==========================================================================
Ubuntu Security Notice USN-4646-1
November 25, 2020

poppler vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in poppler.

Software Description:
– poppler: PDF rendering library

Details:

It was discovered that Poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.11
poppler-utils 0.62.0-2ubuntu2.11

Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.15
poppler-utils 0.41.0-0ubuntu1.15

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4646-1
CVE-2018-21009, CVE-2019-10871, CVE-2019-13283, CVE-2019-9959,
CVE-2020-27778

Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.11
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.15

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl++qRMACgkQZWnYVadE
vpNE/w//UQIbcjKPUxdJRFsfP3HNwYaQCJBxDhLvyoLeGZNAJNh5gluOogOYXETQ
j9ATn/4+aIIZ6p1H7PGlzh09nMSlhNmSlV7oyPad4z7/M5Bj77R1HP417wzwLBEd
X5EMIDzy5NRzzgflSf0ccfScawl31/6Kft8kfCa9DGEHk/o05B4CdYfSqZr2c8do
/K4TPsIdGIst12xC+ujrOcHZhoL/O4YGkqyurHAeF1osWvTm5Nohd8kB2AQph/+Y
1qhM1vRAz+5ZH/5YeBRJRiw4jhBCLfDnU7xXzB2cyzOvuA+ON49/SIglwb0NTkzd
mn1jH3d8hq3CZr6Bh9OYyqhHIsOutgG2NS1Bj0SqyeETvHomUjU8GqwBIdt0z5aO
YtoplTNCqNX6oO8Arzm3pAoDC6Bb+BGA7nyY/evKY1kw9TNvczOWZmh5jedGXExw
kQ4W1ZBwaNZudC76rnWJYJZXRy5QkIgmm/a9PlfhNLmiGfzMQ5kdsiWrbVH2RuLn
kgluWcOACYgRfTtftdvgeFKOGv0zrX9BC6ExxI+eC1m1l0U5+s+0e4yb0mJlKSDt
lnk24JV55XyLyvLU2DTVryygz9qdm9mu0t7h8oN9ChjtEi8eiLftwmE928m/HZAp
4nKcprBEzbIQ83dyHeK0Eh6ZgZ9HK/OdVmsc5r7pHtlVkxhfE7M=
=mhI9
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4646-2
November 26, 2020

poppler regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

USN-4646-1 introduced a regression in poppler.

Software Description:
– poppler: PDF rendering library

Details:

USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871
introduced a regression causing certain applications linked against poppler
to fail. This update backs out the fix pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.12
poppler-utils 0.62.0-2ubuntu2.12

Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.16
poppler-utils 0.41.0-0ubuntu1.16

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4646-2
https://usn.ubuntu.com/4646-1
https://launchpad.net/bugs/1905741

Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.12
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.16

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/ABN0ACgkQZWnYVadE
vpM+Vw//bpNM0iu/fR/E2vtOPYhQO6tjFOwuZ+aBPrngr+UmGn9qC1MB5ESpjYZ8
5Jzwv5/XSW3zYg6ROOClpgp8XRh42PB8qnqoBhJDKRcg65jjQbITJjD4fmtyxjzh
b7X7OsTpsHtiQhLVsFNWxlbzVyZaZ2Cwd4/PkP3oVeLJSMXQVwI04fMx/EIoqe+Q
GOly1+yQPImiDo9aopTTKcEICvxtS+iDXeNi58Z1VJskcvvQ8/Qol8tEfdVOUapI
KAD+cpN0j74L2vj8PphQtHVLiJTfRET0BuV2nUizDaIiH4G3b07RHk4ik9jl6JIB
hxH1Xh0F7XNRc21rOoLmtN2dQ6XyEzGXcq850iqrjWUesyNH8Dpmfv0Vod4wfY7B
tX0Srwh2zeVBdF5pmbWSGTLeMrJpL4pK/ABiT96ee/tlCM15MYKbEGgAYHiBcL7y
XXgnn10fQ2Br4bBqlNfWVrft4wfwAHSdZUQQXHIN6aPU6Ddygz3AkI+NFAbR8APP
gnVSLX2DG5ZxzgNNboNJAWyO6ued77oNh3y/kFkzwrVi6+/WhZ03vEs8l1SVLzVT
NpDzeib+ABRWeS3DRnWCE26XuMfOGIbrPX5hKsa6AKU0d7pQy6lUWKE1iMc97mBJ
PR7qRm6FpqWUN77IVYOvNuiwT7Tmi2+lKHuomR3RGekkQYbuGKA=
=r6VB
—–END PGP SIGNATURE—–
—