Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 459866 (CVE-2013-1788) - <app-text/poppler-0.22.2-r2: multiple vulnerabilities (CVE-2013-{1788,1789,1790})
Summary: <app-text/poppler-0.22.2-r2: multiple vulnerabilities (CVE-2013-{1788,1789,17...
Status: RESOLVED FIXED
Alias: CVE-2013-1788
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A3 [glsa]
Keywords:
Depends on: poppler-0.22 449538
Blocks:
  Show dependency tree
 
Reported: 2013-03-01 12:34 UTC by Agostino Sarubbo
Modified: 2013-10-06 16:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-01 12:34:48 UTC
From ${URL} :

poppler 0.22.1 was released without much ado, it however contains various security fixes.

The security fixes apparently come from AdressSanitizer work and fuzzing provided
by the Google Security Team.

The page:
http://j00ru.vexillium.org/?p=1507

explains most of it, and while it focuses on Adobe Acrobat Reader, they also covered
poppler testing inside.

So far I see:
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492
	Fix invalid memory access in 1150.pdf.asan.8.69

http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888
	Fix invalid memory access in 2030.pdf.asan.69.463

http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa
	Fix another invalid memory access in 1091.pdf.asan.72.42

http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696
	Fix invalid memory accesses in 1091.pdf.asan.72.42

http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959
	Fix invalid memory accesses in 1036.pdf.asan.23.17

http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2
	Fix crash in broken file 1031.pdf.asan.48.15

http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec
	Do not crash in broken documents like 1007.pdf.asan.48.4

http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91
	Initialize refLine totally
	Fixes uninitialized memory read in 1004.pdf.asan.7.3
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2013-03-10 12:54:06 UTC
All consumers fixed to build, poppler-0.22 unmasked. Let's give this a while in testing and then stabilize.
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2013-03-17 10:54:48 UTC
Arches please stabilize app-text/poppler-0.22.2-r1

Target:
"alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2013-03-17 13:40:51 UTC
(In reply to comment #2)
> Arches please stabilize app-text/poppler-0.22.2-r1
> 
> Target:
> "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

=dev-tex/luatex-0.70.1-r2 should be stabilized at same time.
Comment 4 Agostino Sarubbo gentoo-dev 2013-03-17 13:48:06 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-03-17 13:48:48 UTC
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-03-17 15:58:54 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-03-17 16:03:15 UTC
sparc stable
Comment 8 Andreas K. Hüttel archtester gentoo-dev 2013-03-18 08:16:04 UTC
Arches please wait. This needs reavertm's agreement first.
Comment 9 Julian Ospald 2013-03-20 18:57:49 UTC
this broke stable app-text/evince-2.32.0-r4
Comment 10 Andreas K. Hüttel archtester gentoo-dev 2013-03-20 23:19:42 UTC
(In reply to comment #9)
> this broke stable app-text/evince-2.32.0-r4

Sorry about that, glib backend was b0rken. This should be fixed in -r2 now.

Arches please fast-stabilize app-text/poppler-0.22.2-r2

Target:
"alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 11 Jeroen Roovers (RETIRED) gentoo-dev 2013-03-21 16:01:08 UTC
Stable for HPPA.
Comment 12 Andreas K. Hüttel archtester gentoo-dev 2013-03-22 13:23:04 UTC
(In reply to comment #11)
> Stable for HPPA.

Sorry for the confusion- jer, please stable -0.22.2-r2 too (so I can remove -r1 when all arches are done).
Comment 13 Agostino Sarubbo gentoo-dev 2013-03-22 16:19:11 UTC
amd64 stable
Comment 14 Agostino Sarubbo gentoo-dev 2013-03-22 16:21:53 UTC
x86 stable
Comment 15 Agostino Sarubbo gentoo-dev 2013-03-22 17:29:09 UTC
ppc stable
Comment 16 Jeroen Roovers (RETIRED) gentoo-dev 2013-03-22 17:42:27 UTC
Stable for HPPA.
Comment 17 Agostino Sarubbo gentoo-dev 2013-03-23 09:58:13 UTC
ppc64 stable
Comment 18 Agostino Sarubbo gentoo-dev 2013-03-23 12:55:03 UTC
arm stable
Comment 19 Agostino Sarubbo gentoo-dev 2013-03-23 13:36:45 UTC
alpha stable
Comment 20 Agostino Sarubbo gentoo-dev 2013-03-31 11:17:53 UTC
sh stable
Comment 21 Agostino Sarubbo gentoo-dev 2013-04-01 19:46:19 UTC
ia64 stable
Comment 22 Agostino Sarubbo gentoo-dev 2013-04-02 10:57:18 UTC
sparc stable
Comment 23 Agostino Sarubbo gentoo-dev 2013-04-02 13:21:07 UTC
s390 stable
Comment 24 GLSAMaker/CVETool Bot gentoo-dev 2013-04-11 17:00:04 UTC
CVE-2013-1790 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1790):
  poppler/Stream.cc in poppler before 0.22.1 allows context-dependent
  attackers to have an unspecified impact via vectors that trigger a read of
  uninitialized memory by the CCITTFaxStream::lookChar function.

CVE-2013-1789 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1789):
  splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers
  to cause a denial of service (NULL pointer dereference and crash) via
  vectors related to the (1) Splash::arbitraryTransformMask, (2)
  Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.

CVE-2013-1788 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1788):
  poppler before 0.22.1 allows context-dependent attackers to cause a denial
  of service (crash) and possibly execute arbitrary code via vectors that
  trigger an "invalid memory access" in (1) splash/Splash.cc, (2)
  poppler/Function.cc, and (3) poppler/Stream.cc.
Comment 25 Andreas K. Hüttel archtester gentoo-dev 2013-04-11 17:17:32 UTC
All affected versions removed from the tree. Thanks everyone.
Comment 26 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-20 13:33:27 UTC
Already on existing GLSA draft.
Comment 27 GLSAMaker/CVETool Bot gentoo-dev 2013-10-06 16:08:44 UTC
This issue was resolved and addressed in
 GLSA 201310-03 at http://security.gentoo.org/glsa/glsa-201310-03.xml
by GLSA coordinator Sean Amoss (ackle).