USN-496-2: poppler vulnerability
7 August 2007
poppler vulnerability
Releases
Details
USN-496-1 fixed a vulnerability in koffice. This update provides the
corresponding updates for poppler, the library used for PDF handling in
Gnome.
Original advisory details:
Derek Noonburg discovered an integer overflow in the Xpdf function
StreamPredictor::StreamPredictor(). By importing a specially crafted PDF
file into KWord, this could be exploited to run arbitrary code with the
user's privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 7.04
-
libpoppler1
-
0.5.4-0ubuntu8.1
Ubuntu 6.10
-
libpoppler1
-
0.5.4-0ubuntu4.2
Ubuntu 6.06
-
libpoppler1
-
0.5.1-0ubuntu7.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.