Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 644388 (CVE-2017-14975, CVE-2017-14976, CVE-2017-14977)

Summary: <app-text/poppler-0.61.1: multiple vulnerabilities (CVE-2017-1497{5,6,7})
Product: Gentoo Security Reporter: Ian Zimmerman <nobrowser>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: holgersson, printing, reavertm
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa+ cve]
Package list:
app-text/poppler-0.62.0-r1
Runtime testing required: ---
Bug Depends on: 432144, 631800, 641340, 643836, 643996, 644800, 646638    
Bug Blocks: 644802, 645868    

Description Ian Zimmerman 2018-01-12 21:55:46 UTC
According to descriptions at cvedetails.com:

[1] The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

[2] The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

[3] The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

All 3 have been patched upstream [4], [5], [6]

[1]
https://www.cvedetails.com/cve/CVE-2017-14975/

[2]
https://www.cvedetails.com/cve/CVE-2017-14976/

[3]
https://www.cvedetails.com/cve/CVE-2017-14977/

[4]
https://cgit.freedesktop.org/poppler/poppler/commit
/?id=a5e5649ecf16fa05770620dbbd4985935dc2bbff

[5]
https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf

[6]
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c


Reproducible: Always
Comment 1 Tobias Klausmann (RETIRED) gentoo-dev 2018-03-04 11:36:38 UTC
Stable on alpha.
Comment 2 Andreas Sturmlechner gentoo-dev 2018-03-05 23:55:28 UTC
*** Bug 644456 has been marked as a duplicate of this bug. ***
Comment 3 Matt Turner gentoo-dev 2018-03-12 06:18:00 UTC
ppc/ppc64 stable
Comment 4 Markus Meier gentoo-dev 2018-03-13 17:51:49 UTC
arm stable
Comment 5 Andreas Sturmlechner gentoo-dev 2018-03-15 15:21:38 UTC
ping hppa
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-18 13:45:16 UTC
hppa stable
Comment 7 Andreas Sturmlechner gentoo-dev 2018-03-18 14:50:18 UTC
Poppler cleanup actually depends on texlive-core security cleanup.
Comment 8 Larry the Git Cow gentoo-dev 2018-04-07 15:36:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9526cde161497cd43721f89c6d8aa23328be8e4

commit c9526cde161497cd43721f89c6d8aa23328be8e4
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-03-18 14:06:40 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-04-07 15:35:36 +0000

    app-text/poppler: Cleanup vulnerable
    
    Bug: https://bugs.gentoo.org/644388
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-text/poppler/Manifest                          |   2 -
 .../files/poppler-0.26.0-qt5-dependencies.patch    |  31 ---
 .../poppler/files/poppler-0.33.0-openjpeg2.patch   |  15 --
 app-text/poppler/files/poppler-0.40-FindQt4.patch  |  31 ---
 .../files/poppler-0.53.0-respect-cflags.patch      |  52 -----
 .../files/poppler-0.57.0-CVE-2017-14517.patch      |  27 ---
 .../files/poppler-0.57.0-CVE-2017-14518.patch      |  27 ---
 .../files/poppler-0.57.0-CVE-2017-14519.patch      | 100 --------
 .../files/poppler-0.57.0-CVE-2017-14520.patch      |  24 --
 .../files/poppler-0.57.0-CVE-2017-14617.patch      |  31 ---
 .../files/poppler-0.57.0-CVE-2017-14926.patch      |  36 ---
 .../files/poppler-0.57.0-CVE-2017-14927.patch      |  32 ---
 .../files/poppler-0.57.0-CVE-2017-14928.patch      |  69 ------
 .../files/poppler-0.57.0-CVE-2017-14929.patch      | 252 ---------------------
 .../files/poppler-0.57.0-CVE-2017-15565.patch      |  28 ---
 app-text/poppler/poppler-0.57.0-r1.ebuild          | 158 -------------
 app-text/poppler/poppler-0.61.1.ebuild             | 145 ------------
 17 files changed, 1060 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc1472f6e2b8df1aa3528554f323ddd248ec1dfa

commit cc1472f6e2b8df1aa3528554f323ddd248ec1dfa
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-03-19 18:44:44 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-04-07 15:35:35 +0000

    dev-texlive/texlive-*: Drop 2015
    
    Bug: https://bugs.gentoo.org/644388
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-text/texlive-core/Manifest                     |  120 -
 app-text/texlive-core/texlive-core-2015-r1.ebuild  |  344 ---
 dev-texlive/texlive-basic/Manifest                 |   53 -
 .../texlive-basic/texlive-basic-2015.ebuild        |   31 -
 dev-texlive/texlive-bibtexextra/Manifest           |  217 --
 .../texlive-bibtexextra-2015.ebuild                |   31 -
 dev-texlive/texlive-context/Manifest               |   67 -
 .../texlive-context/texlive-context-2015.ebuild    |   61 -
 dev-texlive/texlive-fontsextra/Manifest            |  512 ----
 .../texlive-fontsextra-2015.ebuild                 |   20 -
 dev-texlive/texlive-fontsrecommended/Manifest      |   63 -
 .../texlive-fontsrecommended-2015.ebuild           |   23 -
 dev-texlive/texlive-fontutils/Manifest             |   32 -
 .../texlive-fontutils-2015.ebuild                  |   39 -
 dev-texlive/texlive-formatsextra/Manifest          |   19 -
 .../texlive-formatsextra-2015.ebuild               |   21 -
 dev-texlive/texlive-games/Manifest                 |   74 -
 .../texlive-games/texlive-games-2015.ebuild        |   23 -
 dev-texlive/texlive-genericextra/Manifest          |   98 -
 .../texlive-genericextra-2015.ebuild               |   19 -
 dev-texlive/texlive-genericrecommended/Manifest    |   20 -
 .../texlive-genericrecommended-2015.ebuild         |   22 -
 dev-texlive/texlive-humanities/Manifest            |  119 -
 .../texlive-humanities-2015.ebuild                 |   20 -
 dev-texlive/texlive-langafrican/Manifest           |    9 -
 .../texlive-langafrican-2015.ebuild                |   19 -
 dev-texlive/texlive-langarabic/Manifest            |   30 -
 .../texlive-langarabic-2015.ebuild                 |   24 -
 dev-texlive/texlive-langchinese/Manifest           |   38 -
 .../texlive-langchinese-2015.ebuild                |   25 -
 dev-texlive/texlive-langcjk/Manifest               |   20 -
 .../texlive-langcjk/texlive-langcjk-2015.ebuild    |   26 -
 dev-texlive/texlive-langcyrillic/Manifest          |   85 -
 .../texlive-langcyrillic-2015.ebuild               |   33 -
 dev-texlive/texlive-langitalian/Manifest           |   38 -
 .../texlive-langitalian-2015.ebuild                |   20 -
 dev-texlive/texlive-langjapanese/Manifest          |   57 -
 .../texlive-langjapanese-2015.ebuild               |   28 -
 dev-texlive/texlive-langkorean/Manifest            |   17 -
 .../texlive-langkorean-2015.ebuild                 |   21 -
 dev-texlive/texlive-langother/Manifest             |   52 -
 .../texlive-langother-2015.ebuild                  |   27 -
 dev-texlive/texlive-langpolish/Manifest            |   36 -
 .../texlive-langpolish-2015.ebuild                 |   21 -
 dev-texlive/texlive-langportuguese/Manifest        |   20 -
 .../texlive-langportuguese-2015.ebuild             |   20 -
 dev-texlive/texlive-langspanish/Manifest           |   27 -
 .../texlive-langspanish-2015.ebuild                |   20 -
 dev-texlive/texlive-latex/Manifest                 |   72 -
 .../texlive-latex/texlive-latex-2015.ebuild        |   29 -
 dev-texlive/texlive-latexextra/Manifest            | 2696 --------------------
 .../texlive-latexextra-2015-r1.ebuild              |   44 -
 dev-texlive/texlive-latexrecommended/Manifest      |  134 -
 .../texlive-latexrecommended-2015-r1.ebuild        |   32 -
 dev-texlive/texlive-luatex/Manifest                |   80 -
 .../texlive-luatex/texlive-luatex-2015.ebuild      |   29 -
 dev-texlive/texlive-metapost/Manifest              |   84 -
 .../texlive-metapost/texlive-metapost-2015.ebuild  |   31 -
 dev-texlive/texlive-music/Manifest                 |   50 -
 .../texlive-music/texlive-music-2015.ebuild        |   32 -
 dev-texlive/texlive-omega/Manifest                 |   16 -
 .../texlive-omega/texlive-omega-2015.ebuild        |   24 -
 dev-texlive/texlive-pictures/Manifest              |  304 ---
 .../texlive-pictures-2015-r2.ebuild                |   68 -
 dev-texlive/texlive-plainextra/Manifest            |   46 -
 .../texlive-plainextra-2015.ebuild                 |   21 -
 dev-texlive/texlive-pstricks/Manifest              |  226 --
 .../texlive-pstricks/texlive-pstricks-2015.ebuild  |   27 -
 dev-texlive/texlive-publishers/Manifest            |  362 ---
 .../texlive-publishers-2015.ebuild                 |   20 -
 dev-texlive/texlive-xetex/Manifest                 |   81 -
 .../texlive-xetex/texlive-xetex-2015.ebuild        |   41 -
 72 files changed, 7310 deletions(-)}
Comment 9 Andreas Sturmlechner gentoo-dev 2018-04-07 15:41:43 UTC
Cleanup done, security, please proceed. KDE is done here.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2018-04-08 14:27:10 UTC
This issue was resolved and addressed in
 GLSA 201804-03 at https://security.gentoo.org/glsa/201804-03
by GLSA coordinator Aaron Bauman (b-man).