USN-4646-2: poppler regression

26 November 2020

USN-4646-1 introduced a regression in poppler.

Releases

Packages

Details

USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871
introduced a regression causing certain applications linked against poppler
to fail. This update backs out the fix pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.