Lucene search
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1116.NASLHistorySep 28, 2017 - 12:00 a.m.
Debian DLA-1116-1 : poppler security update
2017-09-2800:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
It was discovered that poppler, a PDF rendering library, was affected by several denial of service (application crash), NULL pointer dereferences and memory corruption bugs :
CVE-2017-14517 NULL pointer Dereference in the XRef::parseEntry() function in XRef.cc
CVE-2017-14519 Memory corruption occurs in a call to Object::streamGetChar that may lead to a denial of service or other unspecified impact.
CVE-2017-14617 Potential buffer overflow in the ImageStream class in Stream.cc, which may lead to a denial of service or other unspecified impact.
For Debian 7 ‘Wheezy’, these problems have been fixed in version 0.18.4-6+deb7u3.
We recommend that you upgrade your poppler packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1116-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(103519);
script_version("3.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2017-14517", "CVE-2017-14519", "CVE-2017-14617");
script_name(english:"Debian DLA-1116-1 : poppler security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that poppler, a PDF rendering library, was affected
by several denial of service (application crash), NULL pointer
dereferences and memory corruption bugs :
CVE-2017-14517 NULL pointer Dereference in the XRef::parseEntry()
function in XRef.cc
CVE-2017-14519 Memory corruption occurs in a call to
Object::streamGetChar that may lead to a denial of service or other
unspecified impact.
CVE-2017-14617 Potential buffer overflow in the ImageStream class in
Stream.cc, which may lead to a denial of service or other unspecified
impact.
For Debian 7 'Wheezy', these problems have been fixed in version
0.18.4-6+deb7u3.
We recommend that you upgrade your poppler packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2017/09/msg00033.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/poppler"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-cpp0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-private-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt4-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler19");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:poppler-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:poppler-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2017/09/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/28");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"gir1.2-poppler-0.18", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libpoppler-cpp-dev", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libpoppler-cpp0", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libpoppler-dev", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libpoppler-glib-dev", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libpoppler-glib8", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libpoppler-private-dev", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libpoppler-qt4-3", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libpoppler-qt4-dev", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libpoppler19", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"poppler-dbg", reference:"0.18.4-6+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"poppler-utils", reference:"0.18.4-6+deb7u3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | libpoppler-qt4-dev | p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev |
| debian | debian_linux | libpoppler19 | p-cpe:/a:debian:debian_linux:libpoppler19 |
| debian | debian_linux | poppler-dbg | p-cpe:/a:debian:debian_linux:poppler-dbg |
| debian | debian_linux | poppler-utils | p-cpe:/a:debian:debian_linux:poppler-utils |
| debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
| debian | debian_linux | gir1.2-poppler-0.18 | p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18 |
| debian | debian_linux | libpoppler-cpp-dev | p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev |
| debian | debian_linux | libpoppler-cpp0 | p-cpe:/a:debian:debian_linux:libpoppler-cpp0 |
| debian | debian_linux | libpoppler-dev | p-cpe:/a:debian:debian_linux:libpoppler-dev |
| debian | debian_linux | libpoppler-glib-dev | p-cpe:/a:debian:debian_linux:libpoppler-glib-dev |
Related
openvas
openvas
Debian: Security Advisory (DLA-1116-1)
2018-02-06 00:00:00
Ubuntu: Security Advisory (USN-3433-1)
2018-10-26 00:00:00
Mageia: Security Advisory (MGASA-2017-0360)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DLA 1116-1] poppler security update
2017-09-27 20:57:03
[SECURITY] [DSA 4079-1] poppler security update
2018-01-07 20:52:14
osv
osv
poppler - security update
2017-09-27 00:00:00
poppler - security update
2018-01-07 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : poppler vulnerabilities (USN-3433-1)
2017-10-03 00:00:00
Fedora 26 : poppler (2017-51ff8fe326)
2017-11-08 00:00:00
Fedora 27 : poppler (2017-025ff38ac9)
2018-01-15 00:00:00
ubuntu
ubuntu
poppler vulnerabilities
2017-10-02 00:00:00
poppler vulnerabilities
2017-10-06 00:00:00
mageia
mageia
Updated poppler packages fix security vulnerabilities
2017-10-05 23:37:56
Updated poppler packages fix security vulnerabilities
2017-10-19 21:14:02
fedora
fedora
[SECURITY] Fedora 26 Update: poppler-0.52.0-9.fc26
2017-11-07 22:21:09
[SECURITY] Fedora 27 Update: poppler-0.57.0-5.fc27
2017-11-11 03:25:46
[SECURITY] Fedora 27 Update: poppler-0.57.0-5.fc27
2017-11-11 13:43:17
prion
prion
Null pointer dereference
2017-09-17 23:29:00
Memory corruption
2017-09-17 23:29:00
Authentication flaw
2017-09-20 21:29:00
veracode
veracode
Denial Of Service (DoS)
2018-05-08 13:48:44
cve
cve
debiancve
debiancve
redhatcve
redhatcve
ubuntucve
ubuntucve
suse
suse
Security update for poppler (moderate)
2018-06-16 15:10:22
Related for DEBIAN_DLA-1116.NASL