Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2539 poppler security update 24 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: poppler Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-12293 CVE-2019-10872 CVE-2019-9631 CVE-2019-9200 CVE-2018-21009 CVE-2018-20481 CVE-2018-16646 CVE-2017-18267 Reference: ESB-2019.2040 ESB-2019.1216 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2287 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2287-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 23, 2020 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : poppler Version : 0.48.0-2+deb9u3 CVE ID : CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009 CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293 Debian Bug : 898357 909802 917325 923414 926530 926673 929423 Several issues were found in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents. For Debian 9 stretch, these problems have been fixed in version 0.48.0-2+deb9u3. We recommend that you upgrade your poppler packages. For the detailed security status of poppler please refer to its security tracker page at: https://security-tracker.debian.org/tracker/poppler Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8ZY2YACgkQnUbEiOQ2 gwKrbA/9EzPmSehi0LhWL+vq6A7eAPXPRkuAtwQ9elTLOo1jqm2v7XbCbhEdbskC /BNOQo7H55Svfrv3PQ5xDUJu2sHu94yjswVEnQOAeX1QGzj+VlVfC4sMlooxeUyI h4ZkZM8wYx5MCHVOpRmp7+mb5yK0nCixdKYGenQAP0eL4sunBmErX8ZJM38VAFTE l4Mvl8sJhd2a5KDz/5x7BSZAwWLq8RDaIP7uvPS3/nMWr0yDfPXUq4SCBysrb05H MV1TcpUaS+FLgfF8HyREHl+cKUqQoJ3guOOp+GZjrNk5QHsNu6u4eVtfoXmSUhyL MsB6txNDs5iqgeKKFlKWV5UcJRN60NR8+jH/kSn0KI1qEL0cEWAj91Ad4wI3Fy8x KFZvlN1u9cv4oCByEb2WbnPQu9/qKs8nUMFgxB5LwDGrMuEG3w26R0u00fT5v3mF 4L4NU23Kwjbh/+QAiT+MoPx03bYlaDjQs9bAjoWjFiFs3zhUueF6s+YHG9whC8VV diyChBu5q1bZWRTn4V97x4ZdUaMtjGBNZPBzjHBHhU9mbnNjt8JZM0OGS3kStFTh ZlRaiCehnYIh9+FXmbB8VvvP22MNgfBhwKvExWDVfkA68iSrp41Z822D8IubdAb0 md0jzuWUaORITRTlVxyeeuyQtYceyRwkzA6CjRKBCEqPQqhYP2M= =t7Bm - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXxpS3ONLKJtyKPYoAQgOJQ//etyggX5cC0NcufsD2UHp2o+GrhFm6K7u QDaNKDclcCevLBr8XMYiAs6UJcoYKOLPKrc0hxUHGwzqhpkT3Y3ILDgRsEQmNxU8 j1iklQ8TS2ZPZzqx3CQcRSD1blEwGBd916cv7F74fBS4/6v5xlzP+VDQuKt31zaI /M82UHRZ/7BMCpDjA6Hvk+yNo/lmoZvk0GvREPgT8+txHu2jmUC1mftFyBNlxCxE dkUrx7trCYyBLpVgVlV9aNQ7s46AVMb01V4yRT8PtSUJlYBKvfiCmH9QdTtLoGmJ ic6Xc2ilQmEXlBiVi07yBuKQ7icOumbXk0CdMTcT0FOI0D0stwECdIQxzlg2Nr1n s/5GGkKeV9LV7HOFuYAt2n5iewl7PjDLmPv0NCOapwiHyex2lsmZ+zbizeLtW/Bt hz5C+2QugBomQ63RsCVPPVpkY4jCqnw9xe9Q5qORVWmOIJ0vbQZZLhAQXZFEXy+F qVAm+8FYn5Dk732Gg0Th/NiTbw34ezBZLiju/eSdmdI7wAxHKObn2n0LnrfEiYz4 /TJg/jHXMVBJRsbtkqRQYva1ZlvlGlWuwr/pbAdiEiXZuzNgAYdNS13XSED4sIXw EAs3P3jaHcVSAkOeVf9bCMrgphuIxzvQ/DoyqH+uWEwFOc94r+xn5IJ9TwbJHRNU iuR63zPXvn0= =OFtL -----END PGP SIGNATURE-----