ESB-2019.0746 - [Debian] poppler: Denial of service - Remote with user interaction - 2019-03-11


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.0746
                   [DLA 1706-1] poppler security update
                               11 March 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           poppler
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-9200 CVE-2019-7310 CVE-2018-20662
                   CVE-2018-20481 CVE-2018-19058 

Reference:         ESB-2019.0424

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : poppler
Version        : 0.26.5-2+deb8u8
CVE ID         : CVE-2018-19058 CVE-2018-20481 CVE-2018-20662
                 CVE-2019-7310 CVE-2019-9200
Debian Bug     : 913177 917325 918158 921215 923414

Several security vulnerabilities were discovered in the poppler PDF
rendering shared library.

CVE-2018-19058

    A reachable abort in Object.h will lead to denial-of-service because
    EmbFile::save2 in FileSpec.cc lacks a stream check before saving an
    embedded file.

CVE-2018-20481

    Poppler mishandles unallocated XRef entries, which allows remote
    attackers to cause a denial-of-service (NULL pointer dereference)
    via a crafted PDF document.

CVE-2018-20662

    Poppler allows attackers to cause a denial-of-service (application
    crash and segmentation fault by crafting a PDF file in which an xref
    data structure is corrupted.

CVE-2019-7310

    A heap-based buffer over-read (due to an integer signedness error in
    the XRef::getEntry function in XRef.cc) allows remote attackers to
    cause a denial of service (application crash) or possibly have
    unspecified other impact via a crafted PDF document.

CVE-2019-9200

    A heap-based buffer underwrite exists in ImageStream::getLine()
    located at Stream.cc that can (for example) be triggered by sending
    a crafted PDF file to the pdfimages binary. It allows an attacker to
    cause denial-of-service (segmentation fault) or possibly have
    unspecified other impact.

For Debian 8 "Jessie", these problems have been fixed in version
0.26.5-2+deb8u8.

We recommend that you upgrade your poppler packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyC0nxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSADA//WoORipRClpa37uyOReoY/LpJF/6A+I09319knIajvns2pn5vJaQ5hZ9a
JTQVz0cGQYb5OHWVzr7dlbJyy3DLH+BQ/vMca0qTG5OAlLbKhw+dFankHLPeyqJH
CnTwLDgEGnn650uF4p86kEkzUwH36KvRPsEfjX2HsABY87bEwMcUxaCcJBazKyTC
uTj4qwCidssoiA4lmCGNAa/VEAHUykIzaI2eC0ZWtAN4UWRFiLt4XfXi7K3TcswK
GMvRHwe+AQCJVK4jhpyb5qdhbRmMWuahcFUlYncCpW7/5Qrw9cEqhdOfHoW3VYNS
PufpPySCjET34GCY2wizq424XVeSzmz+Um5vKhBFp/FCt7vdEvww73kAnbXbFGWb
wyVD7iC3lS675iq7P91AdPQtQFDNTQELxEvcgEplLpFMhLKXCa4j34xkzO1Xf17a
tfiqq/C5PjaXFCNF8eFqI/jAhOXcFyV7pX+/dimxw/IjjidTAyiQnil27MQTqfQC
pTcx6ZYC5ed1FcIpPvDwBF1Sjv8h+okcZIWbFCPi1s9nyU44iAxoF/AXMNRzWwpm
x2VVUsXxy4ZjVCY3StKTyKiJCKKAsDiIbEhbbmQcvFl2T1A2R32sYnWoH64cpZJy
iox1jympDYjPcPc89XnMkxQvFpNX4Ws/UEaCjF/V64HYHcgMpjw=
=gwm1
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXIW5a2aOgq3Tt24GAQhd5Q//TBHjoA2Jy/3NJKDJdlY1ZVwf8aanlgqF
kv2Az6g0uSTFXA7l21TAT7QyT6Lx6v1LdhFuHCoviZegZpq5noCuugqs00Vd8/hc
BagRfR+Y/kAZg0UNBf81x4z0FZYmEGMaKt1nQiS/5A+ShkbfFAyiRC4/QgpbO+6a
LnncGAHT0PEy25US64kLl/KeErcjACrUJPtEL0Y1GzZjWp30UKuk3SCTE1/Yp9WX
8HBBdDDDuOXOZwnbg/dbApqnvxkPSIoW6j6asT1a3CZEgfMMkl+moBU4ylJqciml
v2HSTQnbq0mGLUEuE/3B41qi755ewlzESvI0TQXlB/bcf9CTaFLa53cX71S+FOL8
CBh2bu/DDuWU3xhDJwucG9ihPazOdCRp3ZetScfH3/yQ0REtc80eftOnhWnPgQOx
NZDVZWZ03sRsMDST0bO9ChyXBLOWdD2YcVEAVOBPjs2wjwNG9/obJg6yE81tYo8Q
+xIZR3zDv5PTIORz7bIR0HZsxjDKnE4lhXwAjq91kugrBkQ7cJdCCg2vCIFsNPbO
00kpDegVE8lrOln5GuQ+SNiBWbMJOXWbIGSvSMH2d/VqCkT9zltj47X/Sm+QIpLp
jVcm6po4Ie975r28Vx9lBRtpGCI9aKl0CER6a6esIFSPHVXtB8GDdBtvga1n3paP
WpRHibC//5k=
=7rPL
-----END PGP SIGNATURE-----