Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2539
poppler security update
24 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: poppler
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-12293 CVE-2019-10872 CVE-2019-9631
CVE-2019-9200 CVE-2018-21009 CVE-2018-20481
CVE-2018-16646 CVE-2017-18267
Reference: ESB-2019.2040
ESB-2019.1216
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2287
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2287-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
July 23, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : poppler
Version : 0.48.0-2+deb9u3
CVE ID : CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009
CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293
Debian Bug : 898357 909802 917325 923414 926530 926673 929423
Several issues were found in Poppler, a PDF rendering library, that could
lead to denial of service or possibly other unspecified impact when
processing maliciously crafted documents.
For Debian 9 stretch, these problems have been fixed in version
0.48.0-2+deb9u3.
We recommend that you upgrade your poppler packages.
For the detailed security status of poppler please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/poppler
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8ZY2YACgkQnUbEiOQ2
gwKrbA/9EzPmSehi0LhWL+vq6A7eAPXPRkuAtwQ9elTLOo1jqm2v7XbCbhEdbskC
/BNOQo7H55Svfrv3PQ5xDUJu2sHu94yjswVEnQOAeX1QGzj+VlVfC4sMlooxeUyI
h4ZkZM8wYx5MCHVOpRmp7+mb5yK0nCixdKYGenQAP0eL4sunBmErX8ZJM38VAFTE
l4Mvl8sJhd2a5KDz/5x7BSZAwWLq8RDaIP7uvPS3/nMWr0yDfPXUq4SCBysrb05H
MV1TcpUaS+FLgfF8HyREHl+cKUqQoJ3guOOp+GZjrNk5QHsNu6u4eVtfoXmSUhyL
MsB6txNDs5iqgeKKFlKWV5UcJRN60NR8+jH/kSn0KI1qEL0cEWAj91Ad4wI3Fy8x
KFZvlN1u9cv4oCByEb2WbnPQu9/qKs8nUMFgxB5LwDGrMuEG3w26R0u00fT5v3mF
4L4NU23Kwjbh/+QAiT+MoPx03bYlaDjQs9bAjoWjFiFs3zhUueF6s+YHG9whC8VV
diyChBu5q1bZWRTn4V97x4ZdUaMtjGBNZPBzjHBHhU9mbnNjt8JZM0OGS3kStFTh
ZlRaiCehnYIh9+FXmbB8VvvP22MNgfBhwKvExWDVfkA68iSrp41Z822D8IubdAb0
md0jzuWUaORITRTlVxyeeuyQtYceyRwkzA6CjRKBCEqPQqhYP2M=
=t7Bm
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXxpS3ONLKJtyKPYoAQgOJQ//etyggX5cC0NcufsD2UHp2o+GrhFm6K7u
QDaNKDclcCevLBr8XMYiAs6UJcoYKOLPKrc0hxUHGwzqhpkT3Y3ILDgRsEQmNxU8
j1iklQ8TS2ZPZzqx3CQcRSD1blEwGBd916cv7F74fBS4/6v5xlzP+VDQuKt31zaI
/M82UHRZ/7BMCpDjA6Hvk+yNo/lmoZvk0GvREPgT8+txHu2jmUC1mftFyBNlxCxE
dkUrx7trCYyBLpVgVlV9aNQ7s46AVMb01V4yRT8PtSUJlYBKvfiCmH9QdTtLoGmJ
ic6Xc2ilQmEXlBiVi07yBuKQ7icOumbXk0CdMTcT0FOI0D0stwECdIQxzlg2Nr1n
s/5GGkKeV9LV7HOFuYAt2n5iewl7PjDLmPv0NCOapwiHyex2lsmZ+zbizeLtW/Bt
hz5C+2QugBomQ63RsCVPPVpkY4jCqnw9xe9Q5qORVWmOIJ0vbQZZLhAQXZFEXy+F
qVAm+8FYn5Dk732Gg0Th/NiTbw34ezBZLiju/eSdmdI7wAxHKObn2n0LnrfEiYz4
/TJg/jHXMVBJRsbtkqRQYva1ZlvlGlWuwr/pbAdiEiXZuzNgAYdNS13XSED4sIXw
EAs3P3jaHcVSAkOeVf9bCMrgphuIxzvQ/DoyqH+uWEwFOc94r+xn5IJ9TwbJHRNU
iuR63zPXvn0=
=OFtL
-----END PGP SIGNATURE-----