USN-496-2: poppler vulnerability

7 August 2007

poppler vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

Details

USN-496-1 fixed a vulnerability in koffice. This update provides the corresponding updates for poppler, the library used for PDF handling in Gnome.

Original advisory details:

Derek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor(). By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user’s privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
libpoppler1 - 0.5.4-0ubuntu8.1
Ubuntu 6.10
libpoppler1 - 0.5.4-0ubuntu4.2
Ubuntu 6.06 LTS
libpoppler1 - 0.5.1-0ubuntu7.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References