ID SSA-2010-324-02 Type slackware Reporter Slackware Linux Project Modified 2010-11-21T00:21:03
Description
New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
and -current to fix security issues.
Here are the details from the Slackware 13.1 ChangeLog:
patches/packages/poppler-0.12.4-i486-2_slack13.1.txz: Rebuilt.
This updated package includes patches based on xpdf 3.02pl5.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
( Security fix )
Where to find the new packages:
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/poppler-0.6.2-i486-3_slack12.0.tgz
Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/poppler-0.6.4-i486-3_slack12.1.tgz
Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/poppler-0.8.5-i486-4_slack12.2.tgz
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/poppler-0.10.7-i486-3_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/poppler-0.10.7-x86_64-3_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/poppler-0.12.4-i486-2_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/poppler-0.12.4-x86_64-2_slack13.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/poppler-0.14.5-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/poppler-0.14.5-x86_64-1.txz
Upgrade the package as root:
> upgradepkg poppler-0.12.4-i486-2_slack13.1.txz
{"id": "SSA-2010-324-02", "type": "slackware", "bulletinFamily": "unix", "title": "[slackware-security] poppler", "description": "New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/poppler-0.12.4-i486-2_slack13.1.txz: Rebuilt.\n This updated package includes patches based on xpdf 3.02pl5.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/poppler-0.6.2-i486-3_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/poppler-0.6.4-i486-3_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/poppler-0.8.5-i486-4_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/poppler-0.10.7-i486-3_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/poppler-0.10.7-x86_64-3_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/poppler-0.12.4-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/poppler-0.12.4-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/poppler-0.14.5-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/poppler-0.14.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n8daaca1fcbe6a3e8991cd68eba2a516c poppler-0.6.2-i486-3_slack12.0.tgz\n\nSlackware 12.1 package:\n414b080307ae2cc7809bd421dc401be7 poppler-0.6.4-i486-3_slack12.1.tgz\n\nSlackware 12.2 package:\n5cda063f8afba904fd9b78ba1a43143b poppler-0.8.5-i486-4_slack12.2.tgz\n\nSlackware 13.0 package:\nf38fbb19427c17b0b5bf9cf56a14109a poppler-0.10.7-i486-3_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n886303af116b212a4ee9ae40a9a55b56 poppler-0.10.7-x86_64-3_slack13.0.txz\n\nSlackware 13.1 package:\nc8cb877d707c01c868c39d7730bbdf59 poppler-0.12.4-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n2fbd0553642b50722273844e9b0d3f6c poppler-0.12.4-x86_64-2_slack13.1.txz\n\nSlackware -current package:\nd9e6c4447fa3e4eab10dc96556a36922 poppler-0.14.5-i486-1.txz\n\nSlackware x86_64 -current package:\nb9cd966f542c7bb56d201b59e04934a7 poppler-0.14.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg poppler-0.12.4-i486-2_slack13.1.txz", "published": "2010-11-21T00:21:03", "modified": "2010-11-21T00:21:03", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.475147", "reporter": "Slackware Linux Project", "references": [], "cvelist": ["CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"], "lastseen": "2020-12-24T12:39:18", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3704", "CVE-2010-3703", "CVE-2010-3702"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310862467", "OPENVAS:840521", "OPENVAS:1361412562310122266", "OPENVAS:136141256231068675", "OPENVAS:862467", "OPENVAS:1361412562310831246", "OPENVAS:136141256231068674", "OPENVAS:831246", "OPENVAS:1361412562310862460", "OPENVAS:1361412562310862593"]}, {"type": "nessus", "idList": ["SUSE_11_1_LIBPOPPLER-DEVEL-101021.NASL", "REDHAT-RHSA-2010-0752.NASL", "REDHAT-RHSA-2010-0754.NASL", "SL_20101110_POPPLER_ON_SL6_X.NASL", "CENTOS_RHSA-2010-0749.NASL", "ORACLELINUX_ELSA-2010-0753.NASL", "REDHAT-RHSA-2010-0859.NASL", "CENTOS_RHSA-2010-0753.NASL", "REDHAT-RHSA-2010-0753.NASL", "CENTOS_RHSA-2010-0752.NASL"]}, {"type": "slackware", "idList": ["SSA-2010-324-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0749", "ELSA-2010-0859"]}, {"type": "fedora", "idList": ["FEDORA:38D4B110845", "FEDORA:3CC1711158A", "FEDORA:021DE1119B9", "FEDORA:56E1811061A", "FEDORA:DC2AF110A87"]}, {"type": "redhat", "idList": ["RHSA-2010:0751", "RHSA-2010:0859", "RHSA-2010:0749"]}, {"type": "ubuntu", "idList": ["USN-1005-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2116-1:BF569"]}, {"type": "centos", "idList": ["CESA-2010:0753", "CESA-2010:0751"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11200"]}], "modified": "2020-12-24T12:39:18", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2020-12-24T12:39:18", "rev": 2}, "vulnersScore": 6.5}, "affectedPackage": [{"OS": "Slackware", "OSVersion": "12.0", "arch": "i486", "packageName": "poppler", "packageVersion": "0.6.2", "packageFilename": "poppler-0.6.2-i486-3_slack12.0.tgz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "arch": "i486", "packageName": "poppler", "packageVersion": "0.6.4", "packageFilename": "poppler-0.6.4-i486-3_slack12.1.tgz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.2", "arch": "i486", "packageName": "poppler", "packageVersion": "0.8.5", "packageFilename": "poppler-0.8.5-i486-4_slack12.2.tgz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "arch": "i486", "packageName": "poppler", "packageVersion": "0.10.7", "packageFilename": "poppler-0.10.7-i486-3_slack13.0.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "arch": "x86_64", "packageName": "poppler", "packageVersion": "0.10.7", "packageFilename": "poppler-0.10.7-x86_64-3_slack13.0.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "arch": "i486", "packageName": "poppler", "packageVersion": "0.12.4", "packageFilename": "poppler-0.12.4-i486-2_slack13.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "arch": "x86_64", "packageName": "poppler", "packageVersion": "0.12.4", "packageFilename": "poppler-0.12.4-x86_64-2_slack13.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "i486", "packageName": "poppler", "packageVersion": "0.14.5", "packageFilename": "poppler-0.14.5-i486-1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "x86_64", "packageName": "poppler", "packageVersion": "0.14.5", "packageFilename": "poppler-0.14.5-x86_64-1.txz", "operator": "lt"}]}
{"cve": [{"lastseen": "2020-10-03T11:57:29", "description": "The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.", "edition": 3, "cvss3": {}, "published": "2010-11-05T18:00:00", "title": "CVE-2010-3703", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3703"], "modified": "2011-01-22T06:43:00", "cpe": ["cpe:/a:poppler:poppler:0.9.3", "cpe:/a:poppler:poppler:0.12.0", "cpe:/a:poppler:poppler:0.9.1", "cpe:/a:poppler:poppler:0.15.1", "cpe:/a:poppler:poppler:0.10.5", "cpe:/a:poppler:poppler:0.13.3", "cpe:/a:poppler:poppler:0.14.5", "cpe:/a:poppler:poppler:0.10.2", "cpe:/a:poppler:poppler:0.11.3", "cpe:/a:poppler:poppler:0.10.6", "cpe:/a:poppler:poppler:0.12.3", "cpe:/a:poppler:poppler:0.10.1", "cpe:/a:poppler:poppler:0.11.2", "cpe:/a:poppler:poppler:0.14.2", "cpe:/a:poppler:poppler:0.14.0", "cpe:/a:poppler:poppler:0.13.0", "cpe:/a:poppler:poppler:0.14.4", "cpe:/a:poppler:poppler:0.11.0", "cpe:/a:poppler:poppler:0.10.0", "cpe:/a:poppler:poppler:0.14.3", "cpe:/a:poppler:poppler:0.12.1", "cpe:/a:poppler:poppler:0.10.3", "cpe:/a:poppler:poppler:0.13.1", "cpe:/a:poppler:poppler:0.12.2", "cpe:/a:poppler:poppler:0.14.1", "cpe:/a:poppler:poppler:0.9.0", "cpe:/a:poppler:poppler:0.13.2", "cpe:/a:poppler:poppler:0.11.1", "cpe:/a:poppler:poppler:0.10.4", "cpe:/a:poppler:poppler:0.15.0", "cpe:/a:poppler:poppler:0.10.7", "cpe:/a:poppler:poppler:0.13.4", "cpe:/a:poppler:poppler:0.8.7", "cpe:/a:poppler:poppler:0.12.4", "cpe:/a:poppler:poppler:0.9.2"], "id": "CVE-2010-3703", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3703", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-24T13:03:33", "description": "The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.", "edition": 4, "cvss3": {}, "published": "2010-11-05T18:00:00", "title": "CVE-2010-3702", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3702"], "modified": "2020-12-23T15:01:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:opensuse:opensuse:11.2", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/a:xpdfreader:xpdf:3.02", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:fedoraproject:fedora:13", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:fedoraproject:fedora:14", "cpe:/a:freedesktop:poppler:0.15.1", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:opensuse:opensuse:11.1", "cpe:/o:opensuse:opensuse:11.3", "cpe:/o:fedoraproject:fedora:12", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:apple:cups:1.3.11", "cpe:/o:suse:linux_enterprise_server:9", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:xpdfreader:xpdf:3.01"], "id": "CVE-2010-3702", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3702", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xpdfreader:xpdf:3.02:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.02:pl2:*:*:*:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.01:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.02:pl3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.02:pl4:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.02:pl1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:43", "description": "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.", "edition": 6, "cvss3": {}, "published": "2010-11-05T18:00:00", "title": "CVE-2010-3704", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3704"], "modified": "2019-03-06T16:30:00", "cpe": ["cpe:/a:glyphandcog:xpdfreader:3.02", "cpe:/a:kde:kdegraphics:*", "cpe:/a:poppler:poppler:0.9.3", "cpe:/a:glyphandcog:xpdfreader:0.4", "cpe:/a:poppler:poppler:0.12.0", "cpe:/a:foolabs:xpdf:0.91c", "cpe:/a:poppler:poppler:0.9.1", "cpe:/a:foolabs:xpdf:0.92a", "cpe:/a:foolabs:xpdf:0.91b", "cpe:/a:poppler:poppler:0.15.1", "cpe:/a:poppler:poppler:0.10.5", "cpe:/a:poppler:poppler:0.13.3", "cpe:/a:poppler:poppler:0.14.5", "cpe:/a:poppler:poppler:0.10.2", "cpe:/a:foolabs:xpdf:1.00a", "cpe:/a:poppler:poppler:0.11.3", "cpe:/a:glyphandcog:xpdfreader:0.3", "cpe:/a:poppler:poppler:0.10.6", "cpe:/a:glyphandcog:xpdfreader:0.6", "cpe:/a:glyphandcog:xpdfreader:0.91", "cpe:/a:glyphandcog:xpdfreader:0.5", "cpe:/a:foolabs:xpdf:3.02pl3", "cpe:/a:foolabs:xpdf:3.02pl1", "cpe:/a:foolabs:xpdf:0.92b", "cpe:/a:poppler:poppler:0.12.3", "cpe:/a:poppler:poppler:0.10.1", "cpe:/a:glyphandcog:xpdfreader:3.01", "cpe:/a:foolabs:xpdf:0.93b", "cpe:/a:glyphandcog:xpdfreader:0.93", "cpe:/a:foolabs:xpdf:0.91a", "cpe:/a:poppler:poppler:0.11.2", "cpe:/a:poppler:poppler:0.14.2", "cpe:/a:poppler:poppler:0.14.0", "cpe:/a:poppler:poppler:0.13.0", "cpe:/a:glyphandcog:xpdfreader:0.7", "cpe:/a:glyphandcog:xpdfreader:2.01", "cpe:/a:glyphandcog:xpdfreader:1.00", "cpe:/a:glyphandcog:xpdfreader:2.03", "cpe:/a:poppler:poppler:0.14.4", "cpe:/a:foolabs:xpdf:0.93c", "cpe:/a:foolabs:xpdf:0.92c", "cpe:/a:poppler:poppler:0.11.0", "cpe:/a:glyphandcog:xpdfreader:2.02", "cpe:/a:poppler:poppler:0.10.0", "cpe:/a:glyphandcog:xpdfreader:2.00", "cpe:/a:foolabs:xpdf:0.93a", "cpe:/a:poppler:poppler:0.14.3", "cpe:/a:poppler:poppler:0.12.1", "cpe:/a:poppler:poppler:0.10.3", "cpe:/a:poppler:poppler:0.13.1", "cpe:/a:poppler:poppler:0.12.2", "cpe:/a:foolabs:xpdf:0.92e", "cpe:/a:poppler:poppler:0.14.1", "cpe:/a:poppler:poppler:0.9.0", "cpe:/a:foolabs:xpdf:0.92d", "cpe:/a:glyphandcog:xpdfreader:0.92", "cpe:/a:foolabs:xpdf:0.7a", "cpe:/a:poppler:poppler:0.13.2", "cpe:/a:poppler:poppler:0.11.1", "cpe:/a:poppler:poppler:0.10.4", "cpe:/a:poppler:poppler:0.15.0", "cpe:/a:poppler:poppler:0.10.7", "cpe:/a:glyphandcog:xpdfreader:0.80", "cpe:/a:poppler:poppler:0.13.4", "cpe:/a:poppler:poppler:0.8.7", "cpe:/a:glyphandcog:xpdfreader:1.01", "cpe:/a:glyphandcog:xpdfreader:3.00", "cpe:/a:foolabs:xpdf:3.02pl2", "cpe:/a:glyphandcog:xpdfreader:0.90", "cpe:/a:poppler:poppler:0.12.4", "cpe:/a:poppler:poppler:0.9.2", "cpe:/a:foolabs:xpdf:0.5a", "cpe:/a:foolabs:xpdf:3.0.1", "cpe:/a:glyphandcog:xpdfreader:0.2"], "id": "CVE-2010-3704", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3704", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdegraphics:*:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-18T11:04:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "Check for the Version of poppler", "modified": "2018-01-17T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:1361412562310862593", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862593", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2010-15857", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for poppler FEDORA-2010-15857\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"poppler on Fedora 14\";\ntag_insight = \"Poppler, a PDF rendering library, is a fork of the xpdf PDF\n viewer developed by Derek Noonburg of Glyph and Cog, LLC.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862593\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-15857\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\", \"CVE-2010-3703\");\n script_name(\"Fedora Update for poppler FEDORA-2010-15857\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.14.4~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-324-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231068674", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068674", "type": "openvas", "title": "Slackware Advisory SSA:2010-324-02 poppler", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_324_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68674\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2010-324-02 poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2|13\\.0|13\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-324-02\");\n\n script_tag(name:\"insight\", value:\"New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2010-324-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"poppler\", ver:\"0.6.2-i486-3_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"poppler\", ver:\"0.6.4-i486-3_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"poppler\", ver:\"0.8.5-i486-4_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"poppler\", ver:\"0.10.7-i486-3_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"poppler\", ver:\"0.12.4-i486-2_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-17T11:05:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "Check for the Version of poppler", "modified": "2018-01-16T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:1361412562310862460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862460", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2010-15911", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for poppler FEDORA-2010-15911\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"poppler on Fedora 13\";\ntag_insight = \"Poppler, a PDF rendering library, is a fork of the xpdf PDF\n viewer developed by Derek Noonburg of Glyph and Cog, LLC.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862460\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-15911\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_name(\"Fedora Update for poppler FEDORA-2010-15911\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.12.4~6.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "Check for the Version of poppler", "modified": "2017-12-25T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:831246", "href": "http://plugins.openvas.org/nasl.php?oid=831246", "type": "openvas", "title": "Mandriva Update for poppler MDVSA-2010:231 (poppler)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for poppler MDVSA-2010:231 (poppler)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in poppler:\n\n The Gfx::getPos function in the PDF parser in poppler, allows\n context-dependent attackers to cause a denial of service (crash)\n via unknown vectors that trigger an uninitialized pointer dereference\n (CVE-2010-3702).\n \n The PostScriptFunction::PostScriptFunction function in\n poppler/Function.cc in the PDF parser in poppler, allows\n context-dependent attackers to cause a denial of service (crash)\n via a PDF file that triggers an uninitialized pointer dereference\n (CVE-2010-3703).\n \n The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser\n in poppler, allows context-dependent attackers to cause a denial\n of service (crash) and possibly execute arbitrary code via a PDF\n file with a crafted Type1 font that contains a negative array index,\n which bypasses input validation and which triggers memory corruption\n (CVE-2010-3704).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"poppler on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00024.php\");\n script_id(831246);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:231\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_name(\"Mandriva Update for poppler MDVSA-2010:231 (poppler)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler5\", rpm:\"libpoppler5~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib4\", rpm:\"libpoppler-glib4~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler5\", rpm:\"lib64poppler5~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib4\", rpm:\"lib64poppler-glib4~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.12.4~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler5\", rpm:\"libpoppler5~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib4\", rpm:\"libpoppler-glib4~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler5\", rpm:\"lib64poppler5~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib4\", rpm:\"lib64poppler-glib4~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.12.4~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-324-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231068675", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068675", "type": "openvas", "title": "Slackware Advisory SSA:2010-324-01 xpdf", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_324_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68675\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2010-324-01 xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1|12\\.2|13\\.0|13\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-324-01\");\n\n script_tag(name:\"insight\", value:\"New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,\n12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2010-324-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-08T12:54:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "Check for the Version of poppler", "modified": "2018-01-05T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:1361412562310862467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862467", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2010-15981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for poppler FEDORA-2010-15981\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"poppler on Fedora 12\";\ntag_insight = \"Poppler, a PDF rendering library, is a fork of the xpdf PDF\n viewer developed by Derek Noonburg of Glyph and Cog, LLC.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862467\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-15981\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_name(\"Fedora Update for poppler FEDORA-2010-15981\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.12.4~5.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:58:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "Check for the Version of poppler", "modified": "2017-12-18T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:862467", "href": "http://plugins.openvas.org/nasl.php?oid=862467", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2010-15981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for poppler FEDORA-2010-15981\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"poppler on Fedora 12\";\ntag_insight = \"Poppler, a PDF rendering library, is a fork of the xpdf PDF\n viewer developed by Derek Noonburg of Glyph and Cog, LLC.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html\");\n script_id(862467);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-15981\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_name(\"Fedora Update for poppler FEDORA-2010-15981\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.12.4~5.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "Check for the Version of poppler", "modified": "2017-12-20T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862593", "href": "http://plugins.openvas.org/nasl.php?oid=862593", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2010-15857", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for poppler FEDORA-2010-15857\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"poppler on Fedora 14\";\ntag_insight = \"Poppler, a PDF rendering library, is a fork of the xpdf PDF\n viewer developed by Derek Noonburg of Glyph and Cog, LLC.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html\");\n script_id(862593);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-15857\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\", \"CVE-2010-3703\");\n script_name(\"Fedora Update for poppler FEDORA-2010-15857\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.14.4~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:17:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "Check for the Version of poppler", "modified": "2017-12-19T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:862460", "href": "http://plugins.openvas.org/nasl.php?oid=862460", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2010-15911", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for poppler FEDORA-2010-15911\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"poppler on Fedora 13\";\ntag_insight = \"Poppler, a PDF rendering library, is a fork of the xpdf PDF\n viewer developed by Derek Noonburg of Glyph and Cog, LLC.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html\");\n script_id(862460);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-15911\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_name(\"Fedora Update for poppler FEDORA-2010-15911\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.12.4~6.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-324-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:68675", "href": "http://plugins.openvas.org/nasl.php?oid=68675", "type": "openvas", "title": "Slackware Advisory SSA:2010-324-01 xpdf ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_324_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,\n12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2010-324-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-324-01\";\n \nif(description)\n{\n script_id(68675);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2010-324-01 xpdf \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl5-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-17T14:13:24", "description": "Specially crafted PDF files could crash poppler or potentially even\ncause execution of arbitrary code (CVE-2010-3702 / CVE-2010-3703 /\nCVE-2010-3704). This has been fixed.", "edition": 23, "published": "2011-01-21T00:00:00", "title": "SuSE 11.1 Security Update : libpoppler (SAT Patch Number 3338)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2011-01-21T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libpoppler-qt4-3", "p-cpe:/a:novell:suse_linux:11:libpoppler5", "p-cpe:/a:novell:suse_linux:11:poppler-tools", "p-cpe:/a:novell:suse_linux:11:libpoppler-glib4"], "id": "SUSE_11_LIBPOPPLER-DEVEL-101017.NASL", "href": "https://www.tenable.com/plugins/nessus/51622", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51622);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n\n script_name(english:\"SuSE 11.1 Security Update : libpoppler (SAT Patch Number 3338)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could crash poppler or potentially even\ncause execution of arbitrary code (CVE-2010-3702 / CVE-2010-3703 /\nCVE-2010-3704). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3702.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3703.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3704.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3338.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpoppler-glib4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpoppler-qt4-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpoppler5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:poppler-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libpoppler-glib4-0.12.3-1.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libpoppler-qt4-3-0.12.3-1.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libpoppler5-0.12.3-1.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpoppler-glib4-0.12.3-1.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpoppler-qt4-3-0.12.3-1.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpoppler5-0.12.3-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libpoppler-glib4-0.12.3-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libpoppler-qt4-3-0.12.3-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libpoppler5-0.12.3-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"poppler-tools-0.12.3-1.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:47:23", "description": "A specially crafted PDF files could crash xpdf or potentially even\ncause execution of arbitrary code. (CVE-2010-3702 / CVE-2010-3703 /\nCVE-2010-3704)", "edition": 23, "published": "2010-12-23T00:00:00", "title": "SuSE 10 Security Update : xpdf (ZYPP Patch Number 7190)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2010-12-23T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_XPDF-7190.NASL", "href": "https://www.tenable.com/plugins/nessus/51365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51365);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n\n script_name(english:\"SuSE 10 Security Update : xpdf (ZYPP Patch Number 7190)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A specially crafted PDF files could crash xpdf or potentially even\ncause execution of arbitrary code. (CVE-2010-3702 / CVE-2010-3703 /\nCVE-2010-3704)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3702.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3703.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3704.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7190.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"xpdf-tools-3.01-21.24.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"xpdf-tools-3.01-21.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:08:18", "description": "Updated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX operating systems. The CUPS 'pdftops' filter converts\nPortable Document Format (PDF) files to PostScript.\n\nAn uninitialized pointer use flaw was discovered in the CUPS 'pdftops'\nfilter. An attacker could create a malicious PDF file that, when\nprinted, would cause 'pdftops' to crash or, potentially, execute\narbitrary code as the 'lp' user. (CVE-2010-3702)\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing\nthis update, the cupsd daemon will be restarted automatically.", "edition": 27, "published": "2010-10-08T00:00:00", "title": "RHEL 3 : cups (RHSA-2010:0754)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2010-10-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:cups-devel", "p-cpe:/a:redhat:enterprise_linux:cups", "p-cpe:/a:redhat:enterprise_linux:cups-libs"], "id": "REDHAT-RHSA-2010-0754.NASL", "href": "https://www.tenable.com/plugins/nessus/49801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0754. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49801);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_xref(name:\"RHSA\", value:\"2010:0754\");\n\n script_name(english:\"RHEL 3 : cups (RHSA-2010:0754)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX operating systems. The CUPS 'pdftops' filter converts\nPortable Document Format (PDF) files to PostScript.\n\nAn uninitialized pointer use flaw was discovered in the CUPS 'pdftops'\nfilter. An attacker could create a malicious PDF file that, when\nprinted, would cause 'pdftops' to crash or, potentially, execute\narbitrary code as the 'lp' user. (CVE-2010-3702)\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing\nthis update, the cupsd daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0754\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cups, cups-devel and / or cups-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0754\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"cups-1.1.17-13.3.70\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"cups-devel-1.1.17-13.3.70\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"cups-libs-1.1.17-13.3.70\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:08:29", "description": "Updated poppler packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nTwo uninitialized pointer use flaws were discovered in poppler. An\nattacker could create a malicious PDF file that, when opened, would\ncause applications that use poppler (such as Evince) to crash or,\npotentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703)\n\nAn array index error was found in the way poppler parsed PostScript\nType 1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause applications that\nuse poppler (such as Evince) to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "edition": 27, "published": "2010-11-18T00:00:00", "title": "RHEL 6 : poppler (RHSA-2010:0859)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2010-11-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:poppler-debuginfo", "p-cpe:/a:redhat:enterprise_linux:poppler-utils", "p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-qt4", "p-cpe:/a:redhat:enterprise_linux:poppler-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-qt4-devel", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:poppler-qt-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-qt", "p-cpe:/a:redhat:enterprise_linux:poppler", "cpe:/o:redhat:enterprise_linux:6.0", "p-cpe:/a:redhat:enterprise_linux:poppler-glib"], "id": "REDHAT-RHSA-2010-0859.NASL", "href": "https://www.tenable.com/plugins/nessus/50631", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0859. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50631);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_bugtraq_id(43594, 43841, 43845);\n script_xref(name:\"RHSA\", value:\"2010:0859\");\n\n script_name(english:\"RHEL 6 : poppler (RHSA-2010:0859)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated poppler packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nTwo uninitialized pointer use flaws were discovered in poppler. An\nattacker could create a malicious PDF file that, when opened, would\ncause applications that use poppler (such as Evince) to crash or,\npotentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703)\n\nAn array index error was found in the way poppler parsed PostScript\nType 1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause applications that\nuse poppler (such as Evince) to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0859\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0859\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"poppler-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"poppler-debuginfo-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"poppler-devel-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"poppler-glib-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"poppler-glib-devel-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"poppler-qt-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"poppler-qt-devel-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"poppler-qt4-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"poppler-qt4-devel-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"poppler-utils-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"poppler-utils-0.12.4-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"poppler-utils-0.12.4-3.el6_0.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-debuginfo / poppler-devel / poppler-glib / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:58", "description": "Multiple vulnerabilities were discovered and corrected in poppler :\n\nThe Gfx::getPos function in the PDF parser in poppler, allows\ncontext-dependent attackers to cause a denial of service (crash) via\nunknown vectors that trigger an uninitialized pointer dereference\n(CVE-2010-3702).\n\nThe PostScriptFunction::PostScriptFunction function in\npoppler/Function.cc in the PDF parser in poppler, allows\ncontext-dependent attackers to cause a denial of service (crash) via a\nPDF file that triggers an uninitialized pointer dereference\n(CVE-2010-3703).\n\nThe FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser\nin poppler, allows context-dependent attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a PDF file\nwith a crafted Type1 font that contains a negative array index, which\nbypasses input validation and which triggers memory corruption\n(CVE-2010-3704).\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2010-11-14T00:00:00", "title": "Mandriva Linux Security Advisory : poppler (MDVSA-2010:231)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2010-11-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libpoppler-qt4-devel", "p-cpe:/a:mandriva:linux:lib64poppler-qt2", "p-cpe:/a:mandriva:linux:libpoppler-devel", "p-cpe:/a:mandriva:linux:lib64poppler-qt4-3", "p-cpe:/a:mandriva:linux:libpoppler-qt2", "p-cpe:/a:mandriva:linux:libpoppler-glib-devel", "p-cpe:/a:mandriva:linux:lib64poppler-devel", "p-cpe:/a:mandriva:linux:lib64poppler-glib4", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64poppler5", "p-cpe:/a:mandriva:linux:libpoppler-glib4", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:libpoppler5", "p-cpe:/a:mandriva:linux:lib64poppler-glib-devel", "p-cpe:/a:mandriva:linux:libpoppler-qt4-3", "p-cpe:/a:mandriva:linux:poppler", "p-cpe:/a:mandriva:linux:lib64poppler-qt-devel", "p-cpe:/a:mandriva:linux:libpoppler-qt-devel", "p-cpe:/a:mandriva:linux:lib64poppler-qt4-devel"], "id": "MANDRIVA_MDVSA-2010-231.NASL", "href": "https://www.tenable.com/plugins/nessus/50583", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:231. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50583);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_bugtraq_id(43594, 43841, 43845);\n script_xref(name:\"MDVSA\", value:\"2010:231\");\n\n script_name(english:\"Mandriva Linux Security Advisory : poppler (MDVSA-2010:231)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered and corrected in poppler :\n\nThe Gfx::getPos function in the PDF parser in poppler, allows\ncontext-dependent attackers to cause a denial of service (crash) via\nunknown vectors that trigger an uninitialized pointer dereference\n(CVE-2010-3702).\n\nThe PostScriptFunction::PostScriptFunction function in\npoppler/Function.cc in the PDF parser in poppler, allows\ncontext-dependent attackers to cause a denial of service (crash) via a\nPDF file that triggers an uninitialized pointer dereference\n(CVE-2010-3703).\n\nThe FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser\nin poppler, allows context-dependent attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a PDF file\nwith a crafted Type1 font that contains a negative array index, which\nbypasses input validation and which triggers memory corruption\n(CVE-2010-3704).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-glib4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-qt2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-qt4-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-qt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-glib4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-qt2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-qt4-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-qt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64poppler-devel-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64poppler-glib-devel-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64poppler-glib4-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64poppler-qt-devel-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64poppler-qt2-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64poppler-qt4-3-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64poppler-qt4-devel-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64poppler5-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpoppler-devel-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpoppler-glib-devel-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpoppler-glib4-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpoppler-qt-devel-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpoppler-qt2-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpoppler-qt4-3-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpoppler-qt4-devel-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpoppler5-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"poppler-0.12.4-1.2mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64poppler-devel-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64poppler-glib-devel-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64poppler-glib4-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64poppler-qt-devel-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64poppler-qt2-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64poppler-qt4-3-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64poppler-qt4-devel-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64poppler5-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpoppler-devel-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpoppler-glib-devel-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpoppler-glib4-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpoppler-qt-devel-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpoppler-qt2-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpoppler-qt4-3-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpoppler-qt4-devel-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpoppler5-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"poppler-0.12.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:26:40", "description": "An updated xpdf package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nXpdf is an X Window System based viewer for Portable Document Format\n(PDF) files.\n\nAn uninitialized pointer use flaw was discovered in Xpdf. An attacker\ncould create a malicious PDF file that, when opened, would cause Xpdf\nto crash or, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way Xpdf parsed PostScript Type\n1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause Xpdf to crash or,\npotentially, execute arbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.", "edition": 26, "published": "2010-10-11T00:00:00", "title": "CentOS 4 : xpdf (CESA-2010:0751)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2010-10-11T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xpdf", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2010-0751.NASL", "href": "https://www.tenable.com/plugins/nessus/49810", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0751 and \n# CentOS Errata and Security Advisory 2010:0751 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49810);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_xref(name:\"RHSA\", value:\"2010:0751\");\n\n script_name(english:\"CentOS 4 : xpdf (CESA-2010:0751)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xpdf package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nXpdf is an X Window System based viewer for Portable Document Format\n(PDF) files.\n\nAn uninitialized pointer use flaw was discovered in Xpdf. An attacker\ncould create a malicious PDF file that, when opened, would cause Xpdf\nto crash or, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way Xpdf parsed PostScript Type\n1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause Xpdf to crash or,\npotentially, execute arbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017047.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c89eee45\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017048.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e628bde\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"xpdf-3.00-24.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"xpdf-3.00-24.el4_8.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:45:24", "description": "From Red Hat Security Advisory 2010:0754 :\n\nUpdated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX operating systems. The CUPS 'pdftops' filter converts\nPortable Document Format (PDF) files to PostScript.\n\nAn uninitialized pointer use flaw was discovered in the CUPS 'pdftops'\nfilter. An attacker could create a malicious PDF file that, when\nprinted, would cause 'pdftops' to crash or, potentially, execute\narbitrary code as the 'lp' user. (CVE-2010-3702)\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing\nthis update, the cupsd daemon will be restarted automatically.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 : cups (ELSA-2010-0754)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:cups", "p-cpe:/a:oracle:linux:cups-libs", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:cups-devel"], "id": "ORACLELINUX_ELSA-2010-0754.NASL", "href": "https://www.tenable.com/plugins/nessus/68115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0754 and \n# Oracle Linux Security Advisory ELSA-2010-0754 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68115);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_xref(name:\"RHSA\", value:\"2010:0754\");\n\n script_name(english:\"Oracle Linux 3 : cups (ELSA-2010-0754)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0754 :\n\nUpdated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX operating systems. The CUPS 'pdftops' filter converts\nPortable Document Format (PDF) files to PostScript.\n\nAn uninitialized pointer use flaw was discovered in the CUPS 'pdftops'\nfilter. An attacker could create a malicious PDF file that, when\nprinted, would cause 'pdftops' to crash or, potentially, execute\narbitrary code as the 'lp' user. (CVE-2010-3702)\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing\nthis update, the cupsd daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001679.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"cups-1.1.17-13.3.70\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"cups-1.1.17-13.3.70\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"cups-devel-1.1.17-13.3.70\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"cups-devel-1.1.17-13.3.70\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"cups-libs-1.1.17-13.3.70\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"cups-libs-1.1.17-13.3.70\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:45:15", "description": "Two uninitialized pointer use flaws were discovered in poppler. An\nattacker could create a malicious PDF file that, when opened, would\ncause applications that use poppler (such as Evince) to crash or,\npotentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703)\n\nAn array index error was found in the way poppler parsed PostScript\nType 1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause applications that\nuse poppler (such as Evince) to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : poppler on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101110_POPPLER_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60896);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n\n script_name(english:\"Scientific Linux Security Update : poppler on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two uninitialized pointer use flaws were discovered in poppler. An\nattacker could create a malicious PDF file that, when opened, would\ncause applications that use poppler (such as Evince) to crash or,\npotentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703)\n\nAn array index error was found in the way poppler parsed PostScript\nType 1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause applications that\nuse poppler (such as Evince) to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=2095\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0883f417\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"poppler-0.12.4-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"poppler-devel-0.12.4-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"poppler-glib-0.12.4-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"poppler-glib-devel-0.12.4-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"poppler-qt-0.12.4-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"poppler-qt-devel-0.12.4-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"poppler-qt4-0.12.4-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"poppler-qt4-devel-0.12.4-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"poppler-utils-0.12.4-3.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:45:22", "description": "From Red Hat Security Advisory 2010:0749 :\n\nUpdated poppler packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nAn uninitialized pointer use flaw was discovered in poppler. An\nattacker could create a malicious PDF file that, when opened, would\ncause applications that use poppler (such as Evince) to crash or,\npotentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way poppler parsed PostScript\nType 1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause applications that\nuse poppler (such as Evince) to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : poppler (ELSA-2010-0749)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:poppler-utils", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:poppler-devel", "p-cpe:/a:oracle:linux:poppler"], "id": "ORACLELINUX_ELSA-2010-0749.NASL", "href": "https://www.tenable.com/plugins/nessus/68110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0749 and \n# Oracle Linux Security Advisory ELSA-2010-0749 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68110);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_xref(name:\"RHSA\", value:\"2010:0749\");\n\n script_name(english:\"Oracle Linux 5 : poppler (ELSA-2010-0749)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0749 :\n\nUpdated poppler packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nAn uninitialized pointer use flaw was discovered in poppler. An\nattacker could create a malicious PDF file that, when opened, would\ncause applications that use poppler (such as Evince) to crash or,\npotentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way poppler parsed PostScript\nType 1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause applications that\nuse poppler (such as Evince) to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001681.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"poppler-0.5.4-4.4.el5_5.14\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"poppler-devel-0.5.4-4.4.el5_5.14\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"poppler-utils-0.5.4-4.4.el5_5.14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-devel / poppler-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:10:35", "description": "New poppler packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, 13.1, and -current to fix security issues.", "edition": 23, "published": "2010-11-22T00:00:00", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : poppler (SSA:2010-324-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "modified": "2010-11-22T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "p-cpe:/a:slackware:slackware_linux:poppler", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2010-324-02.NASL", "href": "https://www.tenable.com/plugins/nessus/50661", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2010-324-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50661);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3703\", \"CVE-2010-3704\");\n script_bugtraq_id(43594, 43841, 43845);\n script_xref(name:\"SSA\", value:\"2010-324-02\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : poppler (SSA:2010-324-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New poppler packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, 13.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.475147\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f4c9020\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"poppler\", pkgver:\"0.6.2\", pkgarch:\"i486\", pkgnum:\"3_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"poppler\", pkgver:\"0.6.4\", pkgarch:\"i486\", pkgnum:\"3_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"poppler\", pkgver:\"0.8.5\", pkgarch:\"i486\", pkgnum:\"4_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"poppler\", pkgver:\"0.10.7\", pkgarch:\"i486\", pkgnum:\"3_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"poppler\", pkgver:\"0.10.7\", pkgarch:\"x86_64\", pkgnum:\"3_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"poppler\", pkgver:\"0.12.4\", pkgarch:\"i486\", pkgnum:\"2_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"poppler\", pkgver:\"0.12.4\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"poppler\", pkgver:\"0.14.5\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"poppler\", pkgver:\"0.14.5\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"], "description": "Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. ", "modified": "2010-10-19T07:09:48", "published": "2010-10-19T07:09:48", "id": "FEDORA:DC2AF110A87", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: poppler-0.12.4-5.fc12", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"], "description": "Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. ", "modified": "2010-10-19T07:02:34", "published": "2010-10-19T07:02:34", "id": "FEDORA:38D4B110845", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: poppler-0.12.4-6.fc13", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"], "description": "Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. ", "modified": "2010-10-15T12:39:06", "published": "2010-10-15T12:39:06", "id": "FEDORA:56E1811061A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: poppler-0.14.4-1.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "modified": "2010-11-04T23:47:08", "published": "2010-11-04T23:47:08", "id": "FEDORA:021DE1119B9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: xpdf-3.02-16.fc12", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:46", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "[0.12.4-3.el6.1]\n- Add poppler-0.12.4-CVE-2010-3702.patch\n (Properly initialize parser)\n- Add poppler-0.12.4-CVE-2010-3703.patch\n (Properly initialize stack)\n- Add poppler-0.12.4-CVE-2010-3704.patch\n (Fix crash in broken pdf (code < 0))\n- Resolves: #639859", "edition": 4, "modified": "2011-02-10T00:00:00", "published": "2011-02-10T00:00:00", "id": "ELSA-2010-0859", "href": "http://linux.oracle.com/errata/ELSA-2010-0859.html", "title": "poppler security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "[3.3.1-18.1]\n- Resolves: #639833\n CVE-2010-3702, uninitialized Gfx::parser pointer dereference\n CVE-2010-3704, array indexing error in FoFiType1::parse()", "edition": 4, "modified": "2010-10-07T00:00:00", "published": "2010-10-07T00:00:00", "id": "ELSA-2010-0753", "href": "http://linux.oracle.com/errata/ELSA-2010-0753.html", "title": "kdegraphics security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "[2.8.2-7.7.2.el4_8.7]\n- Add gpdf-2.8.2-CVE-2010-3702.patch\n (Properly initialize parser)\n- Add gpdf-2.8.2-CVE-2010-3704.patch\n (Fix crash in broken pdf (code < 0))\n- Resolves: #639831", "edition": 4, "modified": "2010-10-07T00:00:00", "published": "2010-10-07T00:00:00", "id": "ELSA-2010-0752", "href": "http://linux.oracle.com/errata/ELSA-2010-0752.html", "title": "gpdf security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-12-24T12:39:19", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"], "description": "New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,\n12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/xpdf-3.02pl5-i486-1_slack13.1.txz: Upgraded.\n This update fixes security issues that could lead to an\n application crash, or execution of arbitrary code.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xpdf-3.02pl5-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xpdf-3.02pl5-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xpdf-3.02pl5-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xpdf-3.02pl5-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/xpdf-3.02pl5-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/xpdf-3.02pl5-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xpdf-3.02pl5-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xpdf-3.02pl5-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xpdf-3.02pl5-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xpdf-3.02pl5-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xpdf-3.02pl5-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xpdf-3.02pl5-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-3.02pl5-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/xpdf-3.02pl5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 9.1 package:\ncf05aac7efc83bc523651043365c5d16 xpdf-3.02pl5-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\nfc1f628a79d69d7cc35230d3f3c1fcf3 xpdf-3.02pl5-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n88baf3efc0ae4d8df456747b88b2b24f xpdf-3.02pl5-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\nf0dbbd0e39c4988d6cbfaa2efd2cb13f xpdf-3.02pl5-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\na9a56f5aa92f46d1336b9df354282702 xpdf-3.02pl5-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\nc4c7463559d9dc9bdef951e05b3b1b0a xpdf-3.02pl5-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nadbfd59677c89ce989d97a4790790405 xpdf-3.02pl5-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nfe28a635d80e9f696060062afd112d61 xpdf-3.02pl5-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nc6159fe198546607bd7309e32c83aee6 xpdf-3.02pl5-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n1e5861575ffbdff9c575878e456f63cd xpdf-3.02pl5-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n282c6f3c27bb407ac182135f1ee332ee xpdf-3.02pl5-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndaa7b671daff28e6d08ba2979e72a04d xpdf-3.02pl5-x86_64-1_slack13.1.txz\n\nSlackware -current package:\n68e7b97ddac27515b6a619762707a3e2 xpdf-3.02pl5-i486-1.txz\n\nSlackware x86_64 -current package:\n8bd573e47dc333f74e1fa35dfefb18b2 xpdf-3.02pl5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xpdf-3.02pl5-i486-1_slack13.1.txz", "modified": "2010-11-21T00:20:46", "published": "2010-11-21T00:20:46", "id": "SSA-2010-324-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720", "type": "slackware", "title": "[slackware-security] xpdf", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-12-24T11:29:35", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"], "description": "Poppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nTwo uninitialized pointer use flaws were discovered in poppler. An attacker\ncould create a malicious PDF file that, when opened, would cause\napplications that use poppler (such as Evince) to crash or, potentially,\nexecute arbitrary code. (CVE-2010-3702, CVE-2010-3703)\n\nAn array index error was found in the way poppler parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause applications that use poppler (such as\nEvince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2018-06-06T20:24:21", "published": "2010-11-10T05:00:00", "id": "RHSA-2010:0859", "href": "https://access.redhat.com/errata/RHSA-2010:0859", "type": "redhat", "title": "(RHSA-2010:0859) Important: poppler security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T11:30:36", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "The kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nAn uninitialized pointer use flaw was discovered in KPDF. An attacker could\ncreate a malicious PDF file that, when opened, would cause KPDF to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way KPDF parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause KPDF to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2017-09-08T12:19:48", "published": "2010-10-07T04:00:00", "id": "RHSA-2010:0753", "href": "https://access.redhat.com/errata/RHSA-2010:0753", "type": "redhat", "title": "(RHSA-2010:0753) Important: kdegraphics security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T11:31:20", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nAn uninitialized pointer use flaw was discovered in Xpdf. An attacker could\ncreate a malicious PDF file that, when opened, would cause Xpdf to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way Xpdf parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause Xpdf to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\n", "modified": "2017-09-08T12:14:20", "published": "2010-10-07T04:00:00", "id": "RHSA-2010:0751", "href": "https://access.redhat.com/errata/RHSA-2010:0751", "type": "redhat", "title": "(RHSA-2010:0751) Important: xpdf security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-12-25T00:43:39", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "It was discovered that poppler contained multiple security issues when \nparsing malformed PDF documents. If a user or automated system were tricked \ninto opening a crafted PDF file, an attacker could cause a denial of \nservice or execute arbitrary code with privileges of the user invoking the \nprogram.", "edition": 6, "modified": "2010-10-19T00:00:00", "published": "2010-10-19T00:00:00", "id": "USN-1005-1", "href": "https://ubuntu.com/security/notices/USN-1005-1", "title": "poppler vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2116-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nOctober 12, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : poppler\r\nVulnerability : several\r\nProblem type : local(remote)\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2010-3702 CVE-2010-3704\r\nDebian Bug : 599165\r\n\r\nJoel Voss of Leviathan Security Group discovered two vulnerabilities in\r\nthe Poppler PDF rendering library, which may lead to the execution of\r\narbitrary code if a malformed PDF file is opened.\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 0.8.7-4.\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your poppler packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7.orig.tar.gz\r\n Size/MD5 checksum: 1469587 9af81429d6f8639c357a5eed25583365\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.diff.gz\r\n Size/MD5 checksum: 23876 219c5db15e7e0ad3ce01c45b5d2d17b5\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.dsc\r\n Size/MD5 checksum: 1481 a2d28a0e06fd0b226e9e87d88aab52e8\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 891456 eecf847b41f68e67cfa250c239ab95ff\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 220410 cdc18593a727b1a80279ad941a929dee\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 329946 83a82f4a995727adac2a9cbb19cd0705\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 303118 8407f059f1395ad93f765cdcf70f6246\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 180578 f625e16840c1262de1e33579bfff3e00\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 197172 2573621fc79b03251735690bfd818f5e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 1334994 5fbda5e9f2b3824d3d7ccbb1bcf000d0\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 3204616 7c7c37da8b894e462b2758524365ca46\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 234854 06e4977b32fb63577a918c110147e5f6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 452718 751233edf2ec85fd1e095893124f8909\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 184848 ed2abc9b1edd4cde56eb40b9b775cf45\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 1119492 16725109ae348df90c30896be4a0c5de\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 232702 2e7740b7098cd91493f178745b966d4a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 178414 497a3f7cbff9acdb0b01d58aae33415a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 358376 461a59da2c6b0c7531bba1a385f3607d\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 275318 3c6b86fb8a57e9f17fbe058a36fa426e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 314086 3381ccceeaa1d2727f331d92b59818dd\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 3148992 c1f76eb6ca390ef674647dc5def03c40\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 840444 bc302d9fba4a4469b0d1902f5bb9777e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 217654 7008780b0aea027507fb70fe7c55af15\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 390130 993386a0e413c10df447dc83ccb3ca15\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 184796 2e3eeb3b7a744a268dad95cae33d6146\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 3115978 784d8f1cef1f6536b979e6c52baedbd0\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 178194 8bc04420f3e45f0d9f0e2c70abe9f805\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 226694 e9cad6f85ee41ad40d6cf5cd4accc5aa\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 270650 d5bc5732bbe002e3db1425835848626f\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 341936 e13e6c29d90f909c81e0b06bdf131a61\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 1096786 1bbed300b089de228c0b9a5cc4d1a7f6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 807566 15887571376ee0d25fcf477ac4ba054f\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 208332 ba2da71c5d576f32ee449c3753c1d88f\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 376502 65ef8244fe39348d315e614cf7426b1d\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 3159364 c3cbc56f216c48097d3eeb6c82c59152\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 310866 499fdb8685258672067bd711d38d53c2\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 207870 47c4c9a9f3ee4e91d72b3641cf877a3e\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 222156 e8662e1b8c59263dbfa9da37821ee221\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 275450 8c1a9b503faa4dfb842f77aac3b78660\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 777258 23ed358ece8d5fa4bdedd7fd95d8da03\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 181942 9fa3482ceaa47cffc8ef0334ff2d8fd3\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 1108276 9440c768e0c36cd2679302707b3e67e3\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 174352 e14eacb00011d03aacbd3800a62c3527\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 180814 0fe3440213a0fdd89d1d3ab4abd52194\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 1259958 121e935f943029dabfb8fb5708ca4d95\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 929604 e2c0359a9bb9d2f43eba42cfb1176886\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 388818 4728fa9ca382f2b80ccf7029bfdd4930\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 291126 db34880c98215d5e21f41acdfe055793\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 335522 67002c10addbdc4b2ff52af23a8548c1\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 3140808 768379ef1d00c3eca85ff7a09e14daa4\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 234318 1e912fea114bde04f1dba3769ea85a2b\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 226170 d90e048a5bc7031a0b06ab78f371ba1f\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 187028 a1421ae135c80c12687c716600af4eba\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 214852 2151fc1bf2edcd9024a2b7e3bc6d2812\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 226704 7850919a3f4e701c055d84981eee435a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 344586 31464fea47dd982d178dded3b8a0369e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 312902 9a55130fc71c003c57838d039f253c9d\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 182014 100ffcdbd3e41ebcfddce2c68347ee41\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 3062702 fcf72afae54301e32b32241ffb38bfbe\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 1054138 dc8a52af5230ac661194de09addea31e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 813932 f288903f2a99aae4e23f4335329024fb\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 270452 7493a6c49962426bc37e2b475fc1a263\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 177914 d19365a8780fc7a032a95c3eb0637540\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 3107166 b8dcf25d1a0735feb8aae49c4b8d3ae8\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 424464 60fc005362e166276b37fc0a438da37e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 195428 db5e21ac097827853ff2afd6ac573dcc\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 353256 21471f96902a8592ab5d49cf3687ac64\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 1421918 6593d5c5a9e019ff879c4651fda95548\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 257344 bb5e9b6a70cfe567d2b98442db19cdef\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 302456 107b6620f804f3990141043599d292c7\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 233166 dd0b6f7bce2e07cba2c3a2019d7aada3\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 1074000 49e343bd8bf61d3709341f1c725f929b\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 184792 b8372aa7138ece28c62298a295211cbc\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 3232772 e150761ce9b858d1f3adc8c4b732f330\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 187832 b044fd59a07e9dcf6fadc769e4e39ab8\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 390558 1107be43d549eb458d80081f8cb6c5af\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 287574 10e5e71d729b6982b6ca10a4db3df19e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 177392 22b77e7afe8d572351860eceeae20a3a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 826186 c8a54dcce96f5098726f98e4a54b72f6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 1218220 dc0da0eec9ff021f7b37e268fcee258a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 302696 c30ddb1cd7560d32a8da06fe55b8c63c\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 227884 be03fda3a4b1c7f656afe2c0e96590d8\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 215390 416ee61ea77b5954ef9211d1ab813be7\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 804632 5b7002bdd5caf184563bac6e69090e0c\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 1200858 acfbc90bf29e9caeff4746b6c4f2d1e5\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 187282 0dfd8e6f6ff32a5a1473cfcbf3d32fb3\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 177102 b75ed90c14faaaeee0cc71d076d664d6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 288140 cc1bc2ca8a40c0a464ce2fae0911f97a\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 3123908 c0cfc81a0b3e16e995f90bd7a2c58342\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 231850 4c5b8a12a440b1386d8d23296a62fb56\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 214246 bd35cb49e05b44cd75473267598bd4a6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 386846 b071de784b773f3ddad53e56b45d3e40\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 300258 9856aa4a0f0072370ab44162da2d4d9a\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 360144 b8c7775745bb27aaa278578c3c99ecc9\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 3225134 ec377f8e7c8b42298859d34e075ffb07\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 222462 b7b82e4ad6a607bd1c9f8d18ccafc9b8\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 184852 92ad48c1d0b4f71ee5d9dff90da846d2\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 1182246 01f2fa2e9bbe1e890af3d522ea69ccd9\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 246580 ac0fe37e13e4b13daed8da4231542929\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 883168 76a6833fcf97d713bde4df8b32c45135\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 318274 83f904fb9939631d361647d002493b48\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 286030 87bd418c762f4852deb2f0ccf676e279\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 181404 8a890e062a3e57cbf05298afe3e80f8a\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 841442 3af0ff00c65d798264f3fcae4d3d4a01\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 218442 cff4034943d4bc73c6e25c44e818a03e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 279424 41af8fff9a31a67ff5348819767d38b2\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 182698 d0826f59f5b3a670425eb3a4a545dd0d\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 312902 a29c008538bca825e4adbd9d81c98966\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 177752 431d82e8cd6c132da74ad093dbcc7ba0\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 1122234 1ef35b74956ee14359f51462acb57106\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 229764 6f1f3aa05049d00acad3e6b30e6e0648\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 349904 03b490982f1212c160d336b936d91f87\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 3247406 c2e3ace3b947c9db715bba922e920597\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 311218 10ebf40bd6544ecfd1d5c14012bc2333\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 3010294 25ed84792d1322113d88d7d86875a505\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 823558 b249aa0aca98b8194d82dc5099cd4660\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 177016 6ca62885f918c19fb6dd3853e4d9f47d\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 274862 d9959778df605e6242c8a869fe0933c1\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 1077730 33624d329997fad4abfec6228e7bcaa4\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 182754 6392ee52ee09d7140f33d93dca41ea09\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 349128 4fdac4cf89006eef1554f41fa34258d2\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 227040 16627c2e2b817e6279f2ed429394cf81\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 214664 50e728e424d503059a2aa6c8575a06eb\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAky0tz0ACgkQXm3vHE4uylpDsACg6F/E0X86/Udl77b4ieidLmEc\r\nmdcAnRd9H+VW3w31XtBCmVoLRCv3WqeC\r\n=2p/a\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-10-13T00:00:00", "published": "2010-10-13T00:00:00", "id": "SECURITYVULNS:DOC:24911", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24911", "title": "[SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2020-12-24T14:32:39", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0753\n\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nAn uninitialized pointer use flaw was discovered in KPDF. An attacker could\ncreate a malicious PDF file that, when opened, would cause KPDF to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way KPDF parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause KPDF to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029091.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029092.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029099.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029100.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0753.html", "edition": 4, "modified": "2010-10-10T23:01:17", "published": "2010-10-09T22:16:28", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029091.html", "id": "CESA-2010:0753", "title": "kdegraphics security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:35:59", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0752\n\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nAn uninitialized pointer use flaw was discovered in GPdf. An attacker could\ncreate a malicious PDF file that, when opened, would cause GPdf to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way GPdf parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause GPdf to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029087.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029088.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0752.html", "edition": 4, "modified": "2010-10-09T22:11:41", "published": "2010-10-09T22:11:24", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029087.html", "id": "CESA-2010:0752", "title": "gpdf security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-12-24T13:18:56", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2135-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 21, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xpdf\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-3702 CVE-2010-3704\n\nJoel Voss of Leviathan Security Group discovered two vulnerabilities\nin xpdf rendering engine, which may lead to the execution of arbitrary\ncode if a malformed PDF file is opened.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.02-1.4+lenny3.\n\nFor the upcoming stable distribution (squeeze) and the unstable \ndistribution (sid), these problems don't apply, since xpdf has been \npatched to use the Poppler PDF library.\n\nWe recommend that you upgrade your poppler packages.\n\nUpgrade instructions\n- --------------------\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 4, "modified": "2010-12-21T17:34:51", "published": "2010-12-21T17:34:51", "id": "DEBIAN:DSA-2135-1:65DF2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00186.html", "title": "[SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T13:25:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2116-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 12, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : poppler\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-3702 CVE-2010-3704\nDebian Bug : 599165\n\nJoel Voss of Leviathan Security Group discovered two vulnerabilities in\nthe Poppler PDF rendering library, which may lead to the execution of\narbitrary code if a malformed PDF file is opened.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your poppler packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7.orig.tar.gz\n Size/MD5 checksum: 1469587 9af81429d6f8639c357a5eed25583365\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.diff.gz\n Size/MD5 checksum: 23876 219c5db15e7e0ad3ce01c45b5d2d17b5\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.dsc\n Size/MD5 checksum: 1481 a2d28a0e06fd0b226e9e87d88aab52e8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_alpha.deb\n Size/MD5 checksum: 891456 eecf847b41f68e67cfa250c239ab95ff\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_alpha.deb\n Size/MD5 checksum: 220410 cdc18593a727b1a80279ad941a929dee\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_alpha.deb\n Size/MD5 checksum: 329946 83a82f4a995727adac2a9cbb19cd0705\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_alpha.deb\n Size/MD5 checksum: 303118 8407f059f1395ad93f765cdcf70f6246\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_alpha.deb\n Size/MD5 checksum: 180578 f625e16840c1262de1e33579bfff3e00\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_alpha.deb\n Size/MD5 checksum: 197172 2573621fc79b03251735690bfd818f5e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_alpha.deb\n Size/MD5 checksum: 1334994 5fbda5e9f2b3824d3d7ccbb1bcf000d0\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_alpha.deb\n Size/MD5 checksum: 3204616 7c7c37da8b894e462b2758524365ca46\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_alpha.deb\n Size/MD5 checksum: 234854 06e4977b32fb63577a918c110147e5f6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_alpha.deb\n Size/MD5 checksum: 452718 751233edf2ec85fd1e095893124f8909\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_amd64.deb\n Size/MD5 checksum: 184848 ed2abc9b1edd4cde56eb40b9b775cf45\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_amd64.deb\n Size/MD5 checksum: 1119492 16725109ae348df90c30896be4a0c5de\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_amd64.deb\n Size/MD5 checksum: 232702 2e7740b7098cd91493f178745b966d4a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_amd64.deb\n Size/MD5 checksum: 178414 497a3f7cbff9acdb0b01d58aae33415a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_amd64.deb\n Size/MD5 checksum: 358376 461a59da2c6b0c7531bba1a385f3607d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_amd64.deb\n Size/MD5 checksum: 275318 3c6b86fb8a57e9f17fbe058a36fa426e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_amd64.deb\n Size/MD5 checksum: 314086 3381ccceeaa1d2727f331d92b59818dd\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_amd64.deb\n Size/MD5 checksum: 3148992 c1f76eb6ca390ef674647dc5def03c40\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_amd64.deb\n Size/MD5 checksum: 840444 bc302d9fba4a4469b0d1902f5bb9777e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_amd64.deb\n Size/MD5 checksum: 217654 7008780b0aea027507fb70fe7c55af15\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_arm.deb\n Size/MD5 checksum: 390130 993386a0e413c10df447dc83ccb3ca15\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_arm.deb\n Size/MD5 checksum: 184796 2e3eeb3b7a744a268dad95cae33d6146\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_arm.deb\n Size/MD5 checksum: 3115978 784d8f1cef1f6536b979e6c52baedbd0\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_arm.deb\n Size/MD5 checksum: 178194 8bc04420f3e45f0d9f0e2c70abe9f805\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_arm.deb\n Size/MD5 checksum: 226694 e9cad6f85ee41ad40d6cf5cd4accc5aa\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_arm.deb\n Size/MD5 checksum: 270650 d5bc5732bbe002e3db1425835848626f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_arm.deb\n Size/MD5 checksum: 341936 e13e6c29d90f909c81e0b06bdf131a61\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_arm.deb\n Size/MD5 checksum: 1096786 1bbed300b089de228c0b9a5cc4d1a7f6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_arm.deb\n Size/MD5 checksum: 807566 15887571376ee0d25fcf477ac4ba054f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_arm.deb\n Size/MD5 checksum: 208332 ba2da71c5d576f32ee449c3753c1d88f\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_armel.deb\n Size/MD5 checksum: 376502 65ef8244fe39348d315e614cf7426b1d\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_armel.deb\n Size/MD5 checksum: 3159364 c3cbc56f216c48097d3eeb6c82c59152\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_armel.deb\n Size/MD5 checksum: 310866 499fdb8685258672067bd711d38d53c2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_armel.deb\n Size/MD5 checksum: 207870 47c4c9a9f3ee4e91d72b3641cf877a3e\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_armel.deb\n Size/MD5 checksum: 222156 e8662e1b8c59263dbfa9da37821ee221\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_armel.deb\n Size/MD5 checksum: 275450 8c1a9b503faa4dfb842f77aac3b78660\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_armel.deb\n Size/MD5 checksum: 777258 23ed358ece8d5fa4bdedd7fd95d8da03\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_armel.deb\n Size/MD5 checksum: 181942 9fa3482ceaa47cffc8ef0334ff2d8fd3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_armel.deb\n Size/MD5 checksum: 1108276 9440c768e0c36cd2679302707b3e67e3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_armel.deb\n Size/MD5 checksum: 174352 e14eacb00011d03aacbd3800a62c3527\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_hppa.deb\n Size/MD5 checksum: 180814 0fe3440213a0fdd89d1d3ab4abd52194\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_hppa.deb\n Size/MD5 checksum: 1259958 121e935f943029dabfb8fb5708ca4d95\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_hppa.deb\n Size/MD5 checksum: 929604 e2c0359a9bb9d2f43eba42cfb1176886\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_hppa.deb\n Size/MD5 checksum: 388818 4728fa9ca382f2b80ccf7029bfdd4930\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_hppa.deb\n Size/MD5 checksum: 291126 db34880c98215d5e21f41acdfe055793\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_hppa.deb\n Size/MD5 checksum: 335522 67002c10addbdc4b2ff52af23a8548c1\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_hppa.deb\n Size/MD5 checksum: 3140808 768379ef1d00c3eca85ff7a09e14daa4\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_hppa.deb\n Size/MD5 checksum: 234318 1e912fea114bde04f1dba3769ea85a2b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_hppa.deb\n Size/MD5 checksum: 226170 d90e048a5bc7031a0b06ab78f371ba1f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_hppa.deb\n Size/MD5 checksum: 187028 a1421ae135c80c12687c716600af4eba\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_i386.deb\n Size/MD5 checksum: 214852 2151fc1bf2edcd9024a2b7e3bc6d2812\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_i386.deb\n Size/MD5 checksum: 226704 7850919a3f4e701c055d84981eee435a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_i386.deb\n Size/MD5 checksum: 344586 31464fea47dd982d178dded3b8a0369e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_i386.deb\n Size/MD5 checksum: 312902 9a55130fc71c003c57838d039f253c9d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_i386.deb\n Size/MD5 checksum: 182014 100ffcdbd3e41ebcfddce2c68347ee41\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_i386.deb\n Size/MD5 checksum: 3062702 fcf72afae54301e32b32241ffb38bfbe\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_i386.deb\n Size/MD5 checksum: 1054138 dc8a52af5230ac661194de09addea31e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_i386.deb\n Size/MD5 checksum: 813932 f288903f2a99aae4e23f4335329024fb\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_i386.deb\n Size/MD5 checksum: 270452 7493a6c49962426bc37e2b475fc1a263\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_i386.deb\n Size/MD5 checksum: 177914 d19365a8780fc7a032a95c3eb0637540\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_ia64.deb\n Size/MD5 checksum: 3107166 b8dcf25d1a0735feb8aae49c4b8d3ae8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_ia64.deb\n Size/MD5 checksum: 424464 60fc005362e166276b37fc0a438da37e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_ia64.deb\n Size/MD5 checksum: 195428 db5e21ac097827853ff2afd6ac573dcc\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_ia64.deb\n Size/MD5 checksum: 353256 21471f96902a8592ab5d49cf3687ac64\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_ia64.deb\n Size/MD5 checksum: 1421918 6593d5c5a9e019ff879c4651fda95548\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_ia64.deb\n Size/MD5 checksum: 257344 bb5e9b6a70cfe567d2b98442db19cdef\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_ia64.deb\n Size/MD5 checksum: 302456 107b6620f804f3990141043599d292c7\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_ia64.deb\n Size/MD5 checksum: 233166 dd0b6f7bce2e07cba2c3a2019d7aada3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_ia64.deb\n Size/MD5 checksum: 1074000 49e343bd8bf61d3709341f1c725f929b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_ia64.deb\n Size/MD5 checksum: 184792 b8372aa7138ece28c62298a295211cbc\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mips.deb\n Size/MD5 checksum: 3232772 e150761ce9b858d1f3adc8c4b732f330\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mips.deb\n Size/MD5 checksum: 187832 b044fd59a07e9dcf6fadc769e4e39ab8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mips.deb\n Size/MD5 checksum: 390558 1107be43d549eb458d80081f8cb6c5af\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mips.deb\n Size/MD5 checksum: 287574 10e5e71d729b6982b6ca10a4db3df19e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mips.deb\n Size/MD5 checksum: 177392 22b77e7afe8d572351860eceeae20a3a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mips.deb\n Size/MD5 checksum: 826186 c8a54dcce96f5098726f98e4a54b72f6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mips.deb\n Size/MD5 checksum: 1218220 dc0da0eec9ff021f7b37e268fcee258a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mips.deb\n Size/MD5 checksum: 302696 c30ddb1cd7560d32a8da06fe55b8c63c\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mips.deb\n Size/MD5 checksum: 227884 be03fda3a4b1c7f656afe2c0e96590d8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mips.deb\n Size/MD5 checksum: 215390 416ee61ea77b5954ef9211d1ab813be7\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 804632 5b7002bdd5caf184563bac6e69090e0c\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 1200858 acfbc90bf29e9caeff4746b6c4f2d1e5\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 187282 0dfd8e6f6ff32a5a1473cfcbf3d32fb3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 177102 b75ed90c14faaaeee0cc71d076d664d6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 288140 cc1bc2ca8a40c0a464ce2fae0911f97a\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 3123908 c0cfc81a0b3e16e995f90bd7a2c58342\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 231850 4c5b8a12a440b1386d8d23296a62fb56\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 214246 bd35cb49e05b44cd75473267598bd4a6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 386846 b071de784b773f3ddad53e56b45d3e40\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 300258 9856aa4a0f0072370ab44162da2d4d9a\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 360144 b8c7775745bb27aaa278578c3c99ecc9\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 3225134 ec377f8e7c8b42298859d34e075ffb07\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 222462 b7b82e4ad6a607bd1c9f8d18ccafc9b8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 184852 92ad48c1d0b4f71ee5d9dff90da846d2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 1182246 01f2fa2e9bbe1e890af3d522ea69ccd9\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 246580 ac0fe37e13e4b13daed8da4231542929\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 883168 76a6833fcf97d713bde4df8b32c45135\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 318274 83f904fb9939631d361647d002493b48\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 286030 87bd418c762f4852deb2f0ccf676e279\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 181404 8a890e062a3e57cbf05298afe3e80f8a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_s390.deb\n Size/MD5 checksum: 841442 3af0ff00c65d798264f3fcae4d3d4a01\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_s390.deb\n Size/MD5 checksum: 218442 cff4034943d4bc73c6e25c44e818a03e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_s390.deb\n Size/MD5 checksum: 279424 41af8fff9a31a67ff5348819767d38b2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_s390.deb\n Size/MD5 checksum: 182698 d0826f59f5b3a670425eb3a4a545dd0d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_s390.deb\n Size/MD5 checksum: 312902 a29c008538bca825e4adbd9d81c98966\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_s390.deb\n Size/MD5 checksum: 177752 431d82e8cd6c132da74ad093dbcc7ba0\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_s390.deb\n Size/MD5 checksum: 1122234 1ef35b74956ee14359f51462acb57106\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_s390.deb\n Size/MD5 checksum: 229764 6f1f3aa05049d00acad3e6b30e6e0648\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_s390.deb\n Size/MD5 checksum: 349904 03b490982f1212c160d336b936d91f87\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_s390.deb\n Size/MD5 checksum: 3247406 c2e3ace3b947c9db715bba922e920597\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_sparc.deb\n Size/MD5 checksum: 311218 10ebf40bd6544ecfd1d5c14012bc2333\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_sparc.deb\n Size/MD5 checksum: 3010294 25ed84792d1322113d88d7d86875a505\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_sparc.deb\n Size/MD5 checksum: 823558 b249aa0aca98b8194d82dc5099cd4660\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_sparc.deb\n Size/MD5 checksum: 177016 6ca62885f918c19fb6dd3853e4d9f47d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_sparc.deb\n Size/MD5 checksum: 274862 d9959778df605e6242c8a869fe0933c1\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_sparc.deb\n Size/MD5 checksum: 1077730 33624d329997fad4abfec6228e7bcaa4\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_sparc.deb\n Size/MD5 checksum: 182754 6392ee52ee09d7140f33d93dca41ea09\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_sparc.deb\n Size/MD5 checksum: 349128 4fdac4cf89006eef1554f41fa34258d2\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_sparc.deb\n Size/MD5 checksum: 227040 16627c2e2b817e6279f2ed429394cf81\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_sparc.deb\n Size/MD5 checksum: 214664 50e728e424d503059a2aa6c8575a06eb\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 10, "modified": "2010-10-12T19:31:50", "published": "2010-10-12T19:31:50", "id": "DEBIAN:DSA-2116-1:BF569", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00169.html", "title": "[SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
