Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4771 poppler security update 27 September 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: poppler Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-38784 CVE-2022-27337 CVE-2020-27778 CVE-2019-14494 CVE-2019-9959 CVE-2019-9903 CVE-2018-20650 CVE-2018-19058 CVE-2018-18897 Original Bulletin: http://www.debian.org/security/2022/dla-3120 Comment: CVSS (Max): 7.8 CVE-2022-38784 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: NVD, [Red Hat] Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3120-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany September 26, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : poppler Version : 0.71.0-5+deb10u1 CVE ID : CVE-2018-18897 CVE-2018-19058 CVE-2018-20650 CVE-2019-9903 CVE-2019-9959 CVE-2019-14494 CVE-2020-27778 CVE-2022-27337 CVE-2022-38784 Debian Bug : 913164 913177 917974 925264 941776 933812 1010695 1018971 Several security vulnerabilities have been discovered in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents. For Debian 10 buster, these problems have been fixed in version 0.71.0-5+deb10u1. We recommend that you upgrade your poppler packages. For the detailed security status of poppler please refer to its security tracker page at: https://security-tracker.debian.org/tracker/poppler Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYzJRhMkNZI30y1K9AQi/VA/+JB5uMBkQeQwevhgMAgwi6UzZ7tIhg+AT 4BHh3Xcrw56Vc7GtzjoKgH5UbE6WGd5VoxdETP8QNYKGf3kriN9zKmki7VAJXl3g 0FbFggUdKr4yjVtsS2eZHSp3IQnQpQGnMU9Lc5cc8F8geq1WvlQq+szUM9N0L2Z8 OMjbYkiH+f4x21HXu+NDrkiagitqxZSTM7Y0QGQSKiTbvI5Y63YVyH13uAA2dYl5 zI4NN/vdFXuystoaORRQLqnF27SMAV2YHvHKC9S5EOW7Hadl3nCpDP1iBUAPXJc1 kmY8gztvPl7TQBpdRTB79RkNwmeN+c4i6QenpIVGxNPwVWTLCAQQ4V/8SBY9AJHI bk9kC0OWq97fHhJH4S8JoCq/WIZmARMnWZigop5v8+U+4mH/rEh938VPdPqZW5En skSmNcCmwGgssP0lG0YXoqyR3orUEgda/B+kn9R8VmXfNa9XKzCKlJHFRwj2Bm/Z CGYglQooffv4PGTStxlJPraZtWQOCzBD9Am+GpiQs/htMbH3o1cuzSYokhKe/gyZ QIBuW1y2m6jHiIvisbrNABNtk08Tz/bSpZTQMI6lAD2Dh7rEsvn+eo/9w5GB1N4t 9pXNXJAh4HqDcojzZj1q16i6Jr9iAyP+JFTtDW+2FoKbXCnNYChvjYC/RxMLKkEE HBYBf49we6U= =TRG3 -----END PGP SIGNATURE-----