Gentoo Security Advisory GLSA 200804-18 (poppler) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200804-18.

Solution

All Poppler users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/poppler-0.6.3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-18 http://bugs.gentoo.org/show_bug.cgi?id=216850

Insight

Poppler does not handle fonts inside PDF files safely, allowing for execution of arbitrary code.

Severity

Classification

CVE CVE-2008-1693

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200402-04 (Gallery)
Gentoo Security Advisory GLSA 200407-13 (PHP)
Gentoo Security Advisory GLSA 200408-02 (Courier)
Gentoo Security Advisory GLSA 200412-15 (Ethereal)
Gentoo Security Advisory GLSA 200408-05 (Opera)

Take action and discover your vulnerabilities