Security update for poppler

SUSE Security Update: Security update for poppler
Announcement ID: SUSE-SU-2013:0595-1
Rating: moderate
References: #745620 #806793
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4
  • SUSE Linux Enterprise Desktop 10 SP4
  • SLE SDK 10 SP4
    		•

    An update that fixes three vulnerabilities is now available.

    Description:


    This update of poppler fixes the following vulnerabilities:

    * CVE-2013-1788: Various invalid memory issues could be
    used by attackers supplying PDFs to crash the PDF viewer or
    potentially execute code.
    * CVE-2013-1789: A crash in poppler could be used by
    attackers providing PDFs to crash the PDF viewer.
    * CVE-2013-1790: An uninitialized memory read could be
    used by attackers providing PDFs to crash the PDF viewer.

    This also fixes that transparent background in images are
    rendered black with evince. (bnc#745620).

    Security Issue references:

    * CVE-2013-1788
    >
    * CVE-2013-1789
    >
    * CVE-2013-1790
    >

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
    • poppler-0.4.4-19.29.1
    • poppler-glib-0.4.4-19.29.1
    • poppler-qt-0.4.4-19.29.1
    • SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
    • poppler-0.4.4-19.29.1
    • poppler-devel-0.4.4-19.29.1
    • poppler-glib-0.4.4-19.29.1
    • poppler-qt-0.4.4-19.29.1
    • SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
    • poppler-devel-0.4.4-19.29.1

    References:

    • http://support.novell.com/security/cve/CVE-2013-1788.html
    • http://support.novell.com/security/cve/CVE-2013-1789.html
    • http://support.novell.com/security/cve/CVE-2013-1790.html
    • https://bugzilla.novell.com/745620
    • https://bugzilla.novell.com/806793
    • http://download.suse.com/patch/finder/?keywords=c6f02331d1ee67b8fc7c6997d72f8cf0