Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 644388 (CVE-2017-14975, CVE-2017-14976, CVE-2017-14977) - <app-text/poppler-0.61.1: multiple vulnerabilities (CVE-2017-1497{5,6,7})
Summary: <app-text/poppler-0.61.1: multiple vulnerabilities (CVE-2017-1497{5,6,7})
Status: RESOLVED FIXED
Alias: CVE-2017-14975, CVE-2017-14976, CVE-2017-14977
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
: 644456 (view as bug list)
Depends on: CVE-2012-2120 631800 641340 643836 643996 644800 646638
Blocks: 644802 CVE-2017-1000456
  Show dependency tree
 
Reported: 2018-01-12 21:55 UTC by Ian Zimmerman
Modified: 2018-04-08 14:27 UTC (History)
3 users (show)

See Also:
Package list:
app-text/poppler-0.62.0-r1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Zimmerman 2018-01-12 21:55:46 UTC 
According to descriptions at cvedetails.com:

[1] The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

[2] The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

[3] The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

All 3 have been patched upstream [4], [5], [6]

[1]
https://www.cvedetails.com/cve/CVE-2017-14975/

[2]
https://www.cvedetails.com/cve/CVE-2017-14976/

[3]
https://www.cvedetails.com/cve/CVE-2017-14977/

[4]
https://cgit.freedesktop.org/poppler/poppler/commit
/?id=a5e5649ecf16fa05770620dbbd4985935dc2bbff

[5]
https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf

[6]
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c


Reproducible: Always
Comment 1 Tobias Klausmann (RETIRED) gentoo-dev 2018-03-04 11:36:38 UTC 
Stable on alpha.
Comment 2 Andreas Sturmlechner gentoo-dev 2018-03-05 23:55:28 UTC 
*** Bug 644456 has been marked as a duplicate of this bug. ***
Comment 3 Matt Turner gentoo-dev 2018-03-12 06:18:00 UTC 
ppc/ppc64 stable
Comment 4 Markus Meier gentoo-dev 2018-03-13 17:51:49 UTC 
arm stable
Comment 5 Andreas Sturmlechner gentoo-dev 2018-03-15 15:21:38 UTC 
ping hppa
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-18 13:45:16 UTC 
hppa stable
Comment 7 Andreas Sturmlechner gentoo-dev 2018-03-18 14:50:18 UTC 
Poppler cleanup actually depends on texlive-core security cleanup.
Comment 8 Larry the Git Cow gentoo-dev 2018-04-07 15:36:12 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9526cde161497cd43721f89c6d8aa23328be8e4

commit c9526cde161497cd43721f89c6d8aa23328be8e4
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-03-18 14:06:40 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-04-07 15:35:36 +0000

    app-text/poppler: Cleanup vulnerable
    
    Bug: https://bugs.gentoo.org/644388
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-text/poppler/Manifest                          |   2 -
 .../files/poppler-0.26.0-qt5-dependencies.patch    |  31 ---
 .../poppler/files/poppler-0.33.0-openjpeg2.patch   |  15 --
 app-text/poppler/files/poppler-0.40-FindQt4.patch  |  31 ---
 .../files/poppler-0.53.0-respect-cflags.patch      |  52 -----
 .../files/poppler-0.57.0-CVE-2017-14517.patch      |  27 ---
 .../files/poppler-0.57.0-CVE-2017-14518.patch      |  27 ---
 .../files/poppler-0.57.0-CVE-2017-14519.patch      | 100 --------
 .../files/poppler-0.57.0-CVE-2017-14520.patch      |  24 --
 .../files/poppler-0.57.0-CVE-2017-14617.patch      |  31 ---
 .../files/poppler-0.57.0-CVE-2017-14926.patch      |  36 ---
 .../files/poppler-0.57.0-CVE-2017-14927.patch      |  32 ---
 .../files/poppler-0.57.0-CVE-2017-14928.patch      |  69 ------
 .../files/poppler-0.57.0-CVE-2017-14929.patch      | 252 ---------------------
 .../files/poppler-0.57.0-CVE-2017-15565.patch      |  28 ---
 app-text/poppler/poppler-0.57.0-r1.ebuild          | 158 -------------
 app-text/poppler/poppler-0.61.1.ebuild             | 145 ------------
 17 files changed, 1060 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc1472f6e2b8df1aa3528554f323ddd248ec1dfa

commit cc1472f6e2b8df1aa3528554f323ddd248ec1dfa
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-03-19 18:44:44 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-04-07 15:35:35 +0000

    dev-texlive/texlive-*: Drop 2015
    
    Bug: https://bugs.gentoo.org/644388
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-text/texlive-core/Manifest                     |  120 -
 app-text/texlive-core/texlive-core-2015-r1.ebuild  |  344 ---
 dev-texlive/texlive-basic/Manifest                 |   53 -
 .../texlive-basic/texlive-basic-2015.ebuild        |   31 -
 dev-texlive/texlive-bibtexextra/Manifest           |  217 --
 .../texlive-bibtexextra-2015.ebuild                |   31 -
 dev-texlive/texlive-context/Manifest               |   67 -
 .../texlive-context/texlive-context-2015.ebuild    |   61 -
 dev-texlive/texlive-fontsextra/Manifest            |  512 ----
 .../texlive-fontsextra-2015.ebuild                 |   20 -
 dev-texlive/texlive-fontsrecommended/Manifest      |   63 -
 .../texlive-fontsrecommended-2015.ebuild           |   23 -
 dev-texlive/texlive-fontutils/Manifest             |   32 -
 .../texlive-fontutils-2015.ebuild                  |   39 -
 dev-texlive/texlive-formatsextra/Manifest          |   19 -
 .../texlive-formatsextra-2015.ebuild               |   21 -
 dev-texlive/texlive-games/Manifest                 |   74 -
 .../texlive-games/texlive-games-2015.ebuild        |   23 -
 dev-texlive/texlive-genericextra/Manifest          |   98 -
 .../texlive-genericextra-2015.ebuild               |   19 -
 dev-texlive/texlive-genericrecommended/Manifest    |   20 -
 .../texlive-genericrecommended-2015.ebuild         |   22 -
 dev-texlive/texlive-humanities/Manifest            |  119 -
 .../texlive-humanities-2015.ebuild                 |   20 -
 dev-texlive/texlive-langafrican/Manifest           |    9 -
 .../texlive-langafrican-2015.ebuild                |   19 -
 dev-texlive/texlive-langarabic/Manifest            |   30 -
 .../texlive-langarabic-2015.ebuild                 |   24 -
 dev-texlive/texlive-langchinese/Manifest           |   38 -
 .../texlive-langchinese-2015.ebuild                |   25 -
 dev-texlive/texlive-langcjk/Manifest               |   20 -
 .../texlive-langcjk/texlive-langcjk-2015.ebuild    |   26 -
 dev-texlive/texlive-langcyrillic/Manifest          |   85 -
 .../texlive-langcyrillic-2015.ebuild               |   33 -
 dev-texlive/texlive-langitalian/Manifest           |   38 -
 .../texlive-langitalian-2015.ebuild                |   20 -
 dev-texlive/texlive-langjapanese/Manifest          |   57 -
 .../texlive-langjapanese-2015.ebuild               |   28 -
 dev-texlive/texlive-langkorean/Manifest            |   17 -
 .../texlive-langkorean-2015.ebuild                 |   21 -
 dev-texlive/texlive-langother/Manifest             |   52 -
 .../texlive-langother-2015.ebuild                  |   27 -
 dev-texlive/texlive-langpolish/Manifest            |   36 -
 .../texlive-langpolish-2015.ebuild                 |   21 -
 dev-texlive/texlive-langportuguese/Manifest        |   20 -
 .../texlive-langportuguese-2015.ebuild             |   20 -
 dev-texlive/texlive-langspanish/Manifest           |   27 -
 .../texlive-langspanish-2015.ebuild                |   20 -
 dev-texlive/texlive-latex/Manifest                 |   72 -
 .../texlive-latex/texlive-latex-2015.ebuild        |   29 -
 dev-texlive/texlive-latexextra/Manifest            | 2696 --------------------
 .../texlive-latexextra-2015-r1.ebuild              |   44 -
 dev-texlive/texlive-latexrecommended/Manifest      |  134 -
 .../texlive-latexrecommended-2015-r1.ebuild        |   32 -
 dev-texlive/texlive-luatex/Manifest                |   80 -
 .../texlive-luatex/texlive-luatex-2015.ebuild      |   29 -
 dev-texlive/texlive-metapost/Manifest              |   84 -
 .../texlive-metapost/texlive-metapost-2015.ebuild  |   31 -
 dev-texlive/texlive-music/Manifest                 |   50 -
 .../texlive-music/texlive-music-2015.ebuild        |   32 -
 dev-texlive/texlive-omega/Manifest                 |   16 -
 .../texlive-omega/texlive-omega-2015.ebuild        |   24 -
 dev-texlive/texlive-pictures/Manifest              |  304 ---
 .../texlive-pictures-2015-r2.ebuild                |   68 -
 dev-texlive/texlive-plainextra/Manifest            |   46 -
 .../texlive-plainextra-2015.ebuild                 |   21 -
 dev-texlive/texlive-pstricks/Manifest              |  226 --
 .../texlive-pstricks/texlive-pstricks-2015.ebuild  |   27 -
 dev-texlive/texlive-publishers/Manifest            |  362 ---
 .../texlive-publishers-2015.ebuild                 |   20 -
 dev-texlive/texlive-xetex/Manifest                 |   81 -
 .../texlive-xetex/texlive-xetex-2015.ebuild        |   41 -
 72 files changed, 7310 deletions(-)}
Comment 9 Andreas Sturmlechner gentoo-dev 2018-04-07 15:41:43 UTC 
Cleanup done, security, please proceed. KDE is done here.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2018-04-08 14:27:10 UTC 
This issue was resolved and addressed in
 GLSA 201804-03 at https://security.gentoo.org/glsa/201804-03
by GLSA coordinator Aaron Bauman (b-man).