|Summary:||app-text/poppler <0.6.3-r1 uninitialized pointer (CVE-2008-2950)|
|Product:||Gentoo Security||Reporter:||Matthias Geerdsen (RETIRED) <vorlon>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||normal||CC:||dang, printing, tgurr|
|Package list:||Runtime testing required:||---|
Description Matthias Geerdsen (RETIRED) 2008-06-28 19:14:46 UTC
** Please note that this issue is confidential at the moment and no information should be disclosed until it is made public ** We have been contacted by oCERT about a vulnerability in poppler: Description: The poppler PDF rendering library suffers a memory management bug which leads to arbitrary code execution. The vulnerability is present in the Page class constructor/destructor. The pageWidgets object is not initialized in the Page constructor if specific conditions are met, but it is deleted afterwards in the destructor regardless of its initialization. Specific PDF files can be crafted which allocate arbitrary memory to trigger the vulnerability. Affected version: poppler <= 0.8.3
Comment 1 Matthias Geerdsen (RETIRED) 2008-06-28 19:16:26 UTC
Created attachment 158795 [details, diff] patch
Comment 2 Matthias Geerdsen (RETIRED) 2008-06-28 19:17:49 UTC
dang/tgurr please prepare an ebuild with the attached patch... do not commit anything to the tree, but attach the ebuild etc. to this bug so the arch liaisions can test it
Comment 3 Daniel Gryniewicz (RETIRED) 2008-06-29 17:39:59 UTC
Created attachment 158877 [details, diff] Previous patch, renamed
Comment 4 Daniel Gryniewicz (RETIRED) 2008-06-29 17:40:49 UTC
Created attachment 158879 [details] Ebuild with patch
Comment 5 Daniel Gryniewicz (RETIRED) 2008-06-29 17:41:30 UTC
Note: 0.8.4 is in the tree now, also with this bug. The same patch applies. That will have to be bumped at the same time as 0.8.3, but not to stable.
Comment 6 Matthias Geerdsen (RETIRED) 2008-06-30 11:09:54 UTC
thanks Daniel Arch Security Liaisons, please test the attached ebuild (app-text/poppler-0.8.3-r1) and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86" CC'ing current Liaisons: alpha : yoswink amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer
Comment 7 Ferris McCormick (RETIRED) 2008-06-30 14:30:56 UTC
Sparc looks good for poppler-0.8.3-r1. However, for this to go stable, testing shows that *at least* these packages must also go stable: app-text/poppler-bindings-0.8.3 media-gfx/inkscape-0.46-r3 (and also several rebuilds besides, such as xpdf, evince, and gimp for me). So please make sure to catch everything which needs an upgrade along with poppler before making this stable. I just mentioned the ones I know about; there might be others, and I suspect they are triggered by the required poppler-bindings upgrade.
Comment 8 Daniel Gryniewicz (RETIRED) 2008-06-30 19:36:05 UTC
Created attachment 158999 [details] poppler 0.6.3 ebuild Blast. I'd completely forgotten that 0.8.x wasn't stable yet. Here's an ebuild for 0.6.3-r1 (fortunately, the same patch applies). Please test this one for stable instead.
Comment 9 Ferris McCormick (RETIRED) 2008-06-30 20:09:14 UTC
0.6.3-r1 is good on sparc, too.
Comment 10 Jeroen Roovers (RETIRED) 2008-06-30 23:38:59 UTC
HPPA is OK.
Comment 11 Markus Rothe (RETIRED) 2008-07-01 05:27:45 UTC
Comment 12 Christian Faulhammer (RETIRED) 2008-07-03 13:06:33 UTC
x86 will go with stable
Comment 13 Jose Luis Rivero (yoswink) (RETIRED) 2008-07-03 15:34:21 UTC
Ready for alpha. evince using stable poppler-bindings and 0.6.3-r1 of popler is able to show a pdf without any problem.
Comment 14 Matthias Geerdsen (RETIRED) 2008-07-07 09:14:49 UTC
sorry for the version mess up earlier... Anyways, this is going public at 16:00 CET. It would be nice if the remaining arches could give their OK by that time too.
Comment 15 Robert Buchholz (RETIRED) 2008-07-07 09:26:20 UTC
Adding ranger and gentoofan23 as support for the missing arches. Please test the poppler-0.6.3-r1.ebuild attached to this bug in your stable tree and report the results here.
Comment 16 Brent Baude (RETIRED) 2008-07-07 13:01:28 UTC
seems ok for ppc64
Comment 17 Matthias Geerdsen (RETIRED) 2008-07-07 13:16:17 UTC
ppc64 gave their ok already, ppc is still missing though (and amd64) ;-)
Comment 18 Daniel Gryniewicz (RETIRED) 2008-07-07 13:25:38 UTC
I'm not the amd64 security guy, but I am on the amd64 team, and I did test it on amd64. I'm not sure of the rules for sec bugs, but if that's sufficient, you can count amd64.
Comment 19 Matthias Geerdsen (RETIRED) 2008-07-07 14:16:13 UTC
public via $URL printing herd/dang, please commit the relevant ebuilds poppler-0.6.3-r1 has collected the following stable keywords here already: "alpha amd64 hppa ppc64 sparc x86" removing liaisons to be added when commited: ia64 arm m68k s390 sh (ppc)
Comment 20 Daniel Gryniewicz (RETIRED) 2008-07-07 14:45:34 UTC
Committed. I left 0.6.3, but it (and 0.6.1-r1) should be removed when everyone has updated thier stable keywords.
Comment 21 Matthias Geerdsen (RETIRED) 2008-07-07 15:00:44 UTC
thanks Daniel remaining arches, please test and stabilize =app-text/poppler-0.6.3-r1 GLSA is drafted and ready to go
Comment 22 Raúl Porcel (RETIRED) 2008-07-08 12:50:54 UTC
Comment 23 Tobias Scherbaum (RETIRED) 2008-07-08 17:02:02 UTC
Comment 24 Pierre-Yves Rofes (RETIRED) 2008-07-09 21:29:21 UTC
this was GLSA 200807-04.