[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: PatchesforSUSELinuxEnterprise
Notification of New SUSE Fixlet Messages
suse-announcements at bigmail.bigfix.com
Tue Jan 5 03:10:11 PST 2010
Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 289 Published: Mon, 04 Jan 2010 21:28:03 GMT
New Fixlets:
============
***************************************************************
Title: PATCH-B9123001 - Security update for poppler - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 912300101
Fixlet Link: http://download.novell.com/Download?buildid=TzpeYFSMDqw~
Fixlet Description: This update of poppler fixes two security issues: CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream function in XRef. cc in Xpdf 3. x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. CVE-2009-4035: A indexing error in FoFiType1::parse() was fixed that could be used by attackers to corrupt memory and potentially execute code. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9123001 - Security update for poppler - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 912300103
Fixlet Link: http://download.novell.com/Download?buildid=I_M_CXdJASs~
Fixlet Description: This update of poppler fixes two security issues: CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream function in XRef. cc in Xpdf 3. x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. CVE-2009-4035: A indexing error in FoFiType1::parse() was fixed that could be used by attackers to corrupt memory and potentially execute code. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9123002 - Security update for poppler - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 912300201
Fixlet Link: http://download.novell.com/Download?buildid=IM5kzvSpBTI~
Fixlet Description: This update of poppler fixes two security issues: CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream function in XRef. cc in Xpdf 3. x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. CVE-2009-4035: A indexing error in FoFiType1::parse() was fixed that could be used by attackers to corrupt memory and potentially execute code. Everyone should update. Please see patch page for more detailed information.
More information about the SUSE-Announcements
mailing list