Lucene search

DebianDEBIAN:DSA-3563-1:3E2CB

HistoryMay 01, 2016 - 8:37 p.m.

[SECURITY] [DSA 3563-1] poppler security update

2016-05-0120:37:58

lists.debian.org

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Debian Security Advisory DSA-3563-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
May 01, 2016 https://www.debian.org/security/faq

Package : poppler
CVE ID : CVE-2015-8868

It was discovered that a heap overflow in the Poppler PDF library may
result in denial of service and potentially the execution of arbitrary
code if a malformed PDF file is opened.

For the stable distribution (jessie), this problem has been fixed in
version 0.26.5-2+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 0.38.0-3.

For the unstable distribution (sid), this problem has been fixed in
version 0.38.0-3.

We recommend that you upgrade your poppler packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8armelgir1.2-poppler-0.18< 0.26.5-2+deb8u1gir1.2-poppler-0.18_0.26.5-2+deb8u1_armel.deb
Debian8arm64libpoppler-private-dev< 0.26.5-2+deb8u1libpoppler-private-dev_0.26.5-2+deb8u1_arm64.deb
Debian7i386gir1.2-poppler-0.18< 0.18.4-6+deb7u1gir1.2-poppler-0.18_0.18.4-6+deb7u1_i386.deb
Debian8kfreebsd-amd64libpoppler-qt4-dev< 0.26.5-2+deb8u1libpoppler-qt4-dev_0.26.5-2+deb8u1_kfreebsd-amd64.deb
Debian8powerpclibpoppler46< 0.26.5-2+deb8u1libpoppler46_0.26.5-2+deb8u1_powerpc.deb
Debian8arm64libpoppler-dev< 0.26.5-2+deb8u1libpoppler-dev_0.26.5-2+deb8u1_arm64.deb
Debian7armellibpoppler-qt4-dev< 0.18.4-6+deb7u1libpoppler-qt4-dev_0.18.4-6+deb7u1_armel.deb
Debian8armhflibpoppler-qt4-4< 0.26.5-2+deb8u1libpoppler-qt4-4_0.26.5-2+deb8u1_armhf.deb
Debian8kfreebsd-i386libpoppler-dev< 0.26.5-2+deb8u1libpoppler-dev_0.26.5-2+deb8u1_kfreebsd-i386.deb
Debian8i386libpoppler46< 0.26.5-2+deb8u1libpoppler46_0.26.5-2+deb8u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armel	gir1.2-poppler-0.18	< 0.26.5-2+deb8u1	gir1.2-poppler-0.18_0.26.5-2+deb8u1_armel.deb
Debian	8	arm64	libpoppler-private-dev	< 0.26.5-2+deb8u1	libpoppler-private-dev_0.26.5-2+deb8u1_arm64.deb
Debian	7	i386	gir1.2-poppler-0.18	< 0.18.4-6+deb7u1	gir1.2-poppler-0.18_0.18.4-6+deb7u1_i386.deb
Debian	8	kfreebsd-amd64	libpoppler-qt4-dev	< 0.26.5-2+deb8u1	libpoppler-qt4-dev_0.26.5-2+deb8u1_kfreebsd-amd64.deb
Debian	8	powerpc	libpoppler46	< 0.26.5-2+deb8u1	libpoppler46_0.26.5-2+deb8u1_powerpc.deb
Debian	8	arm64	libpoppler-dev	< 0.26.5-2+deb8u1	libpoppler-dev_0.26.5-2+deb8u1_arm64.deb
Debian	7	armel	libpoppler-qt4-dev	< 0.18.4-6+deb7u1	libpoppler-qt4-dev_0.18.4-6+deb7u1_armel.deb
Debian	8	armhf	libpoppler-qt4-4	< 0.26.5-2+deb8u1	libpoppler-qt4-4_0.26.5-2+deb8u1_armhf.deb
Debian	8	kfreebsd-i386	libpoppler-dev	< 0.26.5-2+deb8u1	libpoppler-dev_0.26.5-2+deb8u1_kfreebsd-i386.deb
Debian	8	i386	libpoppler46	< 0.26.5-2+deb8u1	libpoppler46_0.26.5-2+deb8u1_i386.deb