-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2009.1470
                          poppler vulnerabilities
                              4 November 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           poppler
Publisher:         Ubuntu
Operating System:  Ubuntu
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2009-3609 CVE-2009-3608 CVE-2009-3607
                   CVE-2009-3604 CVE-2009-3603 

Reference:         ESB-2009.1423

Original Bulletin: 
   http://www.ubuntu.com/usn/usn-850-3

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Ubuntu. It is recommended that administrators 
         running poppler check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

===========================================================
Ubuntu Security Notice USN-850-3          November 02, 2009
poppler vulnerabilities
CVE-2009-3603, CVE-2009-3604, CVE-2009-3607, CVE-2009-3608,
CVE-2009-3609
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libpoppler-glib4                0.12.0-0ubuntu2.1
  libpoppler5                     0.12.0-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-850-1 fixed vulnerabilities in poppler. This update provides the
corresponding updates for Ubuntu 9.10.

Original advisory details:

 It was discovered that poppler contained multiple security issues when
 parsing malformed PDF documents. If a user or automated system were tricked
 into opening a crafted PDF file, an attacker could cause a denial of
 service or execute arbitrary code with privileges of the user invoking the
 program.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.1.diff.gz
      Size/MD5:    15454 48a80d636158aa98b507c85607c379c7
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.1.dsc
      Size/MD5:     1692 0e33aecf9e3c097fa1a5445bf4396f91
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0.orig.tar.gz
      Size/MD5:  1595424 399b25d9d71ad22bc9a2a9281769c49c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:  1051952 700c63d275b983dba55c6abfd9c3ec21
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:   147622 8f53a579169d196b59c865e6b34579a4
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:    75084 8d5d57f163087638bd61353fba3c82b6
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:    55886 4fb8c88e15cae8a3f2bc03a7dd564612
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:    26020 0b157d328ea46a5cd2a5a637563c01f8
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:   169760 e6a9de15ef88077713abb5486a419a06
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:   245990 72cba1a5cdf707e7cd95c8650c976ee7
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:   757804 6e2520a2a9ba32a4f3e28e39c34fead0
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:  3352280 2674ea34101cd26e76d359e4fa1ae1d0
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_amd64.deb
      Size/MD5:    84172 d2685cf3c57bd1102c210c18f55686b5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   989336 23134e2af4161b817e87d114f36bbb11
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   140976 67cb2da532b6af1009b71825227266ec
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:    72378 2f7c93e9da887f145de10329aba0ef98
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:    53594 71e81f0cab72a786d4be9da566f57bf5
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:    25628 8068a8f5872026777b6e3c659b0f7f94
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   166224 f632da6ffcf74bd16ea244aa62d32cf8
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   231216 73f64210ed94368602bce01cb8623e9e
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:   725724 47faef2db50f38de117fe8270b75d2b4
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:  3274002 0faa823f34836a3046221ea840291ac3
    http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_i386.deb
      Size/MD5:    80140 56f7601d98080759427904a5cda8fc1c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:  1004264 ab6c2ce6fca7bc156bb79ee9098db4a6
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:   142336 40691b4d045114f85022295f16bb715a
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:    72620 949aefc47f714cd6bf04b572cd64a422
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:    53838 b28eb49e9f317a3ff62dad035e3c18d2
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:    25578 6859e69db4d7b0e849c6ba0b07ceca22
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:   167256 77527ca39229b2908deac999e98feb93
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:   236556 5b472282eb85b9fd5f3f5adfe5bd579c
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:   736340 6e298d3ae22ca1e235efca71adef1e77
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:  3299736 e4317c538e932ef9f349ada04c49772e
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_lpia.deb
      Size/MD5:    81398 c3c07e4d1ca4afd89026c2e94b32d489

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:  1132462 fe92b06a1afaee95aab8e9fee5172ebd
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   154828 e8656dcfca021f74ef74d3305a3777dd
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:    79136 43bec50dd396f4e408e439dcff4050ee
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:    56918 11e2b15a48bcd8f6dd4edf1b2a3f94f6
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:    26764 3a9015b5ef5e4456d99aed94d9795b13
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   170914 364e184c49ad48bcbcb607a754820856
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   251780 c68cee53af60cfc18123960426f71ebd
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   796134 56d908a8957794858adf9fac1f05e69d
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:  3472754 e4df589ab148c9b4e10252edbccf6d63
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_powerpc.deb
      Size/MD5:    84200 11bd5fff3480bebdf34a3f448a4e19b9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:  1024090 f0aa671a65979f05b98a68c06702577a
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:   145424 0fa9ac58cbd89b973d473ea8b8097168
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:    73066 44ea8c81756572a26c7cf91a2a28a22e
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:    53156 2d6b94d35ccd3edf77730f19ad142965
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:    24208 6a4d8c3dd160266b3626aace0eb9cb2b
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:   168684 414dea9f6db5bbe8cc1e32d7ea7b1a66
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:   244118 39b3946c546ac384cdc9552257253981
    http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:   749070 5f96f15d3527c3d4311d4ca3746fc5cc
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:  3243548 25690cbe96ebf2d5da437fe176fe412c
    http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.1_sparc.deb
      Size/MD5:    80606 e56113c88e7b1144f7979e869a6f0c2f

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFK8MuRNVH5XJJInbgRAh1zAJ0cOPIbqppXwoScu1/OhGwgoJi+ZQCfVxLo
QpUatJpV6havyoeqfQ348cY=
=ibQY
-----END PGP SIGNATURE-----