Operating System:

[Debian]

Published:

27 September 2022

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ESB-2022.4771 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.4771
                          poppler security update
                             27 September 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           poppler
Publisher:         Debian
Operating System:  Debian GNU/Linux
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-38784 CVE-2022-27337 CVE-2020-27778
                   CVE-2019-14494 CVE-2019-9959 CVE-2019-9903
                   CVE-2018-20650 CVE-2018-19058 CVE-2018-18897

Original Bulletin: 
   http://www.debian.org/security/2022/dla-3120

Comment: CVSS (Max):  7.8 CVE-2022-38784 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
         CVSS Source: NVD, [Red Hat]
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3120-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
September 26, 2022                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : poppler
Version        : 0.71.0-5+deb10u1
CVE ID         : CVE-2018-18897 CVE-2018-19058 CVE-2018-20650 CVE-2019-9903
                 CVE-2019-9959 CVE-2019-14494 CVE-2020-27778 CVE-2022-27337
                 CVE-2022-38784
Debian Bug     : 913164 913177 917974 925264 941776 933812 1010695 1018971

Several security vulnerabilities have been discovered in Poppler, a PDF
rendering library, that could lead to denial of service or possibly other
unspecified impact when processing maliciously crafted documents.

For Debian 10 buster, these problems have been fixed in version
0.71.0-5+deb10u1.

We recommend that you upgrade your poppler packages.

For the detailed security status of poppler please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/poppler

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBYzJRhMkNZI30y1K9AQi/VA/+JB5uMBkQeQwevhgMAgwi6UzZ7tIhg+AT
4BHh3Xcrw56Vc7GtzjoKgH5UbE6WGd5VoxdETP8QNYKGf3kriN9zKmki7VAJXl3g
0FbFggUdKr4yjVtsS2eZHSp3IQnQpQGnMU9Lc5cc8F8geq1WvlQq+szUM9N0L2Z8
OMjbYkiH+f4x21HXu+NDrkiagitqxZSTM7Y0QGQSKiTbvI5Y63YVyH13uAA2dYl5
zI4NN/vdFXuystoaORRQLqnF27SMAV2YHvHKC9S5EOW7Hadl3nCpDP1iBUAPXJc1
kmY8gztvPl7TQBpdRTB79RkNwmeN+c4i6QenpIVGxNPwVWTLCAQQ4V/8SBY9AJHI
bk9kC0OWq97fHhJH4S8JoCq/WIZmARMnWZigop5v8+U+4mH/rEh938VPdPqZW5En
skSmNcCmwGgssP0lG0YXoqyR3orUEgda/B+kn9R8VmXfNa9XKzCKlJHFRwj2Bm/Z
CGYglQooffv4PGTStxlJPraZtWQOCzBD9Am+GpiQs/htMbH3o1cuzSYokhKe/gyZ
QIBuW1y2m6jHiIvisbrNABNtk08Tz/bSpZTQMI6lAD2Dh7rEsvn+eo/9w5GB1N4t
9pXNXJAh4HqDcojzZj1q16i6Jr9iAyP+JFTtDW+2FoKbXCnNYChvjYC/RxMLKkEE
HBYBf49we6U=
=TRG3
-----END PGP SIGNATURE-----