering library. ", "modified": "2018-07-31T18:06:40", "published": "2018-07-31T18:06:40", "id": "FEDORA:7203C638C662", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: poppler-0.62.0-3.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-20662", "CVE-2019-7310"], "description": "poppler is a PDF rendering library. ", "modified": "2019-04-01T01:21:55", "published": "2019-04-01T01:21:55", "id": "FEDORA:13D2A6076D22", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: poppler-0.62.0-16.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-20662", "CVE-2019-9200", "CVE-2019-9631"], "description": "poppler is a PDF rendering library. ", "modified": "2019-04-05T01:56:59", "published": "2019-04-05T01:56:59", "id": "FEDORA:2B5FE6077CC2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: poppler-0.62.0-20.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11026"], "description": "poppler is a PDF rendering library. ", "modified": "2019-04-27T21:34:44", "published": "2019-04-27T21:34:44", "id": "FEDORA:B5014604733D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: poppler-0.73.0-9.fc30", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650"], "description": "poppler is a PDF rendering library. ", "modified": "2019-02-08T02:30:13", "published": "2019-02-08T02:30:13", "id": "FEDORA:9501060491C8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: poppler-0.62.0-14.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-16646", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060"], "description": "poppler is a PDF rendering library. ", "modified": "2018-11-21T03:14:22", "published": "2018-11-21T03:14:22", "id": "FEDORA:42522608A350", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: poppler-0.62.0-10.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18267"], "description": "poppler is a PDF rendering library. ", "modified": "2018-06-02T20:46:33", "published": "2018-06-02T20:46:33", "id": "FEDORA:3C732604A72B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: poppler-0.62.0-2.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149"], "description": "MinGW Windows Poppler library. ", "modified": "2018-12-29T02:26:16", "published": "2018-12-29T02:26:16", "id": "FEDORA:7A62B604CC1D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mingw-poppler-0.62.0-2.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-16646", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20662", "CVE-2019-7310"], "description": "MinGW Windows Poppler library. ", "modified": "2019-03-15T03:35:43", "published": "2019-03-15T03:35:43", "id": "FEDORA:B23A16075D85", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mingw-poppler-0.62.0-3.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T02:21:15", "description": "Security fix for CVE-2019-9903 and CVE-2019-11026.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-05-07T00:00:00", "title": "Fedora 28 : poppler (2019-3193a75b06)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11026", "CVE-2019-9903"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:poppler", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-3193A75B06.NASL", "href": "https://www.tenable.com/plugins/nessus/124660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-3193a75b06.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124660);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-11026\", \"CVE-2019-9903\");\n script_xref(name:\"FEDORA\", value:\"2019-3193a75b06\");\n\n script_name(english:\"Fedora 28 : poppler (2019-3193a75b06)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-9903 and CVE-2019-11026.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"poppler-0.62.0-22.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T02:26:17", "description": "Security fix for CVE-2019-9903 and CVE-2019-11026.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-04-30T00:00:00", "title": "Fedora 29 : poppler (2019-95eb49ef49)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11026", "CVE-2019-9903"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:poppler"], "id": "FEDORA_2019-95EB49EF49.NASL", "href": "https://www.tenable.com/plugins/nessus/124373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-95eb49ef49.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124373);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-11026\", \"CVE-2019-9903\");\n script_xref(name:\"FEDORA\", value:\"2019-95eb49ef49\");\n\n script_name(english:\"Fedora 29 : poppler (2019-95eb49ef49)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-9903 and CVE-2019-11026.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-95eb49ef49\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"poppler-0.67.0-18.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:54:29", "description": "According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - poppler: out of bounds read in pdfunite\n (CVE-2018-13988)\n\n - poppler: Infinite recursion in\n fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function\n allows denial of service (CVE-2017-18267)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-08T00:00:00", "title": "EulerOS 2.0 SP5 : poppler (EulerOS-SA-2019-1010)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2017-18267"], "modified": "2019-01-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler-utils", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-qt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1010.NASL", "href": "https://www.tenable.com/plugins/nessus/120998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120998);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18267\",\n \"CVE-2018-13988\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : poppler (EulerOS-SA-2019-1010)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - poppler: out of bounds read in pdfunite\n (CVE-2018-13988)\n\n - poppler: Infinite recursion in\n fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function\n allows denial of service (CVE-2017-18267)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1010\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3179d20\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-13988\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h14.eulerosv2r7\",\n \"poppler-glib-0.26.5-17.h14.eulerosv2r7\",\n \"poppler-qt-0.26.5-17.h14.eulerosv2r7\",\n \"poppler-utils-0.26.5-17.h14.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:19:59", "description": "There is a NULL pointer dereference in the AnnotPath::getCoordsLength\nfunction in Annot.h. A crafted input will lead to a remote denial of\nservice attack.(CVE-2018-10768)\n\nThe FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler\nallows remote attackers to cause a denial of service (infinite\nrecursion) via a crafted PDF file, as demonstrated by\npdftops.(CVE-2017-18267)\n\nPoppler contains an out of bounds read vulnerability due to an\nincorrect memory access that is not mapped in its memory space, as\ndemonstrated by pdfunite. This can result in memory corruption and\ndenial of service. This may be exploitable when a victim opens a\nspecially crafted PDF file.(CVE-2018-13988)", "edition": 19, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-12-07T00:00:00", "title": "Amazon Linux AMI : poppler (ALAS-2018-1110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2018-10768", "CVE-2017-18267"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:poppler", "p-cpe:/a:amazon:linux:poppler-cpp", "p-cpe:/a:amazon:linux:poppler-cpp-devel", "p-cpe:/a:amazon:linux:poppler-glib-devel", "p-cpe:/a:amazon:linux:poppler-glib", "p-cpe:/a:amazon:linux:poppler-utils", "p-cpe:/a:amazon:linux:poppler-devel", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:poppler-debuginfo"], "id": "ALA_ALAS-2018-1110.NASL", "href": "https://www.tenable.com/plugins/nessus/119469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1110.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119469);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-18267\", \"CVE-2018-10768\", \"CVE-2018-13988\");\n script_xref(name:\"ALAS\", value:\"2018-1110\");\n\n script_name(english:\"Amazon Linux AMI : poppler (ALAS-2018-1110)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"There is a NULL pointer dereference in the AnnotPath::getCoordsLength\nfunction in Annot.h. A crafted input will lead to a remote denial of\nservice attack.(CVE-2018-10768)\n\nThe FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler\nallows remote attackers to cause a denial of service (infinite\nrecursion) via a crafted PDF file, as demonstrated by\npdftops.(CVE-2017-18267)\n\nPoppler contains an out of bounds read vulnerability due to an\nincorrect memory access that is not mapped in its memory space, as\ndemonstrated by pdfunite. This can result in memory corruption and\ndenial of service. This may be exploitable when a victim opens a\nspecially crafted PDF file.(CVE-2018-13988)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1110.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update poppler' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"poppler-0.26.5-20.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-cpp-0.26.5-20.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-cpp-devel-0.26.5-20.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-debuginfo-0.26.5-20.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-devel-0.26.5-20.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-glib-0.26.5-20.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-glib-devel-0.26.5-20.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-utils-0.26.5-20.18.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / poppler-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:54:39", "description": "According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - poppler: heap-based buffer over-read in XRef::getEntry\n in XRef.cc(CVE-2019-7310)\n\n - poppler: out of bounds read in pdfunite\n (CVE-2018-13988)\n\n - poppler: Infinite recursion in\n fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function\n allows denial of service (CVE-2017-18267)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-02-22T00:00:00", "title": "EulerOS 2.0 SP2 : poppler (EulerOS-SA-2019-1054)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7310", "CVE-2018-13988", "CVE-2017-18267"], "modified": "2019-02-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler-utils", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-qt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1054.NASL", "href": "https://www.tenable.com/plugins/nessus/122381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122381);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18267\",\n \"CVE-2018-13988\",\n \"CVE-2019-7310\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : poppler (EulerOS-SA-2019-1054)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - poppler: heap-based buffer over-read in XRef::getEntry\n in XRef.cc(CVE-2019-7310)\n\n - poppler: out of bounds read in pdfunite\n (CVE-2018-13988)\n\n - poppler: Infinite recursion in\n fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function\n allows denial of service (CVE-2017-18267)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1054\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c1864eca\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7310\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h13\",\n \"poppler-glib-0.26.5-17.h13\",\n \"poppler-qt-0.26.5-17.h13\",\n \"poppler-utils-0.26.5-17.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:02:13", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - Poppler through 0.62 contains an out of bounds read\n vulnerability due to an incorrect memory access that is\n not mapped in its memory space, as demonstrated by\n pdfunite. This can result in memory corruption and\n denial of service. This may be exploitable when a victim\n opens a specially crafted PDF file. (CVE-2018-13988)\n\n - There is a NULL pointer dereference in the\n AnnotPath::getCoordsLength function in Annot.h in an\n Ubuntu package for Poppler 0.24.5. A crafted input will\n lead to a remote denial of service attack. Later Ubuntu\n packages such as for Poppler 0.41.0 are not affected.\n (CVE-2018-10768)\n\n - The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc\n in Poppler through 0.64.0 allows remote attackers to\n cause a denial of service (infinite recursion) via a\n crafted PDF file, as demonstrated by pdftops.\n (CVE-2017-18267)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2019-0045)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2018-10768", "CVE-2017-18267"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0045_POPPLER.NASL", "href": "https://www.tenable.com/plugins/nessus/127224", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0045. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127224);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-18267\", \"CVE-2018-10768\", \"CVE-2018-13988\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2019-0045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - Poppler through 0.62 contains an out of bounds read\n vulnerability due to an incorrect memory access that is\n not mapped in its memory space, as demonstrated by\n pdfunite. This can result in memory corruption and\n denial of service. This may be exploitable when a victim\n opens a specially crafted PDF file. (CVE-2018-13988)\n\n - There is a NULL pointer dereference in the\n AnnotPath::getCoordsLength function in Annot.h in an\n Ubuntu package for Poppler 0.24.5. A crafted input will\n lead to a remote denial of service attack. Later Ubuntu\n packages such as for Poppler 0.41.0 are not affected.\n (CVE-2018-10768)\n\n - The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc\n in Poppler through 0.64.0 allows remote attackers to\n cause a denial of service (infinite recursion) via a\n crafted PDF file, as demonstrated by pdftops.\n (CVE-2017-18267)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0045\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL poppler packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-13988\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"poppler-0.26.5-20.el7\",\n \"poppler-cpp-0.26.5-20.el7\",\n \"poppler-cpp-devel-0.26.5-20.el7\",\n \"poppler-debuginfo-0.26.5-20.el7\",\n \"poppler-demos-0.26.5-20.el7\",\n \"poppler-devel-0.26.5-20.el7\",\n \"poppler-glib-0.26.5-20.el7\",\n \"poppler-glib-devel-0.26.5-20.el7\",\n \"poppler-qt-0.26.5-20.el7\",\n \"poppler-qt-devel-0.26.5-20.el7\",\n \"poppler-utils-0.26.5-20.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"poppler-0.26.5-20.el7\",\n \"poppler-cpp-0.26.5-20.el7\",\n \"poppler-cpp-devel-0.26.5-20.el7\",\n \"poppler-debuginfo-0.26.5-20.el7\",\n \"poppler-demos-0.26.5-20.el7\",\n \"poppler-devel-0.26.5-20.el7\",\n \"poppler-glib-0.26.5-20.el7\",\n \"poppler-glib-devel-0.26.5-20.el7\",\n \"poppler-qt-0.26.5-20.el7\",\n \"poppler-qt-devel-0.26.5-20.el7\",\n \"poppler-utils-0.26.5-20.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:17:00", "description": "There is a NULL pointer dereference in the AnnotPath::getCoordsLength\nfunction in Annot.h. A crafted input will lead to a remote denial of\nservice attack. Poppler versions later than 0.41.0 are not\naffected.(CVE-2018-10768)\n\nThe FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler\nallows remote attackers to cause a denial of service (infinite\nrecursion) via a crafted PDF file, as demonstrated by\npdftops.(CVE-2017-18267)\n\nPoppler contains an out of bounds read vulnerability due to an\nincorrect memory access that is not mapped in its memory space, as\ndemonstrated by pdfunite. This can result in memory corruption and\ndenial of service. This may be exploitable when a victim opens a\nspecially crafted PDF file.(CVE-2018-13988)", "edition": 16, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-05-31T00:00:00", "title": "Amazon Linux 2 : poppler (ALAS-2019-1217)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2018-10768", "CVE-2017-18267"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:poppler", "p-cpe:/a:amazon:linux:poppler-cpp", "p-cpe:/a:amazon:linux:poppler-cpp-devel", "p-cpe:/a:amazon:linux:poppler-glib-devel", "p-cpe:/a:amazon:linux:poppler-glib", "p-cpe:/a:amazon:linux:poppler-utils", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:poppler-qt-devel", "p-cpe:/a:amazon:linux:poppler-qt", "p-cpe:/a:amazon:linux:poppler-demos", "p-cpe:/a:amazon:linux:poppler-devel", "p-cpe:/a:amazon:linux:poppler-debuginfo"], "id": "AL2_ALAS-2019-1217.NASL", "href": "https://www.tenable.com/plugins/nessus/125600", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1217.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125600);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/06/04 9:45:00\");\n\n script_cve_id(\"CVE-2017-18267\", \"CVE-2018-10768\", \"CVE-2018-13988\");\n script_xref(name:\"ALAS\", value:\"2019-1217\");\n\n script_name(english:\"Amazon Linux 2 : poppler (ALAS-2019-1217)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"There is a NULL pointer dereference in the AnnotPath::getCoordsLength\nfunction in Annot.h. A crafted input will lead to a remote denial of\nservice attack. Poppler versions later than 0.41.0 are not\naffected.(CVE-2018-10768)\n\nThe FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler\nallows remote attackers to cause a denial of service (infinite\nrecursion) via a crafted PDF file, as demonstrated by\npdftops.(CVE-2017-18267)\n\nPoppler contains an out of bounds read vulnerability due to an\nincorrect memory access that is not mapped in its memory space, as\ndemonstrated by pdfunite. This can result in memory corruption and\ndenial of service. This may be exploitable when a victim opens a\nspecially crafted PDF file.(CVE-2018-13988)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1217.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update poppler' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"poppler-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-cpp-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-cpp-devel-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-debuginfo-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-demos-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-devel-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-glib-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-glib-devel-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-qt-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-qt-devel-0.26.5-20.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-utils-0.26.5-20.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / poppler-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:54:19", "description": "According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - poppler: NULL pointer dereference in\n Annot.h:AnnotPath::getCoordsLength() allows for denial\n of service via crafted PDF (CVE-2018-10768)\n\n - poppler: out of bounds read in pdfunite\n (CVE-2018-13988)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-12-10T00:00:00", "title": "EulerOS 2.0 SP3 : poppler (EulerOS-SA-2018-1393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13988", "CVE-2018-10768", "CVE-2017-18267"], "modified": "2018-12-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler-utils", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-qt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1393.NASL", "href": "https://www.tenable.com/plugins/nessus/119521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119521);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18267\",\n \"CVE-2018-13988\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : poppler (EulerOS-SA-2018-1393)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - poppler: NULL pointer dereference in\n Annot.h:AnnotPath::getCoordsLength() allows for denial\n of service via crafted PDF (CVE-2018-10768)\n\n - poppler: out of bounds read in pdfunite\n (CVE-2018-13988)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1393\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4827ddee\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-13988\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h13\",\n \"poppler-glib-0.26.5-17.h13\",\n \"poppler-qt-0.26.5-17.h13\",\n \"poppler-utils-0.26.5-17.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T02:20:50", "description": "Security fix for CVE-2019-11026.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-05-02T00:00:00", "title": "Fedora 30 : poppler (2019-1ddce0c095)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11026"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:poppler"], "id": "FEDORA_2019-1DDCE0C095.NASL", "href": "https://www.tenable.com/plugins/nessus/124477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1ddce0c095.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124477);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-11026\");\n script_xref(name:\"FEDORA\", value:\"2019-1ddce0c095\");\n\n script_name(english:\"Fedora 30 : poppler (2019-1ddce0c095)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-11026.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1ddce0c095\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"poppler-0.73.0-9.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:00:12", "description": "According to the version of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - FontInfoScanner::scanFonts in FontInfo.cc in Poppler\n 0.75.0 has infinite recursion, leading to a call to the\n error function in Error.cc.(CVE-2019-11026)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-11-27T00:00:00", "title": "EulerOS 2.0 SP8 : poppler (EulerOS-SA-2019-2296)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11026"], "modified": "2019-11-27T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler-utils", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-qt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2296.NASL", "href": "https://www.tenable.com/plugins/nessus/131362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131362);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-11026\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : poppler (EulerOS-SA-2019-2296)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - FontInfoScanner::scanFonts in FontInfo.cc in Poppler\n 0.75.0 has infinite recursion, leading to a call to the\n error function in Error.cc.(CVE-2019-11026)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2296\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c55bef23\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.67.0-1.h7.eulerosv2r8\",\n \"poppler-glib-0.67.0-1.h7.eulerosv2r8\",\n \"poppler-qt-0.67.0-1.h7.eulerosv2r8\",\n \"poppler-utils-0.67.0-1.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-13988", "CVE-2018-10768", "CVE-2017-18267"], "description": "**Issue Overview:**\n\nThere is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack.([CVE-2018-10768 __](<https://access.redhat.com/security/cve/CVE-2018-10768>))\n\nThe FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.([CVE-2017-18267 __](<https://access.redhat.com/security/cve/CVE-2017-18267>))\n\nPoppler contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.([CVE-2018-13988 __](<https://access.redhat.com/security/cve/CVE-2018-13988>))\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n poppler-devel-0.26.5-20.18.amzn1.i686 \n poppler-glib-0.26.5-20.18.amzn1.i686 \n poppler-cpp-devel-0.26.5-20.18.amzn1.i686 \n poppler-utils-0.26.5-20.18.amzn1.i686 \n poppler-glib-devel-0.26.5-20.18.amzn1.i686 \n poppler-cpp-0.26.5-20.18.amzn1.i686 \n poppler-debuginfo-0.26.5-20.18.amzn1.i686 \n poppler-0.26.5-20.18.amzn1.i686 \n \n src: \n poppler-0.26.5-20.18.amzn1.src \n \n x86_64: \n poppler-debuginfo-0.26.5-20.18.amzn1.x86_64 \n poppler-glib-devel-0.26.5-20.18.amzn1.x86_64 \n poppler-cpp-devel-0.26.5-20.18.amzn1.x86_64 \n poppler-glib-0.26.5-20.18.amzn1.x86_64 \n poppler-0.26.5-20.18.amzn1.x86_64 \n poppler-devel-0.26.5-20.18.amzn1.x86_64 \n poppler-utils-0.26.5-20.18.amzn1.x86_64 \n poppler-cpp-0.26.5-20.18.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2018-12-06T00:26:00", "published": "2018-12-06T00:26:00", "id": "ALAS-2018-1110", "href": "https://alas.aws.amazon.com/ALAS-2018-1110.html", "title": "Low: poppler", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:35:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-13988", "CVE-2018-10768", "CVE-2017-18267"], "description": "**Issue Overview:**\n\nThere is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack. Poppler versions later than 0.41.0 are not affected.([CVE-2018-10768 __](<https://access.redhat.com/security/cve/CVE-2018-10768>))\n\nThe FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.([CVE-2017-18267 __](<https://access.redhat.com/security/cve/CVE-2017-18267>))\n\nPoppler contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.([CVE-2018-13988 __](<https://access.redhat.com/security/cve/CVE-2018-13988>))\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n poppler-0.26.5-20.amzn2.aarch64 \n poppler-devel-0.26.5-20.amzn2.aarch64 \n poppler-glib-0.26.5-20.amzn2.aarch64 \n poppler-glib-devel-0.26.5-20.amzn2.aarch64 \n poppler-qt-0.26.5-20.amzn2.aarch64 \n poppler-qt-devel-0.26.5-20.amzn2.aarch64 \n poppler-cpp-0.26.5-20.amzn2.aarch64 \n poppler-cpp-devel-0.26.5-20.amzn2.aarch64 \n poppler-utils-0.26.5-20.amzn2.aarch64 \n poppler-demos-0.26.5-20.amzn2.aarch64 \n poppler-debuginfo-0.26.5-20.amzn2.aarch64 \n \n i686: \n poppler-0.26.5-20.amzn2.i686 \n poppler-devel-0.26.5-20.amzn2.i686 \n poppler-glib-0.26.5-20.amzn2.i686 \n poppler-glib-devel-0.26.5-20.amzn2.i686 \n poppler-qt-0.26.5-20.amzn2.i686 \n poppler-qt-devel-0.26.5-20.amzn2.i686 \n poppler-cpp-0.26.5-20.amzn2.i686 \n poppler-cpp-devel-0.26.5-20.amzn2.i686 \n poppler-utils-0.26.5-20.amzn2.i686 \n poppler-demos-0.26.5-20.amzn2.i686 \n poppler-debuginfo-0.26.5-20.amzn2.i686 \n \n src: \n poppler-0.26.5-20.amzn2.src \n \n x86_64: \n poppler-0.26.5-20.amzn2.x86_64 \n poppler-devel-0.26.5-20.amzn2.x86_64 \n poppler-glib-0.26.5-20.amzn2.x86_64 \n poppler-glib-devel-0.26.5-20.amzn2.x86_64 \n poppler-qt-0.26.5-20.amzn2.x86_64 \n poppler-qt-devel-0.26.5-20.amzn2.x86_64 \n poppler-cpp-0.26.5-20.amzn2.x86_64 \n poppler-cpp-devel-0.26.5-20.amzn2.x86_64 \n poppler-utils-0.26.5-20.amzn2.x86_64 \n poppler-demos-0.26.5-20.amzn2.x86_64 \n poppler-debuginfo-0.26.5-20.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-05-29T19:06:00", "published": "2019-05-29T19:06:00", "id": "ALAS2-2019-1217", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1217.html", "title": "Low: poppler", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-08-20T00:57:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-13988", "CVE-2018-10768", "CVE-2017-18267", "CVE-2018-16646"], "description": "Package : poppler\nVersion : 0.26.5-2+deb8u5\nCVE ID : CVE-2017-18267 CVE-2018-10768 CVE-2018-13988 CVE-2018-16646\nDebian Bug : 898357 909802\n\n\nVarious security issues were discovered in the poppler PDF rendering\nshared library.\n\nCVE-2017-18267\n\n The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler\n through 0.64.0 allows remote attackers to cause a denial of service\n (infinite recursion) via a crafted PDF file, as demonstrated by\n pdftops.\n\n The applied fix in FoFiType1C::cvtGlyph prevents infinite recursion\n on such malformed documents.\n\nCVE-2018-10768\n\n A NULL pointer dereference in the AnnotPath::getCoordsLength function\n in Annot.h in Poppler 0.24.5 had been discovered. A crafted input\n will lead to a remote denial of service attack. Later versions of\n Poppler such as 0.41.0 are not affected.\n\n The applied patch fixes the crash on AnnotInk::draw for malformed\n documents.\n\nCVE-2018-13988\n\n Poppler through 0.62 contains an out of bounds read vulnerability due\n to an incorrect memory access that is not mapped in its memory space,\n as demonstrated by pdfunite. This can result in memory corruption and\n denial of service. This may be exploitable when a victim opens a\n specially crafted PDF file.\n\n The applied patch fixes crashes when Object has negative number.\n (Specs say, number has to be > 0 and gen >= 0).\n\n For Poppler in Debian jessie, the original upstream patch has been\n backported to Poppler's old Object API.\n\n\nCVE-2018-16646\n\n In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may\n cause infinite recursion via a crafted file. A remote attacker can\n leverage this for a DoS attack.\n\n A range of upstream patches has been applied to Poppler's XRef.cc in\n Debian jessie to consolidate a fix for this issue.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.26.5-2+deb8u5.\n\nWe recommend that you upgrade your poppler packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 11, "modified": "2018-10-31T21:55:29", "published": "2018-10-31T21:55:29", "id": "DEBIAN:DLA-1562-1:45915", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201810/msg00024.html", "title": "[SECURITY] [DLA 1562-1] poppler security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T01:02:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12293", "CVE-2017-18267", "CVE-2018-20481", "CVE-2018-16646", "CVE-2018-21009", "CVE-2019-10872", "CVE-2019-9631", "CVE-2019-9200"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2287-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJuly 23, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : poppler\nVersion : 0.48.0-2+deb9u3\nCVE ID : CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009\n CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293\nDebian Bug : 898357 909802 917325 923414 926530 926673 929423\n\nSeveral issues were found in Poppler, a PDF rendering library, that could\nlead to denial of service or possibly other unspecified impact when\nprocessing maliciously crafted documents.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u3.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2020-07-23T10:16:27", "published": "2020-07-23T10:16:27", "id": "DEBIAN:DLA-2287-1:32EF5", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00018.html", "title": "[SECURITY] [DLA 2287-1] poppler security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-13988"], "description": "Hosein Askari discovered that poppler incorrectly handled certain PDF files. \nAn attacker could possible use this issue to cause a denial of service.", "edition": 4, "modified": "2018-08-29T00:00:00", "published": "2018-08-29T00:00:00", "id": "USN-3757-1", "href": "https://ubuntu.com/security/notices/USN-3757-1", "title": "poppler vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:40:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10768", "CVE-2017-18267"], "description": "It was discovered that poppler incorrectly handled certain PDF files. \nAn attacker could possibly use this to cause a denial of service. \n(CVE-2017-18267)\n\nIt was discovered that poppler incorrectly handled certain PDF files. \nAn attacker could possibly use this to cause a denial of service. This \nissue only affected Ubuntu 14.04 LTS. (CVE-2018-10768)", "edition": 7, "modified": "2018-05-15T00:00:00", "published": "2018-05-15T00:00:00", "id": "USN-3647-1", "href": "https://ubuntu.com/security/notices/USN-3647-1", "title": "poppler vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:34:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10018", "CVE-2019-10023", "CVE-2018-18897", "CVE-2019-10873", "CVE-2019-12293", "CVE-2017-9865", "CVE-2019-10021", "CVE-2018-20662", "CVE-2019-9903", "CVE-2019-10872", "CVE-2019-10019", "CVE-2019-9631", "CVE-2019-9200"], "description": "It was discovered that poppler incorrectly handled certain files. If a user \nor automated system were tricked into opening a crafted PDF file, an \nattacker could cause a denial of service, or possibly execute arbitrary \ncode", "edition": 2, "modified": "2019-06-27T00:00:00", "published": "2019-06-27T00:00:00", "id": "USN-4042-1", "href": "https://ubuntu.com/security/notices/USN-4042-1", "title": "poppler vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-07-24T02:13:52", "description": "Exploit for linux platform in category dos / poc", "edition": 1, "published": "2018-07-23T00:00:00", "title": "Poppler v0.62.0 Memory Corruption Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-13988"], "modified": "2018-07-23T00:00:00", "id": "1337DAY-ID-30758", "href": "https://0day.today/exploit/description/30758", "sourceData": "################\r\n#Title: Poppler v0.62.0 Memory Corruption Vulnerability \r\n#CVE: CVE-2018-13988 \r\n#CWE: CWE-119\r\n#Exploit Author: Hosein Askari \r\n#Vendor HomePage: https://poppler.freedesktop.org/\r\n#Version : version 0.62.0 and earlier versions\r\n#Tested on: Ubuntu 18.04 (4.15.0-23-generic)\r\n#Date: July 21 2018\r\n#Category: Application\r\n#Author Mail : [email\u00a0protected]\r\n#Description: Poppler through 0.62 contains a memory corruption vulnerability due to an incorrect memory access that is not mapped in its memory space(improper handling of objects in memory), as #demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.\r\n#Fixed: https://poppler.freedesktop.org/poppler-0.66.0.tar.xz\r\n###############\r\n[email\u00a0protected]:~$ pdfunite crafted.pdf aa.pdf\r\nSegmentation fault (core dumped)\r\n###############\r\n[14925.737845] pdfunite[5097]: segfault at 564d6cf85714 ip 00007f42ac6fd064 sp 00007ffee66adf28 error 4 in libpoppler.so.73.0.0[7f42ac588000+251000]\r\n###############\r\n[email\u00a0protected]:~$ sudo cat /proc/14698/maps\r\n[sudo] password for constantine: \r\n555555554000-55555555a000 r-xp 00000000 08:01 1444544 /usr/bin/pdfunite\r\n555555759000-55555575a000 r--p 00005000 08:01 1444544 /usr/bin/pdfunite\r\n55555575a000-55555575b000 rw-p 00006000 08:01 1444544 /usr/bin/pdfunite\r\n55555575b000-5555557bf000 rw-p 00000000 00:00 0 [heap]\r\n7ffff4117000-7ffff4122000 r-xp 00000000 08:01 1450444 /usr/lib/x86_64-linux-gnu/libjbig.so.0\r\n7ffff4122000-7ffff4321000 ---p 0000b000 08:01 1450444 /usr/lib/x86_64-linux-gnu/libjbig.so.0\r\n7ffff4321000-7ffff4322000 r--p 0000a000 08:01 1450444 /usr/lib/x86_64-linux-gnu/libjbig.so.0\r\n7ffff4322000-7ffff4325000 rw-p 0000b000 08:01 1450444 /usr/lib/x86_64-linux-gnu/libjbig.so.0\r\n7ffff4325000-7ffff4349000 r-xp 00000000 08:01 3936978 /lib/x86_64-linux-gnu/liblzma.so.5.2.2\r\n7ffff4349000-7ffff4549000 ---p 00024000 08:01 3936978 /lib/x86_64-linux-gnu/liblzma.so.5.2.2\r\n7ffff4549000-7ffff454a000 r--p 00024000 08:01 3936978 /lib/x86_64-linux-gnu/liblzma.so.5.2.2\r\n7ffff454a000-7ffff454b000 rw-p 00025000 08:01 3936978 /lib/x86_64-linux-gnu/liblzma.so.5.2.2\r\n7ffff454b000-7ffff4552000 r-xp 00000000 08:01 3937059 /lib/x86_64-linux-gnu/librt-2.27.so\r\n7ffff4552000-7ffff4751000 ---p 00007000 08:01 3937059 /lib/x86_64-linux-gnu/librt-2.27.so\r\n7ffff4751000-7ffff4752000 r--p 00006000 08:01 3937059 /lib/x86_64-linux-gnu/librt-2.27.so\r\n7ffff4752000-7ffff4753000 rw-p 00007000 08:01 3937059 /lib/x86_64-linux-gnu/librt-2.27.so\r\n7ffff4753000-7ffff4756000 r-xp 00000000 08:01 3936941 /lib/x86_64-linux-gnu/libdl-2.27.so\r\n7ffff4756000-7ffff4955000 ---p 00003000 08:01 3936941 /lib/x86_64-linux-gnu/libdl-2.27.so\r\n7ffff4955000-7ffff4956000 r--p 00002000 08:01 3936941 /lib/x86_64-linux-gnu/libdl-2.27.so\r\n7ffff4956000-7ffff4957000 rw-p 00003000 08:01 3936941 /lib/x86_64-linux-gnu/libdl-2.27.so\r\n7ffff4957000-7ffff495a000 r-xp 00000000 08:01 1450643 /usr/lib/x86_64-linux-gnu/libplds4.so\r\n7ffff495a000-7ffff4b59000 ---p 00003000 08:01 1450643 /usr/lib/x86_64-linux-gnu/libplds4.so\r\n7ffff4b59000-7ffff4b5a000 r--p 00002000 08:01 1450643 /usr/lib/x86_64-linux-gnu/libplds4.so\r\n7ffff4b5a000-7ffff4b5b000 rw-p 00003000 08:01 1450643 /usr/lib/x86_64-linux-gnu/libplds4.so\r\n7ffff4b5b000-7ffff4b5f000 r-xp 00000000 08:01 1450642 /usr/lib/x86_64-linux-gnu/libplc4.so\r\n7ffff4b5f000-7ffff4d5e000 ---p 00004000 08:01 1450642 /usr/lib/x86_64-linux-gnu/libplc4.so\r\n7ffff4d5e000-7ffff4d5f000 r--p 00003000 08:01 1450642 /usr/lib/x86_64-linux-gnu/libplc4.so\r\n7ffff4d5f000-7ffff4d60000 rw-p 00004000 08:01 1450642 /usr/lib/x86_64-linux-gnu/libplc4.so\r\n7ffff4d60000-7ffff4d88000 r-xp 00000000 08:01 1450576 /usr/lib/x86_64-linux-gnu/libnssutil3.so\r\n7ffff4d88000-7ffff4f87000 ---p 00028000 08:01 1450576 /usr/lib/x86_64-linux-gnu/libnssutil3.so\r\n7ffff4f87000-7ffff4f8e000 r--p 00027000 08:01 1450576 /usr/lib/x86_64-linux-gnu/libnssutil3.so\r\n7ffff4f8e000-7ffff4f8f000 rw-p 0002e000 08:01 1450576 /usr/lib/x86_64-linux-gnu/libnssutil3.so\r\n7ffff4f8f000-7ffff4fbe000 r-xp 00000000 08:01 3936948 /lib/x86_64-linux-gnu/libexpat.so.1.6.7\r\n7ffff4fbe000-7ffff51be000 ---p 0002f000 08:01 3936948 /lib/x86_64-linux-gnu/libexpat.so.1.6.7\r\n7ffff51be000-7ffff51c0000 r--p 0002f000 08:01 3936948 /lib/x86_64-linux-gnu/libexpat.so.1.6.7\r\n7ffff51c0000-7ffff51c1000 rw-p 00031000 08:01 3936948 /lib/x86_64-linux-gnu/libexpat.so.1.6.7\r\n7ffff51c1000-7ffff51d8000 r-xp 00000000 08:01 3936955 /lib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ffff51d8000-7ffff53d7000 ---p 00017000 08:01 3936955 /lib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ffff53d7000-7ffff53d8000 r--p 00016000 08:01 3936955 /lib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ffff53d8000-7ffff53d9000 rw-p 00017000 08:01 3936955 /lib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ffff53d9000-7ffff53f3000 r-xp 00000000 08:01 3937051 /lib/x86_64-linux-gnu/libpthread-2.27.so\r\n7ffff53f3000-7ffff55f2000 ---p 0001a000 08:01 3937051 /lib/x86_64-linux-gnu/libpthread-2.27.so\r\n7ffff55f2000-7ffff55f3000 r--p 00019000 08:01 3937051 /lib/x86_64-linux-gnu/libpthread-2.27.so\r\n7ffff55f3000-7ffff55f4000 rw-p 0001a000 08:01 3937051 /lib/x86_64-linux-gnu/libpthread-2.27.so\r\n7ffff55f4000-7ffff55f8000 rw-p 00000000 00:00 0 \r\n7ffff55f8000-7ffff5795000 r-xp 00000000 08:01 3936981 /lib/x86_64-linux-gnu/libm-2.27.so\r\n7ffff5795000-7ffff5994000 ---p 0019d000 08:01 3936981 /lib/x86_64-linux-gnu/libm-2.27.so\r\n7ffff5994000-7ffff5995000 r--p 0019c000 08:01 3936981 /lib/x86_64-linux-gnu/libm-2.27.so\r\n7ffff5995000-7ffff5996000 rw-p 0019d000 08:01 3936981 /lib/x86_64-linux-gnu/libm-2.27.so\r\n7ffff5996000-7ffff5a09000 r-xp 00000000 08:01 1450835 /usr/lib/x86_64-linux-gnu/libtiff.so.5.3.0\r\n7ffff5a09000-7ffff5c08000 ---p 00073000 08:01 1450835 /usr/lib/x86_64-linux-gnu/libtiff.so.5.3.0\r\n7ffff5c08000-7ffff5c0c000 r--p 00072000 08:01 1450835 /usr/lib/x86_64-linux-gnu/libtiff.so.5.3.0\r\n7ffff5c0c000-7ffff5c0d000 rw-p 00076000 08:01 1450835 /usr/lib/x86_64-linux-gnu/libtiff.so.5.3.0\r\n7ffff5c0d000-7ffff5c3e000 r-xp 00000000 08:01 1450647 /usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0\r\n7ffff5c3e000-7ffff5e3d000 ---p 00031000 08:01 1450647 /usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0\r\n7ffff5e3d000-7ffff5e3e000 r--p 00030000 08:01 1450647 /usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0\r\n7ffff5e3e000-7ffff5e3f000 rw-p 00031000 08:01 1450647 /usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0\r\n7ffff5e3f000-7ffff5e91000 r-xp 00000000 08:01 1450468 /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8\r\n7ffff5e91000-7ffff6091000 ---p 00052000 08:01 1450468 /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8\r\n7ffff6091000-7ffff6093000 r--p 00052000 08:01 1450468 /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8\r\n7ffff6093000-7ffff6096000 rw-p 00054000 08:01 1450468 /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8\r\n7ffff6096000-7ffff6097000 rw-p 00000000 00:00 0 \r\n7ffff6097000-7ffff60d0000 r-xp 00000000 08:01 1450574 /usr/lib/x86_64-linux-gnu/libnspr4.so\r\n7ffff60d0000-7ffff62cf000 ---p 00039000 08:01 1450574 /usr/lib/x86_64-linux-gnu/libnspr4.so\r\n7ffff62cf000-7ffff62d0000 r--p 00038000 08:01 1450574 /usr/lib/x86_64-linux-gnu/libnspr4.so\r\n7ffff62d0000-7ffff62d1000 rw-p 00039000 08:01 1450574 /usr/lib/x86_64-linux-gnu/libnspr4.so\r\n7ffff62d1000-7ffff62d4000 rw-p 00000000 00:00 0 \r\n7ffff62d4000-7ffff62fc000 r-xp 00000000 08:01 1450769 /usr/lib/x86_64-linux-gnu/libsmime3.so\r\n7ffff62fc000-7ffff64fc000 ---p 00028000 08:01 1450769 /usr/lib/x86_64-linux-gnu/libsmime3.so\r\n7ffff64fc000-7ffff64ff000 r--p 00028000 08:01 1450769 /usr/lib/x86_64-linux-gnu/libsmime3.so\r\n7ffff64ff000-7ffff6500000 rw-p 0002b000 08:01 1450769 /usr/lib/x86_64-linux-gnu/libsmime3.so\r\n7ffff6500000-7ffff663c000 r-xp 00000000 08:01 1450575 /usr/lib/x86_64-linux-gnu/libnss3.so\r\n7ffff663c000-7ffff683c000 ---p 0013c000 08:01 1450575 /usr/lib/x86_64-linux-gnu/libnss3.so\r\n7ffff683c000-7ffff6841000 r--p 0013c000 08:01 1450575 /usr/lib/x86_64-linux-gnu/libnss3.so\r\n7ffff6841000-7ffff6843000 rw-p 00141000 08:01 1450575 /usr/lib/x86_64-linux-gnu/libnss3.so\r\n7ffff6843000-7ffff6844000 rw-p 00000000 00:00 0 \r\n7ffff6844000-7ffff6860000 r-xp 00000000 08:01 3937090 /lib/x86_64-linux-gnu/libz.so.1.2.11\r\n7ffff6860000-7ffff6a5f000 ---p 0001c000 08:01 3937090 /lib/x86_64-linux-gnu/libz.so.1.2.11\r\n7ffff6a5f000-7ffff6a60000 r--p 0001b000 08:01 3937090 /lib/x86_64-linux-gnu/libz.so.1.2.11\r\n7ffff6a60000-7ffff6a61000 rw-p 0001c000 08:01 3937090 /lib/x86_64-linux-gnu/libz.so.1.2.11\r\n7ffff6a61000-7ffff6ac8000 r-xp 00000000 08:01 1450448 /usr/lib/x86_64-linux-gnu/libjpeg.so.8.1.2\r\n7ffff6ac8000-7ffff6cc7000 ---p 00067000 08:01 1450448 /usr/lib/x86_64-linux-gnu/libjpeg.so.8.1.2\r\n7ffff6cc7000-7ffff6cc8000 r--p 00066000 08:01 1450448 /usr/lib/x86_64-linux-gnu/libjpeg.so.8.1.2\r\n7ffff6cc8000-7ffff6cc9000 rw-p 00067000 08:01 1450448 /usr/lib/x86_64-linux-gnu/libjpeg.so.8.1.2\r\n7ffff6cc9000-7ffff6d07000 r-xp 00000000 08:01 1450139 /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.10.1\r\n7ffff6d07000-7ffff6f07000 ---p 0003e000 08:01 1450139 /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.10.1\r\n7ffff6f07000-7ffff6f09000 r--p 0003e000 08:01 1450139 /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.10.1\r\n7ffff6f09000-7ffff6f0e000 rw-p 00040000 08:01 1450139 /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.10.1\r\n7ffff6f0e000-7ffff6fbb000 r-xp 00000000 08:01 1450157 /usr/lib/x86_64-linux-gnu/libfreetype.so.6.15.0\r\n7ffff6fbb000-7ffff71ba000 ---p 000ad000 08:01 1450157 /usr/lib/x86_64-linux-gnu/libfreetype.so.6.15.0\r\n7ffff71ba000-7ffff71c1000 r--p 000ac000 08:01 1450157 /usr/lib/x86_64-linux-gnu/libfreetype.so.6.15.0\r\n7ffff71c1000-7ffff71c2000 rw-p 000b3000 08:01 1450157 /usr/lib/x86_64-linux-gnu/libfreetype.so.6.15.0\r\n7ffff71c2000-7ffff73a9000 r-xp 00000000 08:01 3936918 /lib/x86_64-linux-gnu/libc-2.27.so\r\n7ffff73a9000-7ffff75a9000 ---p 001e7000 08:01 3936918 /lib/x86_64-linux-gnu/libc-2.27.so\r\n7ffff75a9000-7ffff75ad000 r--p 001e7000 08:01 3936918 /lib/x86_64-linux-gnu/libc-2.27.so\r\n7ffff75ad000-7ffff75af000 rw-p 001eb000 08:01 3936918 /lib/x86_64-linux-gnu/libc-2.27.so\r\n7ffff75af000-7ffff75b3000 rw-p 00000000 00:00 0 \r\n7ffff75b3000-7ffff7731000 r-xp 00000000 08:01 1450804 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25\r\n7ffff7731000-7ffff7931000 ---p 0017e000 08:01 1450804 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25\r\n7ffff7931000-7ffff793b000 r--p 0017e000 08:01 1450804 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25\r\n7ffff793b000-7ffff793d000 rw-p 00188000 08:01 1450804 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25\r\n7ffff793d000-7ffff7941000 rw-p 00000000 00:00 0 \r\n7ffff7941000-7ffff7b92000 r-xp 00000000 08:01 1442675 /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0\r\n7ffff7b92000-7ffff7d91000 ---p 00251000 08:01 1442675 /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0\r\n7ffff7d91000-7ffff7daf000 r--p 00250000 08:01 1442675 /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0\r\n7ffff7daf000-7ffff7dd5000 rw-p 0026e000 08:01 1442675 /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0\r\n7ffff7dd5000-7ffff7dfc000 r-xp 00000000 08:01 3936890 /lib/x86_64-linux-gnu/ld-2.27.so\r\n7ffff7f6e000-7ffff7faf000 rw-p 00000000 00:00 0 \r\n7ffff7fd0000-7ffff7fdf000 rw-p 00000000 00:00 0 \r\n7ffff7ff7000-7ffff7ffa000 r--p 00000000 00:00 0 [vvar]\r\n7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso]\r\n7ffff7ffc000-7ffff7ffd000 r--p 00027000 08:01 3936890 /lib/x86_64-linux-gnu/ld-2.27.so\r\n7ffff7ffd000-7ffff7ffe000 rw-p 00028000 08:01 3936890 /lib/x86_64-linux-gnu/ld-2.27.so\r\n7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 \r\n7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack]\r\nffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]\r\n##################\r\n==14154== Process terminating with default action of signal 11 (SIGSEGV)\r\n==14154== Bad permissions for mapped region at address 0x8A8F4F4\r\n==14154== at 0x4FB1064: XRef::getEntry(int, bool) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9AA7D: PDFDoc::markObject(Object*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9A8EB: PDFDoc::markDictionnary(Dict*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9AD07: PDFDoc::markObject(Object*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9ACAE: PDFDoc::markObject(Object*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9A8EB: PDFDoc::markDictionnary(Dict*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9AD07: PDFDoc::markObject(Object*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9ACAE: PDFDoc::markObject(Object*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9A8EB: PDFDoc::markDictionnary(Dict*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9AD07: PDFDoc::markObject(Object*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x4F9AEDC: PDFDoc::markPageObjects(Dict*, XRef*, XRef*, unsigned int, int, int, std::set<Dict*, std::less<Dict*>, std::allocator<Dict*> >*) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.73.0.0)\r\n==14154== by 0x10A85B: main (in /usr/bin/pdfunite)\r\n\r\nReferences:\r\n\r\nhttps://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee\r\n\n\n# 0day.today [2018-07-24] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30758"}], "oraclelinux": [{"lastseen": "2020-10-22T17:12:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15120", "CVE-2018-13988", "CVE-2018-10768", "CVE-2018-12910", "CVE-2017-18267", "CVE-2018-10767", "CVE-2018-10733"], "description": "PackageKit\n[1.1.10-1.0.1]\n- remove PackageKit-0.3.8-Fedora-Vendor.conf.patch\n[1.1.10-1]\n- New upstream release\n- Resolves: #1576494\naccountsservice\n[0.6.50-2]\n- Fix user switching\n Resolves: #1597350\n[0.6.50-1]\n- Update to 0.6.50\n Related: #1576538\n Related: 1596735\n Related: 1602918\n[0.6.49-1]\n- Update to 0.6.49\n Resolves: #1576538\nadwaita-icon-theme\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1567131\nappstream-data\n[7-20180614]\n- Regenerate the RHEL metadata using rhel-7.6-candidate\n- Resolves: RHBZ#1570031\nat-spi2-atk\n[2.26.2-1]\n- Update to 2.26.2\n- Resolves: #1567135\nat-spi2-core\n[2.28.0-1]\n- Update to 2.28.0\n- Resolves: #1567145\natk\n[2.28.1-1]\n- Update to 2.28.1\n- Resolves: #1567158\nbaobab\n[3.28.0-2]\n- Install also 24x24 icons\n- Fix gschema translations\n- Resolves: #1567161\n[3.28.0-1]\n- Update to 3.28.0\n- Fix setting GNOMELOCALEDIR\n- Resolves: #1567161\nbolt\n[0.4-3]\n- Include patch to tighten sandbox by restricting capabilities\n- Resolves: #1559611\n[0.4-2]\n- bolt 0.4 upstream release\n- Resolves: #1559611\nbrasero\n[3.12.2-5]\n- Update to 3.12.2\n- Resolves: #1569810\ncairo\n[1.15.12-3]\n- Rebuild against new freetype\n- Resolves: #1625906\n[1.15.12-1]\n- Update to 1.15.12\n- Resolves: #1576535\ncheese\n[2:3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1567170\nclutter-gst3\n[3.0.26-1]\n- Update to 3.0.26\n- Resolves: #1569811\ncompat-exiv2-023\n[0.23-2]\n- Remove Windows binaries from the tarball\n Resolves: bz#1568618\n[0.23-1]\n- Spec file based on exiv2 package to provide old libraries before API change\n Resolves: bz#1568618\ncontrol-center\n[3.28.1-4]\n- Backport two additional upstream patches for thunderbolt panel\n- Resolves: #1594880\n[3.28.1-3]\n- Remove outdated soft hyphens from Japanese translation\n- Resolves: #1519109\n[3.28.1-2]\n- Include thunderbolt panel\n- Resolves: #1567179\n[3.28.1-1]\n- Update to 3.28.1\n- Resolves: #1567179\ndconf\n[0.28.0-3]\n- Check mtimes of files in /etc/dconf/db/*.d/ directories\n- when running 'dconf update'\n- Resolves: #1570569\n[0.28.0-2]\n- Return dconf-dbus-1 library (without devel files)\n- Related: #1567184\n[0.28.0-1]\n- Update to 0.28.0\n- Resolves: #1567184\ndconf-editor\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1569718\ndevhelp\n[1:3.28.1-1]\n- Update to 3.28.1\n- Resolves: #1569719\nekiga\n[4.0.1-8]\n- Rebuild against newer evolution-data-server\n[4.0.1-7]\n- Rebuild against newer evolution-data-server\n[4.0.1-5]\n- Rebuild against newer evolution-data-server\n[4.0.1-4]\n- Mass rebuild 2014-01-24\n[4.0.1-3]\n- Mass rebuild 2013-12-27\n[4.0.1-2]\n- Update translations\n- Resolves: #1030323\n[4.0.1-1.2]\n- Rebuild for cyrus-sasl\n[4.0.1-1]\n- Ekiga 4.0.1 stable release - Changelog\n http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.1.news\n[4.0.0-3]\n- Rebuild for Boost-1.53.0\n[4.0.0-2]\n- Rebuild for libcamel soname bump\n[4.0.0-1]\n- Ekiga 4.0.0 stable release - Changelog\n http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news\n[3.9.90-3]\n- Rebuild against newer evolution-data-server\n[3.9.90-2]\n- Rebuild against newer evolution-data-server\n[3.9.90-1]\n- Ekiga 3.9.90 devel - Changelog\n ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.9/ekiga-3.9.90.news\n[3.3.2-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[3.3.2-7]\n- Fix build with gcc 4.7\n[3.3.2-6]\n- Rebuilt for c++ ABI breakage\n[3.3.2-5]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild\n[3.3.2-4]\n- Rebuild for boost 1.48\n[3.3.2-3]\n- Rebuild against newer evolution-data-server\n[3.3.2-2]\n- Rebuild against newer evolution-data-server\n[3.3.2-1]\n- Ekiga 3.3.2 devel - Changelog\n ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.3/ekiga-3.3.2.news\n[3.3.1-3]\n- Rebuild against newer evolution-data-server\n[3.3.1-2]\n- Rebuild for new boost and evolution-data-server\n[3.3.1-1]\n- Ekiga 3.3.1 devel - Changelog\n ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.3/ekiga-3.3.1.news\n[3.3.0-10]\n- Rebuild against newer evolution-data-server\n[3.3.0-9]\n- Rebuilt for libcamel soname bump\n[3.3.0-8]\n- rebuild again for new boost\n[3.3.0-7]\n- rebuild for new boost\n[3.3.0-6]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n[3.3.0-5]\n- rebuild for new boost\n[3.3.0-4]\n- Rebuild against newer evolution-data-server\n[3.3.0-3]\n- Rebuild against newer evolution-data-server\n[3.3.0-2]\n- fix build on non-x86 64-bit architectures (ax_boost_base.m4 is wrong)\n[3.3.0-1]\n- Ekiga 3.3.0 devel - Changelog\n http://mail.gnome.org/archives/ekiga-devel-list/2010-December/msg00036.html\n[3.2.7-5]\n- Rebuild against libnotify 0.7.0\n[3.2.7-4]\n- add gtk flags to notify plugin to rebuild\n[3.2.7-3]\n- rebuild against new evolution-data-server\n[3.2.7-2]\n- rebuild against new evolution-data-server\n[3.2.7-1]\n- Ekiga 3.2.7 stable - Changelog\n ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.2/ekiga-3.2.7.news\n[3.2.6-4]\n- Bump build for new evolution\n[3.2.6-3]\n- Rebuild for new evolution\n[3.2.6-2]\n- Add patch to fix DSO linking. Bug 564828\n[3.2.6-1]\n- Ekiga 3.2.6 stable - Changelog\n ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.2/ekiga-3.2.6.news\n[3.2.5-4]\n- rebuilt with new openssl\n[3.2.5-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n[3.2.5-2]\n- Shrink GConf schemas\n[3.2.5-1]\n- Ekiga 3.2.5 stable - Changelog\n ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.2/ekiga-3.2.5.news\n[3.2.4-1]\n- Ekiga 3.2.4 stable - Changelog\n http://mail.gnome.org/archives/ekiga-devel-list/2009-May/msg00062.html\n http://mail.gnome.org/archives/ekiga-devel-list/2009-May/msg00064.html\n[3.2.1-1]\n- Ekiga 3.2.1 stable - Changelog\n http://mail.gnome.org/archives/ekiga-devel-list/2009-May/msg00054.html\n[3.2.0-3]\n- Rebuild against newer GConf/intltool\n[3.2.0-2]\n- Add a couple of upstream patches from 3.2.1\n[3.2.0-1]\n- Ekiga 3.2.0 stable\n[3.1.2-4]\n- Remove CELT until the bitstream is stable and can hence intercommunicate between versions\n[3.1.2-3]\n- Remove autoconf bits\n[3.1.2-2]\n- Disable xcap for the moment so ekiga builds\n[3.1.2-1]\n- Upgrade to the 3.1.2 beta release, enable celt codec, reinstate\n proper desktop file now its fixed\n[3.1.0-11]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[3.1.0-10]\n- rebuild with new openssl\n- add libtoolize call to replace libtool with current version\n[3.1.0-9]\n- Add other buildreq for Makefile regen\n[3.1.0-8]\n- Regen Makefile.in using autoreconf due to patch\n[3.1.0-7]\n- Another fix\n[3.1.0-6]\n- And SDL too\n[3.1.0-5]\n- Add expat-devel, why not everything else wants it\n[3.1.0-4]\n- Disable gstreamer support until there's a new gst-plugins-base\n[3.1.0-3]\n- Proper fix from upstream for desktop file\n[3.1.0-2]\n- Fix issues with the desktop file\n[3.1.0-1]\n- Upgrade to the 3.1.0 devel release, enable gstreamer and xcap, remove libgnome\n[3.0.1-4]\n- Fix spec file error\n[3.0.1-3]\n- Patch to fix libnotify's breakage of its api\n[3.0.1-2]\n- Fix dependency issue\n[3.0.1-1]\n- Update to 3.0.1\n[3.0.0-5]\n- Remove gnomemeeting obsolete, package review updates\n[3.0.0-4]\n- Save some space\n[3.0.0-3]\n- require dbus\n[3.0.0-2]\n- add libnotify-devel as a build dep\n[3.0.0-1]\n- Ekiga 3 final release\n[2.9.90-3]\n- more rawhide build fixes\n[2.9.90-2]\n- rawhide build fixes\n[2.9.90-1]\n- First beta of ekiga 3\n[2.0.12-2]\n- Rebuild against new opal (#441202)\n[2.0.12-1.fc9]\n- Upgrade to ekiga-2.0.12\n[2.0.11-4]\n- rebuild after applying some fo the cleanups of #160727\n[2.0.11-3]\n- Autorebuild for GCC 4.3\n[2.0.11-2]\n- compile with the D-Bus support\n- Making rpmlint silent.\n[2.0.11-1]\n- Upgrade to ekiga-2.0.11\n[2.0.9-1]\n- Upgrade to ekiga-2.0.9\n[2.0.7-1]\n- Upgrade to ekiga-2.0.7\n[2.0.5-2]\n- rebuild\n[2.0.5-1]\n- Upgrade to ekiga-2.0.5\n[2.0.4-1]\n- Upgrade to ekiga-2.0.4\n[2.0.3-3]\n- Resolves: rhbz#201535\n- fixes build-requires for opal-devel and pwlib-devel\n[2.0.3-2]\n- Rebuild against evolution-data-server 1.9\n[2.0.3-1]\n- Update to 2.0.3\n[2.0.2-7]\n- Make the status icon work in transparent panels\n[2.0.2-6]\n- Fix translator credits (197871)\n[2.0.2-5]\n- Rebuild against evolution-data-server-1.7.91\n[2.0.2-4]\n- rebuild against new e-d-s\n[2.0.2-3]\n- rebuilt for #200960\n[2.0.2-1.1]\n- rebuild\n[2.0.2-1]\n- new release of ekiga 2.0.2\n- activating Zeroconf support though avahi\n[2.0.1-3]\n- Fix BuildRequires and Requires(post), Requires(postun)\n[2.0.1-2]\n- run 'ekiga-config-tool --install-schemas' in %post, c.f. #178929\n[2.0.1-1]\n- last minute bug rerelease 2.0.1\n- Resolves: #1569812\neog\n[3.28.3-1]\n- Update to 3.28.3\n- Resolves: #1567185\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1567185\nevince\n[3.28.2-5]\n- Set application-id for evince\n- Resolves: #1593244\n[3.28.2-4]\n- Change requires as requested by RPMDiff\n- Check returned size for negative value (CovScan)\n- Resolves: #1567186\n[3.28.2-3]\n- Fix patch fixing crash in EvMediaPlayerKeys\n- Fix building of comics backend with libarchive 3.1.2\n- Resolves: #1567186\n[3.28.2-2]\n- Fix crash in EvMediaPlayerKeys\n- Resolves: #1359507\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1567186\nevolution\n[3.28.5-2]\n- Add patch for RH bug #1613813 (Crash under config_lookup_thread() at e-config-lookup.c:179)\n[3.28.5-1]\n- Update to 3.28.5\n[3.28.4-1]\n- Update to 3.28.4\n- Remove patch for GNOME bug #796174 (fixed upstream)\n[3.28.3-2]\n- Add patch for GNOME bug #796174 (strcat() considered unsafe for buffer overflow)\n[3.28.3-1]\n- Update to 3.28.3\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1504129\nevolution-data-server\n[3.28.5-1]\n- Update to 3.28.5\n[3.28.4-1]\n- Update to 3.28.4\n- Remove patch for GNOME bug #796174 (fixed upstream)\n[3.28.3-2]\n- Add patch for GNOME bug #796174 (strcat() considered unsafe for buffer overflow)\n[3.28.3-1]\n- Update to 3.28.3\n- Remove patch for GNOME bug #795997 (fixed upstream)\n[3.28.2-1]\n- Update to 3.28.2\n- Add patch for GNOME bug #795997 (Fails to parse Google OAuth2 authorization code)\n- Resolves: #1575495\nevolution-ews\n[3.28.5-1]\n- Update to 3.28.5\n[3.28.4-1]\n- Update to 3.28.4\n- Remove patch for GNOME bug #796297 (fixed upstream)\n[3.28.3-2]\n- Add patch for GNOME bug #796297 (Cannot modify existing meeting after fix for this bug)\n[3.28.3-1]\n- Update to 3.28.3\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1575499\nevolution-mapi\n[3.28.3-2]\n- Add missing Obsoletes for evolution-mapi-devel subpackage (RH bug #1633828)\n[3.28.3-1]\n- Update to 3.28.3\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1575500\nfile-roller\n[3.28.1-2]\n- Put back the nautilus compress support\n[3.28.1-1]\n- Update to 3.28.1\n- Resolves: #1567187\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1567187\nflatpak\n[1.0.2-2]\n- Update to 1.0.2 (#1570030)\nfolks\n[1:0.11.4-1]\n- Update to 0.11.4\n- Disable tests on PPC64 to avoid timeouts\n- Resolves: #1569814\nfontconfig\n[2.13.0-4.3]\n- Add 30-urw-aliases.conf back.\n[2.13.0-4.2]\n- Drop more new syntax in config.\n[2.13.0-4.1]\n- Rebase to 2.13.0 (#1576501)\n- Rename fc-cache binary to fc-cache-{32,64} for multilib. (#1568968)\n- backport some fixes related to Flatpak.\n- Drop new syntax in config for compatibility.\n- Requires dejavu-sans-fonts instead of font(:lang=en) (#1484094)\nfribidi\n[1.0.2-1]\n- Resolves: rhbz#1574858 latest version, --disable-docs because there's no c2man\nfwupd\n[1.0.8-4]\n- Build with full hardening enabled\n- Resolves: #1616185\n[1.0.8-3]\n- Backport a fix to allow properly running on older systemd versions.\n- Resolves: #1601550\n[1.0.8-2]\n- Build against the new libfwupdate\n- Resolves: #1570028\n[1.0.8-1]\n- New upstream release\n- Resolves: #1570028\nfwupdate\n[12-5.0.1]\n- New secure boot signing key\n- Use redhat as efidir to maintain compatibility with RedHat\n[12-5]\n- Make sure fwup_version() gets exported correctly.\n Related: rhbz#1570032\n[12-4]\n- Fix permissions on /boot/efi/...\n Related: rhbz#1496952\n[12-3]\n- Fix some more covscan nits.\n Related: rhbz#1570032\n[12-2]\n- Fix some covscan nits.\n Related: rhbz#1570032\n[12-1]\n- Update to fwupdate-12\n Resolves: rhbz#1570032\ngcr\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1567199\ngdk-pixbuf2\n[2.36.12-3]\n- One more crack at generating man pages\n Related: #1569815\n[2.36.12-2]\n- Generate man page\n Related: #1569815\n[2.36.12-1]\n- Update to 2.36.12\n- Resolves: #1569815\ngdm\n[3.28.2-9]\n- fast user switching fix\n Related: #1597339\n[3.28.2-8]\n- Clear utmp entries properly\n Resolves: #1600079\n[3.28.2-7]\n- Another crack at the blank login screen problem\n Resolves: #1489977\n[3.28.2-6]\n- add gdm-pam-extension provides to fix upgrades\n Resolves: #1601598\n[3.28.2-5]\n- Fix double free\n Related: #1489977\n Resolves: 1594814\n[3.28.2-4]\n- Fix blank login screen problem\n Resolves: #1489977\n[3.28.2-3]\n- Make udev script more friendly to RHEL 7 udev\n Resolves: #1593356\n[1:3.28.2-2]\n- Drop reference to gconf\n Resolves: #1542702\n[1:3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1567200\ngedit\n[2:3.28.1-1]\n- Update to 3.28.1\n Resolves: #1567311\ngedit-plugins\n[3.28.1-1]\n- Rebase to 3.28.1\n Resolves: #1569721\ngeoclue2\n[2.4.8-1]\n- Update to 2.4.8\n- Resolves: #1576541\ngeocode-glib\n[3.26.0-2]\n+ geocode-glib-3.26.0-2\n- Work-around multilib gtk-doc bug\n- Resolves: #1624451\n[3.26.0-1]\n+ geocode-glib-3.26.0-1\n- Update to 3.26.0\n- Resolves: #1567313\n[3.25.4.1-1]\n- Update to 3.25.4.1\n- Switch to the meson build system\n- Resolves: #1567313\ngjs\n[1.52.3-1]\n- Update to 1.52.3\n- Switch to building against system mozjs52\n- Resolves: #1567325\nglade\n[3.22.1-1]\n- Update to 3.22.1\n- Resolves: #1569723\nglib-networking\n[2.56.1-1]\n- Update to 2.56.1\n- Resolves: #1567374\nglib2\n[2.56.1-2]\n- Add --disable-silent-rules\n[2.56.1-1]\n- Update to 2.56.1\n- Resolves #1567375\nglibmm24\n[2.56.0-1]\n- Update to 2.56.0\n Resolves: #1567380\ngnome-backgrounds\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1569727\n[3.22.1-1]\n- Rebase to 3.22.1\n Resolves: rhbz#1386877\n[3.14.1-2]\n- Update translations\n- Resolves: #1304293\n[3.14.1-1]\n- Update to 3.14.1\n- Resolves: #1174385\ngnome-bluetooth\n[1:3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1567381\n[1:3.28.1-1]\n+ gnome-bluetooth-3.28.1-1\n- Work-around bluez bug that would leave adapters on Discoverable\n when exiting\n- Resolves: #1567381\n[1:3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1567381\ngnome-boxes\n[3.28.5-2]\n- Revert using VIRTIO video adapter by default for new VMs\n- Resolves: #1595754\n[3.28.5-1]\n- Update to 3.28.5\n- Fix the libgovirt requirement\n- Revert to using Python 2 and Tracker 1.0\n- Resolves: #1567399\ngnome-calculator\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1567475\n[3.28.1-1]\n- Update to 3.28.1\n- Switch to the meson build system\n- Resolves: #1567475\ngnome-clocks\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1567476\ngnome-color-manager\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1567477\ngnome-contacts\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1567478\ngnome-desktop3\n[3.28.2-2]\n+ gnome-desktop3-3.28.2-2\n- Bump release to build with flatpak's bwrap\n- Related: #1567479\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1567479\ngnome-devel-docs\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1569728\n[3.22.1-1]\n- Update to 3.22.1\n- Resolves: #1386888\n[3.14.4-1]\n- Update to 3.14.4\n- Resolves: #1174427\ngnome-dictionary\n[3.26.1-1]\n- Update to 3.26.1\n- Resolves: #1568169\ngnome-disk-utility\n[3.28.3-1]\n- Update to 3.28.3\n- Resolves: #1568170\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1568170\ngnome-documents\n[3.28.2-1]\n- Update to 3.28.2\n- Rebased downstream patches\n- Fix crash on right-click on local collection\n Resolves: #1611565\n[3.28.1-2]\n- Stop the garbage collector from complaining during shutdown\n Resolves: #1608936\n[3.28.1-1]\n- Update to 3.28.1\n- Rebased downstream patches\n- Revert to using Python 2 and Tracker 1.0\n- Resolves: #1568171\ngnome-font-viewer\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1568172\ngnome-getting-started-docs\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1568174\ngnome-initial-setup\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1568175\ngnome-keyring\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1568176\ngnome-online-accounts\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1568177\ngnome-online-miners\n[3.26.0-1]\n- Update to 3.26.0\n- Resolves: #1568229\ngnome-packagekit\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1568232\ngnome-screenshot\n[3.26.0-1]\n- Update to 3.26.0\n- Resolves: #1568233\ngnome-session\n[3.28.1-5]\n- Fix gnome-disk-utility timeout at startup\n Resolves: #1593215\n- add back session properties icons\n Related: #1568620\n[3.28.1-4]\n- Fix pot file generation\n Resolves: #1371019\n[3.28.1-3]\n- Make sure gnome-session-custom-session is only shipped in its subpackage\n Resolves: #1600560\n[3.28.1-2]\n- Add back GNOME on Wayland session\n Resolves: #1591614\n[3.28.1-1]\n- Update to 3.28.1\n- Resolves: #1568620\ngnome-settings-daemon\n[3.28.1-2]\n- Fix account schema\n Resolves: #1597353\n[3.28.1-1]\n- Update to 3.28.1\n- Resolves: #1568621\ngnome-shell\n[3.28.3-6]\n- Track IBus focus for X11 OSK\n- Resolves: #1625700\n[3.28.3-5]\n- Require xdg-desktop-portal-gtk\n- Related: #1570030\n[3.28.3-4]\n- Remove gnome-shell-browser-plugin subpackage\n- Resolves: #1626104\n[3.28.3-3]\n- Obsolete caribou\n- Resolves: #1625882\n[3.28.3-2]\n- keyboard: Handle no-window case in FocusTracker\n- Resolves: #1612983\n[3.28.3-1]\n- Update to 3.28.3\n- Resolves: #1568624\n[3.28.2-2]\n- Update rebased downstream patches\n Related: #1568624\n- Revert port to python3 of some utility tools\n Resolves: #1493526\n- Add tooltips to app names in overview\n Resolves: #1541180\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1568624\ngnome-shell-extensions\n[3.28.1-5]\n- Get rid of weird drop shadow next to app menu\n Resolves: #1599841\n[3.28.1-4]\n- Make icons on desktop default in classic session again\n Resolves: #1610477\n[3.28.1-3]\n- Fix a couple of regressions from the rebase:\n - add back classic overview style\n - update dash-to-dock to a compatible version\n Related: #1569717\n[3.28.1-2]\n- Import updated styles from gnome-shell\n Related: #1569717\n[3.28.1-1]\n- Rebase to 3.28.1\n Resolves: #1569717\ngnome-software\n[3.28.2-3]\n- Obsolete gnome-shell-browser-plugin\n- Resolves: #1626104\n[3.28.2-2]\n- Set the repo provenance properly, showing the source line where required.\n- Resolves: #1592809\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1568625\ngnome-system-monitor\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1568626\ngnome-terminal\n[3.28.2-2]\n- Backport fix for client-side memory error (GNOME/gnome-terminal#1)\n- Bump BuildRequires versions\n- Drop the dark theme override\n- Rebase and restore the scroll speed patches\n- Rebase and restore the patch to allow old ISO 8895 charsets\n- Restore the GConf migration tool\n- Resolves: #1568632\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1568632\ngnome-themes-standard\n[3.28-2]\n- Requires google-noto-emoji-color-fonts\n- Resolves: #1595172\n[3.28-1]\n- Update to 3.28\n- Resolves: #1568633\ngnome-tweak-tool\n[3.28.1-2]\n- Port to python2\n- Resolves: #1590848\n[3.28.1-1]\n- Update to 3.28.1\n- Resolves: #1568638\ngnome-user-docs\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1569268\ngnote\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1569730\ngobject-introspection\n[1.56.1-1]\n- Update to 1.56.1\n- Resolves: #1569272\ngom\n[0.3.3-1]\n+ gom-0.3.3-1\n- Update to 0.3.3\n- Resolves: #1569961\ngoogle-noto-emoji-fonts\n[20180508-4]\n- Resolves: RHBZ#1582547\n[20180508-3]\n- Only build emoji color font since Fedora 26\n[20180508-2]\n- Use GraphicsMagick instead of ImageMagick\n[20180508-1]\n- Update to upstream snapshot tarball (color emoji font version 2.011)\n- Add patch to build all country flags (Resolves: rhbz#1574195)\ngrilo\n[0.3.6-1]\n- Update to 0.3.6\n- Resolves: #1569962\n[0.3.4-1]\n+ grilo-0.3.4-1\n- Update to 0.3.4\n- Resolves: #1569962\ngrilo-plugins\n[0.3.7-1]\n- Update to 0.3.7\n- Resolves: #1569963\n[0.3.5-1]\n- Update to 0.3.5\n- Resolves: #1569963\ngsettings-desktop-schemas\n[3.28.0-2]\n- Fix lock screen background to show up\n- Resolves: #1597764\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1569273\ngspell\n[1.6.1-1]\n- Update to 1.6.1\n- Resolves: #1569277\ngssdp\n[1.0.2-1]\n+ gssdp-1.0.2-1\n- Update to 1.0.2\n- Resolves: #1569965\ngstreamer1-plugins-base\n[1.10.4-2]\n- Add Conflicts: for plugin moved into this package\n- Resolves: #1451211\ngtk-doc\n[1.28-2]\n- Fix a couple of crasher bugs encountered by halfline (BGO#79601{1,2))\n[1.28-1]\n- Update to 1.28\n- Resolves: #1569971\ngtk3\n[3.22.30-3]\n- Don't hide GdkWindow on grab failure\n- Resolves: #1571422\n[3.22.30-2]\n- Get hard margins for current paper size when printing\n- Resolves: #1507113\n[3.22.30-1]\n- Update to 3.22.30\n- Resolves: #1569975\ngtksourceview3\n[3.24.8-1]\n- Update to 3.24.8\n- Resolves: #1569278\n[3.24.7-1]\n- Update to 3.24.7\n- Resolves: #1569278\ngucharmap\n[10.0.4-1]\n- Update to 10.0.4\n- Resolves: #1569279\ngupnp\n[1.0.2-5]\n+ Update to latest upstream version\n- Resolves: #1569980\ngupnp-igd\n[0.2.5-2]\n- Update to 0.2.5\n- Resolves: #1569988\ngvfs\n[1.36.2-1]\n- Update to 1.36.2\n- Resolves: #1569268\nharfbuzz\n[1.7.5-2]\n- Simply rebuild\n- Resolves: #1576536\n[1.7.5-1]\n- Update to 1.7.5\n- Resolves: #1576536\njson-glib\n[1.4.2-2]\n- Fix multilib -devel installs\n- Resolves: #1624842\n[1.4.2-1]\n- Update to 1.4.2\n- Resolves: #1569284\nlibappstream-glib\n[0.7.8-2]\n- Build with full hardening enabled\n- Resolves: #1616185\n[0.7.8-1]\n- New upstream release\n- Resolves: #1570025\nlibchamplain\n[0.12.16-2]\n- Update to 0.12.16\n- Resolves: #1569989\nlibcroco\n[0.6.12-4]\n- Update to 0.6.12\n- Resolves: #1569991\nlibgdata\n[0.17.9-1]\n- Update to 0.17.9\n- Resolves: #1570004\nlibgee\n[0.20.1-1]\n- Update to 0.20.1\n- Resolves: #1569285\nlibgepub\n[0.6.0-1]\n- Update to 0.6.0\n- Resolves: #1569288\n[0.4-1]\n- Update to 0.4\n[0.3-0.1.git395779e]\n- Initial Fedora build\nlibgexiv2\n[0.10.8-1]\n- Update to 0.10.8\n- Resolves: #1570008\nlibgnomekbd\n[3.26.0-1]\n- Update to 3.26.0\n- Resolves: #1569289\nlibgovirt\n[0.3.4-1]\n- Rebase to latest 0.3.4 upstream release. Still quite a few patches as\n there was no 0.3.5 release yet\n Resolves: rhbz#1584266\nlibgtop2\n[2.38.0-3]\n- Update to 2.38.0\n- Resolves: #1569294\nlibgweather\n[3.28.2-2]\n- Fix dangling symbolic link to README.md\n- Resolves: #1569295\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1569295\n[3.28.1-2]\n- Backport a patch to fix a gnome-shell crash\n- Related: #1569295\n[3.28.1-1]\n- Update to 3.28.1\n- Resolves: #1569295\nlibgxps\n[0.3.0-4]\n- Fix integer overflow in png decoder\n- Resolves: #1591133\n[0.3.0-3]\n- Fix crash in loading of png image\n- Resolves: #1575188\n[0.3.0-2]\n- Ensure gxps_archive_read_entry() fills the GError in case of failure\n- Handle errors returned by archive_read_data()\n- Resolves: #1574844\n[0.3.0-1]\n- Update to 0.3.0\n- Resolves: #1569731\nlibical\n[3.0.3-2]\n- Update Requires of libical-glib-devel\n[3.0.3-1]\n- Update to 3.0.3 and build compat-libical1 subpackage\n- Resolves: #1584655\nlibjpeg-turbo\n[1.2.90-6]\n- Add pkgconfig scripts (#1581687)\nlibmediaart\n[1.9.4-1]\n- Update to 1.9.4\n- Resolves: #1570009\nlibosinfo\n[1.1.0-2]\n- New upstream release 1.1.0\n- Resolves: #1584263\nlibpeas\n[1.22.0-1]\n- Update to 1.22.0\n- Resolves: #1569732\nlibrsvg2\n[2.40.20-1]\n- Update to 2.40.20\n- Resolves: #1569733\nlibsecret\n[0.18.6-1]\n- Update to 0.18.6\n- Resolves: #1570013\nlibsoup\n[2.62.2-2]\n- Backport upstream patch for CVE-2018-12910 - Crash in soup_cookie_jar.c: get_cookies() on empty hostnames\n- Resolves: #1598838\n[2.62.2-1]\n- Update to 2.62.2\n- Resolves: #1569734\n[2.62.1-1]\n- Update to 2.62.1\n- Resolves: #1569734\nlibwnck3\n[3.24.1-2]\n- Update to 3.24.1\n- Resolves: #1569735\nmozjs52\n[52.9.0-1.0.1]\n- Use bugzilla.oracle.com as bug reporting URL.\n[52.9.0-1]\n- Update to 52.9.0\n- Resolves: #1563708\nmutter\n[3.28.3-4]\n- Fix crasher introduced in the previous build\n Related: #1497303 1618632\n[3.28.3-3]\n- ensure monitor hotplugged after start up is activated\n Resolves: #1497303 1618632\n[3.28.3-2]\n- Fix non-lowercase letters on virtual key devices\n- Resolves: #1521077\n[3.28.3-1]\n- Update to 3.28.3\n- Apply HW cursor on-demand patches\n- Apply monitor transform regression patch\n- Resolves: #1569736\n[3.28.2-5]\n- Fix crash when modal closes during drag\n Resolves: #1581454\n[3.28.2-4]\n- rebuild against correct gnome-desktop\n Related: #1593782\n[3.28.2-3]\n- Fix support for external monitor configurations\n- Resolves: #1585230\n[3.28.2-2]\n- Update scroll axes only in slave devices\n- Resolves: #1423374\n[3.28.2-1]\n- Update to 3.28.2\n- Resolves: #1569736\nnautilus\n[3.26.3.1-2]\n- Rework autoar patch and remove the trusted patch, as it's included\n- Resolves: #1569738\n[3.26.3.1-1]\n- Update to 3.26.3.1\n- Resolves: #1569738\nnautilus-sendto-3.8.6-1\n- Update to 3.8.6\n- Resolves: #1570015\nopenchange\n[2.3-3]\n- Add patch to build against libical 3.0\n- Rebuild against rebased samba\n[2.3-2]\n- Add patch to fix connection string\n[2.3-1]\n- Rebase to 2.3 release\nosinfo-db\n[20180531-1.0.1]\n- add ol7.6 os info\n- add ol5 ol6 ol7 os type [orabug 27932947]\n- add win2016 support in 'osinfo-query os' [bug 27210429]\n- osinfo-query command error with OL7U5 [bug 27700001]\n- Update OL7U5 osinfo-db to add OL7U5 release support [bug 27700063]\n- add ol7.4 os info [bug 27175558]\n- Update Oracle Linux OS info [bug 26135475]\n- Add Oracle Linux OS info [bug 18501468]\n- Pack ol.xml into tarball [bug 20410527]\n- Update libosinfo to add all Oracle linux OS release/updates information [bug 26135475]\n[20180531-1]\n- Rebase to 20180531\n- Add RHEL 7.6\n- Resolves: rhbz#1559001, rhbz#1576376\npango\n[1.42.4-1]\n- Update to 1.42.4\n- Security fix for CVE-2018-15120\n- Resolves: #1624192\n[1.42.3-1]\n- Update to 1.42.3\n- Resolves: #1569748\n[1.42.1-2]\n- Provide empty pango-querymodules link to /usr/bin/true\n- Resolves: #1443937\n[1.42.1-1]\n- Update to 1.42.1\n- Resolves: #1569748\npoppler\n[0.26.5-20]\n- Fix crash when Object has negative number (CVE-2018-13988)\n- Resolves: #1609036\n[0.26.5-19]\n- Fix infinite recursion on malformed documents (CVE-2017-18267)\n- Resolves: #1579180\n[0.26.5-18]\n- Fix crash inn AnnotInk::draw() (CVE-2018-10768)\n- Resolves: #1588610\npyatspi\n[2.26.0-3]\n- Require python-gobject instead of python2-gobject\n Related: #1569757\n[2.26.0-2]\n- Update to 2.26.0\n- Resolves: #1569757\noracle-logos\n[70.0.3-4.0.9]\n- Remove orcl_linux_em12c_750x120.png as it has been replaced with generic image [bug 27681288]\n- Regenerate backgrounds/*.jpg from backgrounds/default.png to remove black dot [bug 21375206]\n[70.0.3-4.0.8]\n- Update Oracle banner images.\nrest\n[0.8.1-2]\n- Restore fix for the XML test\nResolves: #1570023\n[0.8.1-1]\n- Update to 0.8.1\nResolves: #1570023\nrhythmbox\n[3.4.2-2]\n+ rhythmbox-3.4.2-2\n- Fix a number of bugs\n- Resolves: #1570024\n[3.4.2-1]\n- Update to 3.4.2\n- Resolves: #1570024\nseahorse-nautilus\n[3.11.92-11]\n- Update to 3.11.92\n- Resolves: #1569784\nshotwell\n[0.28.4-1]\n- Update to 0.28.4\n- Resolves: #1569785\n[0.28.3-2]\n- Fix the Turkish translation\n- Resolves: #1569785\n[0.28.3-1]\n- Update to 0.28.3\n- Resolves: #1569785\nsushi\n[3.28.3-1]\n- Update to 3.28.3\n- Resolves: #1569786\ntotem\n[1:3.26.2-1]\n- Update to 3.26.2\n- Resolves: #1569787\n[3.26.1-1]\n+ totem-3.26.1-1\n- Update to 3.26.1\n- Resolves: #1569787\n[1:3.26.0-1]\n- Update to 3.26.0\n- Resolves: #1569787\ntotem-pl-parser\n[3.26.1-1]\n+ totem-pl-parser-3.26.1-1\n- Update to 3.26.1\n- Resolves: #1569789\n[3.26.0-1]\n+ totem-pl-parser-3.26.0-1\n- Update to 3.26.0\n- Resolves: #1569789\nupower\n[0.99.7-1]\n- Update to 0.99.7\n- Add Bluetooth LE battery support\n- Fix critical action after resume from hibernate\n Resolves: #1584245\nvala\n[0.40.8-1]\n- Update to 0.40.8\n- Resolves: #1569794\n[0.40.6-1]\n- Update to 0.40.6\n- Resolves: #1569794\nvino\n[3.22.0-7]\n- Prevent monitoring all interfaces after change of other props\n- Resolves: #1580577\n[3.22.0-6]\n- Do not restart service after unclean exit code\n- Do not listen all if invalid interface is provided\n- Resolves: #1546043, #1580577\n[3.22.0-5]\n- Return error if X11 is not detected\n- Resolves: #1546043\n[3.22.0-4]\n- Add missing parameter for systemd scriptlets\n- Resolves: #1507892\nvte291\n[0.52.2-2]\n- Fix race between gnome-pty-helper and VteTerminal\nResolves: #1569801, #1590537\n[0.52.2-1]\n- Update to 0.52.2\nResolves: #1569801\nwayland\n[1.15.0-1]\n- Update to 1.15.0\n- Resolves: #1576489\nwayland-protocols\n[1.14-1]\n- Update to 1.14\n- Resolves: #1554439\nwebkitgtk4\n[2.20.5-1]\n- Update to 2.20.5 - technically it was not necessary as the only difference\n between 2.20.4 and .5 was the revert of one change, that we already reverted\n while building 2.20.4. But it's better to stay with upstream.\n- Update the labels patch with the version that was pushed upstream.\n- Resolves: rhbz#1576544\n[2.20.4-2]\n- webkitgtk4: Crash on Google login page when a11y is active\n- Resolves: rhbz#1503624\n- Revert patch causing rendering glitches\n[2.20.4-1]\n- Update to 2.20.4\n- Resolves: rhbz#1576544\n- WebKitWebProcess crashes when a11y is active\n- Resolves: rhbz#1591638\nxdg-desktop-portal\n[1.0.2-1]\n- Rebase to 1.0.2 (#1570030)\nxdg-desktop-portal-gtk\n[1.0.2-1]\n- Update to 1.0.2 (#1570030)\nyelp\n[2:3.28.1-1]\n- Update to 3.28.1\n- Resolves: #1569802\nyelp-tools\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1569805\nyelp-xsl\n[3.28.0-1]\n- Update to 3.28.0\n- Resolves: #1569806\nzenity\n[3.28.1-1]\n- Update to 3.28.1\n- Resolves: #1569809", "edition": 70, "modified": "2018-11-05T00:00:00", "published": "2018-11-05T00:00:00", "id": "ELSA-2018-3140", "href": "http://linux.oracle.com/errata/ELSA-2018-3140.html", "title": "GNOME security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-12T20:47:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-18897", "CVE-2019-7310", "CVE-2019-12293", "CVE-2018-20481", "CVE-2018-20662", "CVE-2019-9903", "CVE-2019-9959", "CVE-2019-9631", "CVE-2019-9200"], "description": "[0.66.0-11.el8_0.12]\n- Ignore dict Length if it is broken\n- Resolves: #1741146\n[0.66.0-11.el8_0.11]\n- Check whether input is RGB in PSOutputDev::checkPageSlice()\n- (also when using '-optimizecolorspace' flag)\n- Resolves: #1741145\n[0.66.0-11.el8_0.10]\n- Fail gracefully if not all components of JPEG2000Stream\n- have the same size\n- Resolves: #1740612\n[0.66.0-11.el8_0.9]\n- Fix stack overflow on broken file\n- Resolves: #1717867\n[0.66.0-11.el8_0.8]\n- Constrain number of cycles in rescale filter\n- Compute correct coverage values for box filter\n- Resolves: #1717866\n[0.66.0-11.el8_0.7]\n- Fix possible crash on broken files in ImageStream::getLine()\n- Resolves: #1717803\n[0.66.0-11.el8_0.6]\n- Move the fileSpec.dictLookup call inside fileSpec.isDict if\n- Resolves: #1717788\n[0.66.0-11.el8_0.5]\n- Defend against requests for negative XRef indices\n- Resolves: #1717779\n[0.66.0-11.el8_0.4]\n- Do not try to parse into unallocated XRef entry\n- Resolves: #1717790\n[0.66.0-11.el8_0.3]\n- Avoid global display profile state becoming an uncontrolled\n- memory leak\n- Resolves: #1717776\n[0.66.0-11.el8_0.2]\n- Check Catalog from XRef for being a Dict\n- Resolves: #1690480\n[0.66.0-11.el8_0.1]\n- Do not try to construct invalid rich media annotation assets\n- Resolves: #1690478\n[0.66.0-11]\n- Fix tiling patterns when pattern cell is too far\n- Resolves: #1644094", "edition": 1, "modified": "2019-09-12T00:00:00", "published": "2019-09-12T00:00:00", "id": "ELSA-2019-2713", "href": "http://linux.oracle.com/errata/ELSA-2019-2713.html", "title": "poppler security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:32:44", "bulletinFamily": "unix", "cvelist": ["CVE-2015-9381", "CVE-2018-13988", "CVE-2018-10768", "CVE-2018-12910", "CVE-2017-2862", "CVE-2017-18267", "CVE-2015-9382", "CVE-2018-10767", "CVE-2018-10733"], "description": "**CentOS Errata and Security Advisory** CESA-2018:3140\n\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux.\n\nSecurity Fix(es):\n\n* libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910)\n\n* poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267)\n\n* libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733)\n\n* libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767)\n\n* poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768)\n\n* poppler: out of bounds read in pdfunite (CVE-2018-13988)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-February/035217.html\nhttp://lists.centos.org/pipermail/centos-announce/2020-July/035782.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005310.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005313.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005318.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005320.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005321.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005322.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005326.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005332.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005333.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005334.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005338.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005341.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005343.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005344.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005355.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005356.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005357.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005367.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005370.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005371.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005373.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005374.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005375.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005376.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005377.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005381.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005383.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005384.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005386.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005389.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005390.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005392.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005394.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005395.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005396.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005397.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005399.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005400.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005405.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005406.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005407.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005409.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005410.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005412.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005413.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005414.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005415.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005416.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005417.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005418.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005419.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005420.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005421.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005422.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005423.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005424.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005425.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005426.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005427.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005428.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005429.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005430.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005431.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005432.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005433.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005436.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005437.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005438.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005439.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005440.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005441.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005442.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005443.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005444.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005445.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005446.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005448.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005449.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005450.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005451.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005452.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005455.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005456.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005457.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005458.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005459.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005460.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005461.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005462.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005463.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005464.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005465.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005467.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005483.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005491.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005495.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005496.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005502.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005503.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005504.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005505.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005507.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005508.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005509.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005511.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005512.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005513.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005519.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005521.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005522.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005529.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005530.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005534.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005542.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005564.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005567.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005570.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005571.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005587.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005596.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005600.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005612.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005614.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005632.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005634.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005646.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005652.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005660.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005677.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005681.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005682.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005687.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005690.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005693.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005698.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005701.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005702.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005703.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005708.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005709.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005735.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005736.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005737.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005741.html\n\n**Affected packages:**\nPackageKit\nPackageKit-command-not-found\nPackageKit-cron\nPackageKit-glib\nPackageKit-glib-devel\nPackageKit-gstreamer-plugin\nPackageKit-gtk3-module\nPackageKit-yum\nPackageKit-yum-plugin\naccountsservice\naccountsservice-devel\naccountsservice-libs\nadwaita-cursor-theme\nadwaita-gtk2-theme\nadwaita-icon-theme\nadwaita-icon-theme-devel\nappstream-data\nat-spi2-atk\nat-spi2-atk-devel\nat-spi2-core\nat-spi2-core-devel\natk\natk-devel\nbaobab\nbolt\nbrasero\nbrasero-devel\nbrasero-libs\nbrasero-nautilus\ncairo\ncairo-devel\ncairo-gobject\ncairo-gobject-devel\ncairo-tools\ncheese\ncheese-libs\ncheese-libs-devel\nclutter-gst3\nclutter-gst3-devel\ncompat-exiv2-023\ncompat-libical1\ncontrol-center\ncontrol-center-filesystem\ndconf\ndconf-devel\ndconf-editor\ndevhelp\ndevhelp-devel\ndevhelp-libs\nekiga\nempathy\neog\neog-devel\nevince\nevince-browser-plugin\nevince-devel\nevince-dvi\nevince-libs\nevince-nautilus\nevolution\nevolution-bogofilter\nevolution-data-server\nevolution-data-server-devel\nevolution-data-server-doc\nevolution-data-server-langpacks\nevolution-data-server-perl\nevolution-data-server-tests\nevolution-devel\nevolution-devel-docs\nevolution-ews\nevolution-ews-langpacks\nevolution-help\nevolution-langpacks\nevolution-mapi\nevolution-mapi-langpacks\nevolution-pst\nevolution-spamassassin\nevolution-tests\nfile-roller\nfile-roller-nautilus\nflatpak\nflatpak-builder\nflatpak-devel\nflatpak-libs\nfolks\nfolks-devel\nfolks-tools\nfontconfig\nfontconfig-devel\nfontconfig-devel-doc\nfreetype\nfreetype-demos\nfreetype-devel\nfribidi\nfribidi-devel\nfwupd\nfwupd-devel\nfwupdate\nfwupdate-devel\nfwupdate-efi\nfwupdate-libs\ngcr\ngcr-devel\ngdk-pixbuf2\ngdk-pixbuf2-devel\ngdk-pixbuf2-tests\ngdm\ngdm-devel\ngdm-pam-extensions-devel\ngedit\ngedit-devel\ngedit-plugin-bookmarks\ngedit-plugin-bracketcompletion\ngedit-plugin-charmap\ngedit-plugin-codecomment\ngedit-plugin-colorpicker\ngedit-plugin-colorschemer\ngedit-plugin-commander\ngedit-plugin-drawspaces\ngedit-plugin-findinfiles\ngedit-plugin-joinlines\ngedit-plugin-multiedit\ngedit-plugin-smartspaces\ngedit-plugin-synctex\ngedit-plugin-terminal\ngedit-plugin-textsize\ngedit-plugin-translate\ngedit-plugin-wordcompletion\ngedit-plugins\ngedit-plugins-data\ngeoclue2\ngeoclue2-demos\ngeoclue2-devel\ngeoclue2-libs\ngeocode-glib\ngeocode-glib-devel\ngjs\ngjs-devel\ngjs-tests\nglade\nglade-devel\nglade-libs\nglib-networking\nglib-networking-tests\nglib2\nglib2-devel\nglib2-doc\nglib2-fam\nglib2-static\nglib2-tests\nglibmm24\nglibmm24-devel\nglibmm24-doc\ngnome-backgrounds\ngnome-bluetooth\ngnome-bluetooth-libs\ngnome-bluetooth-libs-devel\ngnome-boxes\ngnome-calculator\ngnome-classic-session\ngnome-clocks\ngnome-color-manager\ngnome-contacts\ngnome-desktop3\ngnome-desktop3-devel\ngnome-desktop3-tests\ngnome-devel-docs\ngnome-dictionary\ngnome-disk-utility\ngnome-documents\ngnome-documents-libs\ngnome-font-viewer\ngnome-getting-started-docs\ngnome-getting-started-docs-cs\ngnome-getting-started-docs-de\ngnome-getting-started-docs-es\ngnome-getting-started-docs-fr\ngnome-getting-started-docs-gl\ngnome-getting-started-docs-hu\ngnome-getting-started-docs-it\ngnome-getting-started-docs-pl\ngnome-getting-started-docs-pt_BR\ngnome-getting-started-docs-ru\ngnome-initial-setup\ngnome-keyring\ngnome-keyring-pam\ngnome-online-accounts\ngnome-online-accounts-devel\ngnome-online-miners\ngnome-packagekit\ngnome-packagekit-common\ngnome-packagekit-installer\ngnome-packagekit-updater\ngnome-screenshot\ngnome-session\ngnome-session-custom-session\ngnome-session-wayland-session\ngnome-session-xsession\ngnome-settings-daemon\ngnome-settings-daemon-devel\ngnome-shell\ngnome-shell-extension-alternate-tab\ngnome-shell-extension-apps-menu\ngnome-shell-extension-auto-move-windows\ngnome-shell-extension-common\ngnome-shell-extension-dash-to-dock\ngnome-shell-extension-drive-menu\ngnome-shell-extension-launch-new-instance\ngnome-shell-extension-native-window-placement\ngnome-shell-extension-no-hot-corner\ngnome-shell-extension-panel-favorites\ngnome-shell-extension-places-menu\ngnome-shell-extension-screenshot-window-sizer\ngnome-shell-extension-systemMonitor\ngnome-shell-extension-top-icons\ngnome-shell-extension-updates-dialog\ngnome-shell-extension-user-theme\ngnome-shell-extension-window-list\ngnome-shell-extension-windowsNavigator\ngnome-shell-extension-workspace-indicator\ngnome-shell-extensions\ngnome-software\ngnome-software-devel\ngnome-software-editor\ngnome-system-monitor\ngnome-terminal\ngnome-terminal-nautilus\ngnome-themes-standard\ngnome-tweak-tool\ngnome-user-docs\ngnote\ngobject-introspection\ngobject-introspection-devel\ngom\ngom-devel\ngoogle-noto-emoji-color-fonts\ngoogle-noto-emoji-fonts\ngrilo\ngrilo-devel\ngrilo-plugins\ngsettings-desktop-schemas\ngsettings-desktop-schemas-devel\ngspell\ngspell-devel\ngspell-doc\ngssdp\ngssdp-devel\ngssdp-docs\ngssdp-utils\ngstreamer1-plugins-base\ngstreamer1-plugins-base-devel\ngstreamer1-plugins-base-devel-docs\ngstreamer1-plugins-base-tools\ngtk-doc\ngtk-update-icon-cache\ngtk3\ngtk3-devel\ngtk3-devel-docs\ngtk3-immodule-xim\ngtk3-immodules\ngtk3-tests\ngtksourceview3\ngtksourceview3-devel\ngtksourceview3-tests\ngucharmap\ngucharmap-devel\ngucharmap-libs\ngupnp\ngupnp-devel\ngupnp-docs\ngupnp-igd\ngupnp-igd-devel\ngupnp-igd-python\ngvfs\ngvfs-afc\ngvfs-afp\ngvfs-archive\ngvfs-client\ngvfs-devel\ngvfs-fuse\ngvfs-goa\ngvfs-gphoto2\ngvfs-mtp\ngvfs-smb\ngvfs-tests\nharfbuzz\nharfbuzz-devel\nharfbuzz-icu\njson-glib\njson-glib-devel\njson-glib-tests\nlibappstream-glib\nlibappstream-glib-builder\nlibappstream-glib-builder-devel\nlibappstream-glib-devel\nlibchamplain\nlibchamplain-demos\nlibchamplain-devel\nlibchamplain-gtk\nlibcroco\nlibcroco-devel\nlibgdata\nlibgdata-devel\nlibgee\nlibgee-devel\nlibgepub\nlibgepub-devel\nlibgexiv2\nlibgexiv2-devel\nlibgnomekbd\nlibgnomekbd-devel\nlibgovirt\nlibgovirt-devel\nlibgtop2\nlibgtop2-devel\nlibgweather\nlibgweather-devel\nlibgxps\nlibgxps-devel\nlibgxps-tools\nlibical\nlibical-devel\nlibical-glib\nlibical-glib-devel\nlibical-glib-doc\nlibmediaart\nlibmediaart-devel\nlibmediaart-tests\nlibosinfo\nlibosinfo-devel\nlibosinfo-vala\nlibpeas\nlibpeas-devel\nlibpeas-gtk\nlibpeas-loader-python\nlibrsvg2\nlibrsvg2-devel\nlibrsvg2-tools\nlibsecret\nlibsecret-devel\nlibsoup\nlibsoup-devel\nlibwayland-client\nlibwayland-cursor\nlibwayland-egl\nlibwayland-server\nlibwnck3\nlibwnck3-devel\nmozjs52\nmozjs52-devel\nmutter\nmutter-devel\nnautilus\nnautilus-devel\nnautilus-extensions\nnautilus-sendto\nopenchange\nopenchange-client\nopenchange-devel\nopenchange-devel-docs\nosinfo-db\npango\npango-devel\npango-tests\npoppler\npoppler-cpp\npoppler-cpp-devel\npoppler-demos\npoppler-devel\npoppler-glib\npoppler-glib-devel\npoppler-qt\npoppler-qt-devel\npoppler-utils\npyatspi\npython2-gexiv2\npython2-pyatspi\nrest\nrest-devel\nrhythmbox\nrhythmbox-devel\nseahorse-nautilus\nshotwell\nsushi\ntotem\ntotem-devel\ntotem-nautilus\ntotem-pl-parser\ntotem-pl-parser-devel\nupower\nupower-devel\nupower-devel-docs\nvala\nvala-devel\nvala-doc\nvaladoc\nvaladoc-devel\nvino\nvte-profile\nvte291\nvte291-devel\nwayland\nwayland-devel\nwayland-doc\nwayland-protocols\nwayland-protocols-devel\nwebkitgtk4\nwebkitgtk4-devel\nwebkitgtk4-doc\nwebkitgtk4-jsc\nwebkitgtk4-jsc-devel\nwebkitgtk4-plugin-process-gtk2\nxdg-desktop-portal\nxdg-desktop-portal-devel\nxdg-desktop-portal-gtk\nyelp\nyelp-devel\nyelp-libs\nyelp-tools\nyelp-xsl\nyelp-xsl-devel\nzenity\n\n**Upstream details at:**\n", "edition": 95, "modified": "2020-07-30T00:09:07", "published": "2018-11-15T18:43:07", "id": "CESA-2018:3140", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005310.html", "title": "PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, pyatspi, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-10-14T02:03:21", "bulletinFamily": "unix", "cvelist": ["CVE-2015-9381", "CVE-2015-9382", "CVE-2017-18267", "CVE-2017-2862", "CVE-2018-10733", "CVE-2018-10767", "CVE-2018-10768", "CVE-2018-12910", "CVE-2018-13988"], "description": "GNOME is the default desktop environment of Red Hat Enterprise Linux.\n\nSecurity Fix(es):\n\n* libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910)\n\n* poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267)\n\n* libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733)\n\n* libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767)\n\n* poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768)\n\n* poppler: out of bounds read in pdfunite (CVE-2018-13988)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "modified": "2020-10-14T05:29:45", "published": "2018-10-30T08:22:45", "id": "RHSA-2018:3140", "href": "https://access.redhat.com/errata/RHSA-2018:3140", "type": "redhat", "title": "(RHSA-2018:3140) Moderate: GNOME security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:32:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-9262", "CVE-2016-9396", "CVE-2017-1000050", "CVE-2017-18267", "CVE-2017-3735", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000805", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-10733", "CVE-2018-10767", "CVE-2018-10768", "CVE-2018-10844", "CVE-2018-10845", "CVE-2018-10846", "CVE-2018-12384", "CVE-2018-12910", "CVE-2018-13988", "CVE-2018-14679", "CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-16837", "CVE-2018-17456"], "description": "Red Hat Ansible Tower 3.3.1 is now available and contains the following bug fixes:\n\n- Fixed event callback error when in-line vaulted variables are used with ``include_vars``\n- Fixed HSTS and X-Frame-Options to properly be set in nginx configuration\n- Fixed isolated node setup to no longer fail when ``ansible_host`` is used\n- Fixed selection of custom virtual environments in job template creation \n- Fixed websockets for job details to properly work\n- Fixed the ``/api/v2/authtoken`` compatibility shim\n- Fixed page size selection on the jobs screen\n- Fixed instances in an instance group to properly be disabled in the user interface\n- Fixed the job template selection in workflow creation to properly render\n- Fixed ``member_attr`` to properly set on some LDAP configurations during upgrade, preventing login\n- Fixed ``PosixUIDGroupType`` LDAP configurations\n- Improved the RAM requirement in the installer preflight check\n- Updated Tower to properly report an error when relaunch was used on a set of failed hosts that is too large\n- Updated sosreport configuration to gather more python environment, nginx, and supervisor configuration\n- Fixed display of extra_vars for scheduled jobs", "modified": "2018-11-06T15:40:15", "published": "2018-11-06T15:39:03", "id": "RHSA-2018:3505", "href": "https://access.redhat.com/errata/RHSA-2018:3505", "type": "redhat", "title": "(RHSA-2018:3505) Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-10T18:48:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959"], "description": "Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nSecurity Fix(es):\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\n* poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-09-10T21:42:35", "published": "2019-09-10T19:32:22", "id": "RHSA-2019:2713", "href": "https://access.redhat.com/errata/RHSA-2019:2713", "type": "redhat", "title": "(RHSA-2019:2713) Moderate: poppler security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
