Lucene search

K
slackwareSlackware Linux ProjectSSA-2022-244-01
HistorySep 01, 2022 - 8:05 p.m.

[slackware-security] poppler

2022-09-0120:05:47
Slackware Linux Project
www.slackware.com
17

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.0%

New poppler packages are available for Slackware 15.0 and -current to fix
a security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/poppler-21.12.0-i586-2_slack15.0.txz: Rebuilt.
[PATCH] JBIG2Stream: Fix crash on broken file.
For more information, see:
https://vulners.com/cve/CVE-2021-30860
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/poppler-21.12.0-i586-2_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/poppler-21.12.0-x86_64-2_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/poppler-22.09.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/poppler-22.09.0-x86_64-1.txz

MD5 signatures:

Slackware 15.0 package:
681572875875db923913fa9403d974d7 poppler-21.12.0-i586-2_slack15.0.txz

Slackware x86_64 15.0 package:
3ec89fbbdf94e68f4daa477faceda360 poppler-21.12.0-x86_64-2_slack15.0.txz

Slackware -current package:
b91690866d21257db9c66985ceae5051 l/poppler-22.09.0-i586-1.txz

Slackware x86_64 -current package:
bf4d3f9a1894a59a00bae784162c7780 l/poppler-22.09.0-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg poppler-21.12.0-i586-2_slack15.0.txz

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.0%