ID CVE-2010-3704
Summary The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:poppler:poppler:0.8.7
    cpe:2.3:a:poppler:poppler:0.8.7
  • cpe:2.3:a:poppler:poppler:0.9.0
    cpe:2.3:a:poppler:poppler:0.9.0
  • cpe:2.3:a:poppler:poppler:0.9.1
    cpe:2.3:a:poppler:poppler:0.9.1
  • cpe:2.3:a:poppler:poppler:0.9.2
    cpe:2.3:a:poppler:poppler:0.9.2
  • cpe:2.3:a:poppler:poppler:0.9.3
    cpe:2.3:a:poppler:poppler:0.9.3
  • cpe:2.3:a:poppler:poppler:0.10.0
    cpe:2.3:a:poppler:poppler:0.10.0
  • cpe:2.3:a:poppler:poppler:0.10.1
    cpe:2.3:a:poppler:poppler:0.10.1
  • cpe:2.3:a:poppler:poppler:0.10.2
    cpe:2.3:a:poppler:poppler:0.10.2
  • cpe:2.3:a:poppler:poppler:0.10.3
    cpe:2.3:a:poppler:poppler:0.10.3
  • cpe:2.3:a:poppler:poppler:0.10.4
    cpe:2.3:a:poppler:poppler:0.10.4
  • cpe:2.3:a:poppler:poppler:0.10.5
    cpe:2.3:a:poppler:poppler:0.10.5
  • cpe:2.3:a:poppler:poppler:0.10.6
    cpe:2.3:a:poppler:poppler:0.10.6
  • cpe:2.3:a:poppler:poppler:0.10.7
    cpe:2.3:a:poppler:poppler:0.10.7
  • cpe:2.3:a:poppler:poppler:0.11.0
    cpe:2.3:a:poppler:poppler:0.11.0
  • cpe:2.3:a:poppler:poppler:0.11.1
    cpe:2.3:a:poppler:poppler:0.11.1
  • cpe:2.3:a:poppler:poppler:0.11.2
    cpe:2.3:a:poppler:poppler:0.11.2
  • cpe:2.3:a:poppler:poppler:0.11.3
    cpe:2.3:a:poppler:poppler:0.11.3
  • cpe:2.3:a:poppler:poppler:0.12.0
    cpe:2.3:a:poppler:poppler:0.12.0
  • cpe:2.3:a:poppler:poppler:0.12.1
    cpe:2.3:a:poppler:poppler:0.12.1
  • cpe:2.3:a:poppler:poppler:0.12.2
    cpe:2.3:a:poppler:poppler:0.12.2
  • cpe:2.3:a:poppler:poppler:0.12.3
    cpe:2.3:a:poppler:poppler:0.12.3
  • cpe:2.3:a:poppler:poppler:0.12.4
    cpe:2.3:a:poppler:poppler:0.12.4
  • cpe:2.3:a:poppler:poppler:0.13.0
    cpe:2.3:a:poppler:poppler:0.13.0
  • cpe:2.3:a:poppler:poppler:0.13.1
    cpe:2.3:a:poppler:poppler:0.13.1
  • cpe:2.3:a:poppler:poppler:0.13.2
    cpe:2.3:a:poppler:poppler:0.13.2
  • cpe:2.3:a:poppler:poppler:0.13.3
    cpe:2.3:a:poppler:poppler:0.13.3
  • cpe:2.3:a:poppler:poppler:0.13.4
    cpe:2.3:a:poppler:poppler:0.13.4
  • cpe:2.3:a:poppler:poppler:0.14.0
    cpe:2.3:a:poppler:poppler:0.14.0
  • cpe:2.3:a:poppler:poppler:0.14.1
    cpe:2.3:a:poppler:poppler:0.14.1
  • cpe:2.3:a:poppler:poppler:0.14.2
    cpe:2.3:a:poppler:poppler:0.14.2
  • cpe:2.3:a:poppler:poppler:0.14.3
    cpe:2.3:a:poppler:poppler:0.14.3
  • cpe:2.3:a:poppler:poppler:0.14.4
    cpe:2.3:a:poppler:poppler:0.14.4
  • cpe:2.3:a:poppler:poppler:0.14.5
    cpe:2.3:a:poppler:poppler:0.14.5
  • cpe:2.3:a:poppler:poppler:0.15.0
    cpe:2.3:a:poppler:poppler:0.15.0
  • cpe:2.3:a:poppler:poppler:0.15.1
    cpe:2.3:a:poppler:poppler:0.15.1
  • cpe:2.3:a:foolabs:xpdf:0.5a
    cpe:2.3:a:foolabs:xpdf:0.5a
  • cpe:2.3:a:foolabs:xpdf:0.7a
    cpe:2.3:a:foolabs:xpdf:0.7a
  • cpe:2.3:a:foolabs:xpdf:0.91a
    cpe:2.3:a:foolabs:xpdf:0.91a
  • cpe:2.3:a:foolabs:xpdf:0.91b
    cpe:2.3:a:foolabs:xpdf:0.91b
  • cpe:2.3:a:foolabs:xpdf:0.91c
    cpe:2.3:a:foolabs:xpdf:0.91c
  • cpe:2.3:a:foolabs:xpdf:0.92a
    cpe:2.3:a:foolabs:xpdf:0.92a
  • cpe:2.3:a:foolabs:xpdf:0.92b
    cpe:2.3:a:foolabs:xpdf:0.92b
  • cpe:2.3:a:foolabs:xpdf:0.92c
    cpe:2.3:a:foolabs:xpdf:0.92c
  • cpe:2.3:a:foolabs:xpdf:0.92d
    cpe:2.3:a:foolabs:xpdf:0.92d
  • cpe:2.3:a:foolabs:xpdf:0.92e
    cpe:2.3:a:foolabs:xpdf:0.92e
  • cpe:2.3:a:foolabs:xpdf:0.93a
    cpe:2.3:a:foolabs:xpdf:0.93a
  • cpe:2.3:a:foolabs:xpdf:0.93b
    cpe:2.3:a:foolabs:xpdf:0.93b
  • cpe:2.3:a:foolabs:xpdf:0.93c
    cpe:2.3:a:foolabs:xpdf:0.93c
  • cpe:2.3:a:foolabs:xpdf:1.00a
    cpe:2.3:a:foolabs:xpdf:1.00a
  • foolabs Xpdf 3.0.1
    cpe:2.3:a:foolabs:xpdf:3.0.1
  • cpe:2.3:a:foolabs:xpdf:3.02pl1
    cpe:2.3:a:foolabs:xpdf:3.02pl1
  • cpe:2.3:a:foolabs:xpdf:3.02pl2
    cpe:2.3:a:foolabs:xpdf:3.02pl2
  • cpe:2.3:a:foolabs:xpdf:3.02pl3
    cpe:2.3:a:foolabs:xpdf:3.02pl3
  • Glyph & Cog XpdfReader 0.2
    cpe:2.3:a:glyphandcog:xpdfreader:0.2
  • Glyph & Cog XpdfReader 0.3
    cpe:2.3:a:glyphandcog:xpdfreader:0.3
  • Glyph & Cog XpdfReader 0.4
    cpe:2.3:a:glyphandcog:xpdfreader:0.4
  • Glyph & Cog XpdfReader 0.5
    cpe:2.3:a:glyphandcog:xpdfreader:0.5
  • Glyph & Cog XpdfReader 0.6
    cpe:2.3:a:glyphandcog:xpdfreader:0.6
  • Glyph & Cog XpdfReader 0.7
    cpe:2.3:a:glyphandcog:xpdfreader:0.7
  • Glyph & Cog XpdfReader 0.80
    cpe:2.3:a:glyphandcog:xpdfreader:0.80
  • Glyph & Cog XpdfReader 0.90
    cpe:2.3:a:glyphandcog:xpdfreader:0.90
  • Glyph & Cog XpdfReader 0.91
    cpe:2.3:a:glyphandcog:xpdfreader:0.91
  • Glyph & Cog XpdfReader 0.92
    cpe:2.3:a:glyphandcog:xpdfreader:0.92
  • Glyph & Cog XpdfReader 0.93
    cpe:2.3:a:glyphandcog:xpdfreader:0.93
  • Glyph & Cog XpdfReader 1.00
    cpe:2.3:a:glyphandcog:xpdfreader:1.00
  • Glyph & Cog XpdfReader 1.01
    cpe:2.3:a:glyphandcog:xpdfreader:1.01
  • Glyph & Cog XpdfReader 2.00
    cpe:2.3:a:glyphandcog:xpdfreader:2.00
  • Glyph & Cog XpdfReader 2.01
    cpe:2.3:a:glyphandcog:xpdfreader:2.01
  • Glyph & Cog XpdfReader 2.02
    cpe:2.3:a:glyphandcog:xpdfreader:2.02
  • Glyph & Cog XpdfReader 2.03
    cpe:2.3:a:glyphandcog:xpdfreader:2.03
  • Glyph & Cog XpdfReader 3.00
    cpe:2.3:a:glyphandcog:xpdfreader:3.00
  • Glyph & Cog XpdfReader 3.01
    cpe:2.3:a:glyphandcog:xpdfreader:3.01
  • Glyph & Cog XpdfReader 3.02
    cpe:2.3:a:glyphandcog:xpdfreader:3.02
  • cpe:2.3:a:kde:kdegraphics
    cpe:2.3:a:kde:kdegraphics
CVSS
Base: 6.8 (as of 08-11-2010 - 13:55)
Impact:
Exploitability:
CWE CWE-20
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
  • Object Relational Mapping Injection
    An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject his or her own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.
  • SQL Injection through SOAP Parameter Tampering
    An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • LDAP Injection
    An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Variable Manipulation
    An attacker manipulates variables used by an application to perform a variety of possible attacks. This can either be performed through the manipulation of function call parameters or by manipulating external variables, such as environment variables, that are used by an application. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Flash Injection
    An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.
  • Cross-Site Scripting Using Alternate Syntax
    The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • Cross-Site Scripting via Encoded URI Schemes
    An attack of this type exploits the ability of most browsers to interpret "data", "javascript" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.
  • XML Injection
    An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
  • Environment Variable Manipulation
    An attacker manipulates environment variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Global variable manipulation
    An attacker manipulates global variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Leverage Alternate Encoding
    This attack leverages the possibility to encode potentially harmful input and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult.
  • Fuzzing
    Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.
  • Using Leading 'Ghost' Character Sequences to Bypass Input Filters
    An attacker intentionally introduces leading characters that enable getting the input past the filters. The API that is being targeted, ignores the leading "ghost" characters, and therefore processes the attackers' input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API. Some APIs will strip certain leading characters from a string of parameters. Perhaps these characters are considered redundant, and for this reason they are removed. Another possibility is the parser logic at the beginning of analysis is specialized in some way that causes some characters to be removed. The attacker can specify multiple types of alternative encodings at the beginning of a string as a set of probes. One commonly used possibility involves adding ghost characters--extra characters that don't affect the validity of the request at the API layer. If the attacker has access to the API libraries being targeted, certain attack ideas can be tested directly in advance. Once alternative ghost encodings emerge through testing, the attacker can move from lab-based API testing to testing real-world service implementations.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form of this attack involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the attacker to impersonate the remote user/session. The third form is when the cookie's content is modified by the attacker before it is sent back to the server. Here the attacker seeks to convince the target server to operate on this falsified information.
  • Embedding Scripts in HTTP Query Strings
    A variant of cross-site scripting called "reflected" cross-site scripting, the HTTP Query Strings attack consists of passing a malicious script inside an otherwise valid HTTP request query string. This is of significant concern for sites that rely on dynamic, user-generated content such as bulletin boards, news sites, blogs, and web enabled administration GUIs. The malicious script may steal session data, browse history, probe files, or otherwise execute attacks on the client side. Once the attacker has prepared the malicious HTTP query it is sent to a victim user (perhaps by email, IM, or posted on an online forum), who clicks on a normal looking link that contains a poison query string. This technique can be made more effective through the use of services like http://tinyurl.com/, which makes very small URLs that will redirect to very large, complex ones. The victim will not know what he is really clicking on.
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Exploiting Multiple Input Interpretation Layers
    An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • Embedding NULL Bytes
    An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).
  • Postfix, Null Terminate, and Backslash
    If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an attacker to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.
  • Simple Script Injection
    An attacker embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • SQL Injection
    This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers' choice. SQL Injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. In order to successfully inject SQL and retrieve information from a database, an attacker:
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
  • Blind SQL Injection
    Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the attacker constructs input strings that probe the target through simple Boolean SQL expressions. The attacker can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the attacker determines how and where the target is vulnerable to SQL Injection. For example, an attacker may try entering something like "username' AND 1=1; --" in an input field. If the result is the same as when the attacker entered "username" in the field, then the attacker knows that the application is vulnerable to SQL Injection. The attacker can then ask yes/no questions from the database server to extract information from it. For example, the attacker can extract table names from a database using the following types of queries: If the above query executes properly, then the attacker knows that the first character in a table name in the database is a letter between m and z. If it doesn't, then the attacker knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the attacker can determine all table names in the database. Subsequently, the attacker may execute an actual attack and send something like:
  • Using Unicode Encoding to Bypass Validation Logic
    An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.
  • URL Encoding
    This attack targets the encoding of the URL. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc. The attacker could also subvert the meaning of the URL string request by encoding the data being sent to the server through a GET request. For instance an attacker may subvert the meaning of parameters used in a SQL request and sent through the URL string (See Example section).
  • User-Controlled Filename
    An attack of this type involves an attacker inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.
  • Using Escaped Slashes in Alternate Encoding
    This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Using UTF-8 Encoding to Bypass Validation Logic
    This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the "shortest possible" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.
  • Web Logs Tampering
    Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
  • XPath Injection
    An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that he normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database. In order to successfully inject XML and retrieve information from a database, an attacker:
  • AJAX Fingerprinting
    This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a "hole in one" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.
  • Embedding Script (XSS) in HTTP Headers
    An attack of this type exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.
  • OS Command Injection
    In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
  • XSS in IMG Tags
    Image tags are an often overlooked, but convenient, means for a Cross Site Scripting attack. The attacker can inject script contents into an image (IMG) tag in order to steal information from a victim's browser and execute malicious scripts.
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0752.NASL
    description From Red Hat Security Advisory 2010:0752 : An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 68113
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68113
    title Oracle Linux 4 : gpdf (ELSA-2010-0752)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0751.NASL
    description From Red Hat Security Advisory 2010:0751 : An updated xpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 68112
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68112
    title Oracle Linux 4 : xpdf (ELSA-2010-0751)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-15857.NASL
    description - Bug #595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference - Bug #638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() - Bug #639356 - CVE-2010-3703 poppler: use of initialized pointer in PostScriptFunction Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50005
    published 2010-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50005
    title Fedora 14 : poppler-0.14.4-1.fc14 (2010-15857)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201402-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-201402-17 (Xpdf: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72549
    published 2014-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72549
    title GLSA-201402-17 : Xpdf: User-assisted execution of arbitrary code
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101007_KDEGRAPHICS_ON_SL4_X.NASL
    description An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60865
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60865
    title Scientific Linux Security Update : kdegraphics on SL4.x, SL5.x i386/x86_64
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0147.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Resolves: rhbz#1479815 (CVE-2017-9776) - Don't crash on streams without Length - Resolves: #1302365 - Use better default pixel size for printing of 0 width lines - Resolves: #1316163 - Identification of fonts directly from streams and files - Resolves: #1208719 - Embed type1 fonts to PostScript files correctly - Resolves: #1232210 - Fix lines disappearing when selecting paragraph - Resolves: #614824 - Silence illegal entry in bfrange block in ToUnicode CMap - Resolves: #710816 - Fix captions of push button fields. - Resolves: #1191907 - Add poppler-0.12.4-CVE-2010-3702.patch (Properly initialize parser) - Add poppler-0.12.4-CVE-2010-3703.patch (Properly initialize stack) - Add poppler-0.12.4-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) - Resolves: #639860
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 102905
    published 2017-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102905
    title OracleVM 3.3 / 3.4 : poppler (OVMSA-2017-0147)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KDEGRAPHICS3-7235.NASL
    description Various pointer dereferencing vulnerabilities in kdegraphics3's KSVG have been fixed. CVE-2009-1709 / CVE-2009-0945 have been assigned to this issue. Also specially crafted PDF files could crash kpdf or potentially even cause execution of arbitrary code. (CVE-2010-3702 / CVE-2010-3703 / CVE-2010-3704)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51113
    published 2010-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51113
    title SuSE 10 Security Update : kdegraphics (ZYPP Patch Number 7235)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1201.NASL
    description Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code : Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61651
    published 2012-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61651
    title CentOS 5 : tetex (CESA-2012:1201)
  • NASL family Windows
    NASL id OPENOFFICE_33.NASL
    description The version of Oracle OpenOffice.org installed on the remote host is prior to 3.3. It is, therefore, affected by several issues : - Issues exist relating to PowerPoint document processing that may lead to arbitrary code execution. (CVE-2010-2935, CVE-2010-2936) - A directory traversal vulnerability exists in zip / jar package extraction. (CVE-2010-3450) - Issues exist relating to RTF document processing that may lead to arbitrary code execution. (CVE-2010-3451, CVE-2010-3452) - Issues exist relating to Word document processing that may lead to arbitrary code execution. (CVE-2010-3453, CVE-2010-3454) - Issues exist in the third-party XPDF library relating to PDF document processing that may allow arbitrary code execution. (CVE-2010-3702, CVE-2010-3704) - OpenOffice.org includes a version of LIBXML2 that is affected by multiple vulnerabilities. (CVE-2010-4008, CVE-2010-4494) - An issue exists with PNG file processing that may allow arbitrary code execution. (CVE-2010-4253) - An issue exists with TGA file processing that may allow arbitrary code execution. (CVE-2010-4643)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 51773
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51773
    title Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBREOFFICE331-7365.NASL
    description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier 'Print' dialog - new easier 'Thesaurus' dialog - more options to modify letters case - added LibreOffice colors to the palette - import of alpha channel for RGBA TIFF (fdo#30472) Calc - sort dialog for DataPilot - increased document protection - insert drawing objects in charts - hierarchical axis labels for charts - automatic decimals digits for 'General' format - new tab page 'Compatibility' in the Options dialog - better performance and interoperability on Excel import - display custom names for DataPilot fields, items, and totals Writer - RTF export (GSoc) - new 'Title Page' dialog - 2-level document protection - better form controls handling - count the number of characters with and without spaces Impress/Draw - PPTX chart import feature - easier slide layout handling - presenter screen uses the laptop output by default - allow to add drawing documents to gallery via API (i#80184) Base - support explicit primary key - support of read-Only database registrations Math - new command 'nospace' Most important changes : - maintenance update (bnc#667421, MaintenanceTracker-38738) - fixed several security bugs: o PowerPoint document processing (CVE-2010-2935 / CVE-2010-2936) o extensions and filter package files (CVE-2010-3450) o RTF document processing (CVE-2010-3451 / CVE-2010-3452) o Word document processing (CVE-2010-3453 / CVE-2010-3454) o insecure LD_LIBRARY_PATH usage (CVE-2010-3689) o PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702 / CVE-2010-3704) o PNG file processing (CVE-2010-4253) o TGA file processing. (CVE-2010-4643) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4. (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation. (bnc#647959) - defuzzed piece-packimages.diff to apply - updated to libreoffice-3.3.1.2 (3.3.1-rc2): o l10n - updated some translations o libs-core - crashing oosplash and malformed picture. (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) o libs-gui - getEnglishSearchFontName() searches Takao fonts o sdk - fix ODK settings.mk to only set STLPORTLIB if needed o writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import. (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1): o artwork - new MIME type icons for LibreOffice o bootstrap - wrong line break with ( (fdo#31271) o build - default formula string (n#664516) - don't version the bundled ct2n extension - last update of translations from Pootle for 3.3.1 o calc - import of cell attributes from Excel documents - incorrect page number in page preview mode (fdo#33155) o components - remove pesky on-line registration menu entry (fdo#33112) - crash on changing position of drawing object in header (rhbz#673819) o extras - start using technical.dic instead of oracle.dic (fdo#31798) o filters - pictures DOCX import. (bnc#655763) - parse 'color' property (fdo#33551) - fix ole object import for writer (DOCX) (fdo#33237) o help - OOo -> LibO on Getting Support page (fdo#33249) o libs-core - handle css::table::BorderLine - add preferred Malayalam fonts (fdo#32953) - fix KDE3 library search order (fdo#32797) - StarDesktop.terminate macro behaviour (#30879) - Sun Microsystems -> TDF in desktop file (fdo#31191) - fixed several crashes around config UNO API (fdo#33994) - implementation names weren't matching with xcu (fdo#32872) - improve the check for existence of the localized help (fdo#33258) o libs-extern - upgrade libwpd to 0.9.1 o libs-gui - painting of axial gradients (116318) - fix wrong collation for Catalan language - crash when moving through database types (fdo#32561) - paint toolbar handle positioned properly (fdo#32558) - remove the menu when Left Alt Key was pressed; for GTK - default currency for Estonia should be Euro (fdo#33160) - year of era in long format for zh_TW by default (fdo#33459) o writer - use standard Edit button width of 50 (fdo#32633) - improve formfield checkbox binary export. (bnc#660816) - infinite loop while exporting some files in DOC/DOCX/RTF - CTL/Other Default Font (i#25247, i#25561, i#48064, i#92341) - libreoffice-build-3.3.0.4 == 3.3.0-rc4 == final - updated to libreoffice-3.3.0.4 (3.3-rc4): o common : - remove pesky on-line registration menu entry (fdo#33112) o artwork : - fix search toolbar up/down search button icons o base : - report builder not shows properties on report fields (fdo#32742) - report left/right page margin setting ignored on 64-bit (i#116187) o build : - updated translations o calc : - reverted problematic and dangerous: # performance of filters with many filtered ranges (i#116164) # obtain correct data range for external references (i#115906) o libs-core : - FMR crasher (fdo#33099) - backgrounds for polypolygons in metafile (i#116371) - unopkg crasher on SLED11-SP1 (bnc#655912) o libs-gui : - use sane scrollbar sizes when drawing - painting of axial gradients (i#116318) - do not mix unrelated X11 Visuals (fdo#33108) - avoid GetHelpText() call which can be quite heavy o writer : - fields fixes: key inputs, 0-length fields import. (bnc#657135) - replaced obsolete SuSEconfig gtk2 module call with %%icon_theme_cache_post(un) macros for openSUSE > 11.3. (bnc#663245) - updated to libreoffice-3.3.0.3 (3.3-rc3): o build : - use libreoffice and lo* wrappers; update man pages accordingly - navigation buttons' patch selection handling (fdo#32380, bnc#649506) o calc : - bogus check for numerical sheet names (fdo#32570) - performance of filters with many filtered ranges (i#116164) - obtain correct data range for external references (i#115906) - avoid double-paste when pasting text into cell comment (fdo#32572) o components : - fix nsplugin for LibreOffice name - fixing large OOXML files (i#115944) - layout breakage for KDE, X11 and (possibly) Mac (fdo#32133) o extensions : - patching xpdf to patchlevel 3.02pl5 o extras : - creating technical.dic based on src/*.dic o filters : - small TGAReader improvement (i#164349) - PageRange handling in writer PDF export (#116085) o impress : - missing font color (rhbz#663857) - use updated anchor for group shapes (i#115898) - presentation objects on master pages (i#115993) o libs-core : - survive missing window (rhbz#666216) - better font selection in Japanese locale. - do not block when launching Firefox (fdo#32427) - show the license information in a separate dialog (fdo#32563) - make unopkg --suppress-license skip license in all cases (fdo#32840) o libs-extern-sys : - better XPATH handling (i#164350) o libs-gui : - use the initial language if not specified (fdo#32523) - clean up search cache singleton in correct order (rhbz#666088) o writer : - undo/redo crash with postits (rhbz#660342) - rearrange title dialog to get translations (fdo#32633) - move to the next record during mail merge (fdo#32790) - updated to libreoffice-3.3.0.2 (3.3-rc2): o common : - copy & paste a text formatted cell (i#115825) - replaced http://www.openoffice.org (fdo#32169) o bootstrap : - check if KDE is >= 4.2 - cleanup unfortunate license duplication o calc : - ignore preceding spaces when parsing numbers - make the string 'New Record' localizable (fdo#32209) - remove trailing spaces too when parsing CSV simple numbers - display correct record information in Data Form dialog (fdo#32196) o components : - make the ODMA check box clickable again (fdo#32132) - fixed the sizes of Tips and Extended tips check boxes - make 'Reset help agent' button clickable again (fdo#32132) o extensions : - fix filled polygons on PDF import o filters : - performance for import of XLSX files with drawing objects (i#115940) o impress : - missing embedded object in ODP export (i#115898) - grey as default color for native tables in Impress - graphics on master page cannot be deleted (i#115993) o libs-core : - save with the proper DOC variant (fdo#32219) - removed dupe para ids introduced by copy&paste - colon needed for LD_LIBRARY_PATH set but empty - wikihelp: use the right Help ID URL (fdo#32338) - MySQL Cast(col1 as CHAR) yields error (i#115436) - import compatibility for enhanced fields names (fdo#32172) o libs-extern-sys : - XPATH handling fix o libs-gui : - PPTX import crasher. (bnc#654065) - copy&paste problem of metafiles (i#115825) - force Qt paint system to native (fdo#30991) - display problem with Vegur font (fdo#31243) - URIs must be exported as 7bit ASCII (i#115788) - regression in WMF text rendering (fdo#32236, i#115825) o postprocess : - only register EvolutionLocal when EVO support is enabled (fdo#32007) o writer : - after 'data to fields' mail merge does not work (fdo#31190) - missing outline feature in new RTF export filter (fdo#32039) - encoding of Greek letters names with accent in French (i#115956) o build bits : - better build identification in the about dialog - updated to libreoffice-3.3.0.1 (3.3-rc1): o ooo integration : - Merge commit 'ooo/OOO330_m17' into libreoffice-3-3 o common : - more RTF import/export fixes - updated branding for rc o artwork : - fixed icons with PNG optimizations - remove remaining ODF MIME type icons o bootstrap : - Add BrOffice artwork / branding support - Do not install HTML versions of LICENSE and README - install credits file o build : - empty toolbar. (bnc#654039) - pack PostgreSQL driver as .oxt instead of .zip o calc : - avoid pasting data from OOo Calc as an OLE object - scaling factor calculation for drawing layer (i#115313) - broken filter option in Datapilot (i#115431) - 'Precision as shown' not working if automatic decimal (i#115512) - disable document modify and broadcasting of changes on range names - don't update visible ranges for invisible panes - changing margins in print preview should mark the document modified - make VLOOKUP work with an external reference once again (fdo#31718) - more strict parsing of external range names - no automatic width adjustment of the dropdown popups (fdo#31710) - re-calculate visible range when switching sheets - skip hidden cells while expanding range selection o components : - overlapping controls - bad alloc and convert to ZipIOException (rh#656191) - divide by zero (rh#657628) o extras : - use consistent autocorrect file names o filters : - fix writerfilter XSL to handle more elements - missing call to importDocumentProperties. (bnc#655194) - rotated text DOCX import (fdo#30474) o impress : - avoid antialiasing for drag rect o libs-core : - Adapted README according to list feedback - register EvolutionLocal when evolution support is enabled (fdo#32007) - crash during toolpanel re-docking - crash in FR version when typing / as first character (i#115774) - only start the quick-starter on restart - don't crash when quickstarter is exited by user (rh#650170) - shutdown quickstarter at end of desktop session (rh#650170) - exit quickstarter if physically deleted (rh#610103) - autocorrect crasher (rh#647392) - start quickstarter on every launch if configured to use it - Switch toolbar icon size to 'auto-detect' o libs-extern : - Use the new stable libwp* releases as default o libs-extern-sys : - fixed urllib.urlopen in the internal python (fdo#31466) o libs-gui : - Allow the dropdown list of a combo box to be scrollable. (fdo#31710) - PDF export regression for simple RTL cases (i#115618) - freeze with ODP import (i#115761) - make toolbar icon size native-widget controlled - use BrOffice in pt_BR locale (fdo#31770) - release the clipboard after flush (i#163153) o l10n : - BrOffice in Brazil => %PRODUCTNAME_BR for win32 installer o sdk : - correct resolveLink function (i#115310) o writer : - crash when opening File/Print dialog fixed (i#115354) - better enhanced fields navigation - allow to localize the 'My AutoText' string (i#66304) - table alignment set to 'From Left' when moving the right. (bnc#636367) - font color selection didn't effect new text. (bnc#652204) - column break DOC import problem (bnc#652364) o build bits : - install branding for the welcome screen. (bnc#653519) - fixed URL, summary, and description for LibreOffice - bumped requires to libreoffice-branding-upstream > 3.2.99.3 - created l10n-prebuilt subpackage for prebuilt registry files. (bnc#651964) - disabled KDE3 stuff on openSUSE >= 11.2. (bnc#605472, bnc#621472) - added gcc-c++ and libxml2-devel into BuildRequires; were required by kdelibs3-devel before - updated to libreoffice-3.2.99.3 (3.3-beta3): o ooo integration : - Merge commit 'ooo/OOO330_m13' o common : - impress ruler behaviour - add Title Page dialog (i#7065) - save 1MB on wizards per language - images optimized for smaller size - do not insert a new cell beyond the end - handle multiple selection for printing (i#115266) - remove VBAForm property and associated geometry hack (fdo#30856) o base : - key columns in all tables (i#114026) - reports executed for data display (i#114627) o calc : - non-functional select - defined names in Calc functions (i#79854) - use Ctrl-Shift-D to launch selection list - regression for range array input, e.g. {=A1:A5} - crash on importing docs with database functions - crash on importing named ranges on higher sheets - remove the 'insert new sheet' tab in read-only mode - incorrect display of references from the formula input wizard - new tab page 'Compatibility' in the Options dialog (fdo#30559) o components : - default to evolution - crash in scanner dialog (rh#648475) o extras : - added LibreOffice and Tango palettes o filters : - crash on unsupported .tiffs (i#93300) - vertical text alignment and placeholder style (bnc#645116) o impress : - broken zoom behaviour - crash in OGL transitions - support for PPT newsflash slide transition o libs-core : - register EVO address book - more quickstarter fixes (i#108846) - missing media-type for ODF thumbnails - add credits hyperlink into about dialog - freeze when adding an extension (i#114933) - -quickstart option, and help fix (i#108846) - GNOME filepicker filter selection (i#112411) - use 'Enter Password' in all dialogs (fdo#31075) - add display properties to control shapes (i#112597) - disable user migration when SAL_DISABLE_USERMIGRATION is set o libs-gui : - disable KDE's crash handler - refresh of OLE object previews - adding font aliases (i#114706) - comparison of key events for IM - show Java error just once by default - underlining problem with Graphite fonts (i#114765) - saving tempfiles when locking is not supported. - better selection of localized font names (i#114703) - MetricFields SetUnit conversions (fdo#30899, bnc#610921) - make Presenter Screen default to the projector (i#112421) - Qt event loop integration (when Glib is used) for KDE4 vclplug o writer : - title pages (i#i66619) - more RTF import/export fixes - tables in page styles (i#114366) - round-trip of DOC unhandled fields - double-click behavior on enhanced fields - leaky pStream after RTF import (fdo#31362) - crash when choosing starmath from start screen - OLE Links round-trip fixed for links as pictures - setup XML namespaces also for footers and headers. (bnc#581954) - switched to the LibreOffice code base, http://www.documentfoundation.org/ - renamed packages from OpenOffice_org* to libreoffice* - updated to libreoffice-3.2.99.2 (3.3-beta2): o common : - show menus in icons fixup - show all appropriate formats by default on save as (i#113141) - RenderBadPicture on multihead setups and Cairo (i#94007, i#111758) o base : - use correct table name (i#114246) o calc : - better performance on Excel doc import o components : - bound image controls (i#112659) - Appearance config dialog crasher (i#108246) - Euro converter didn't work with ODS (i#100686) - ImageURL and Graphic properties handling (i#113991) o extensions : - some reportbuilder fixes (i#114111, i#112652) o extras : - fix malformed XML file (i#111741) - add Croatian autocorrection (i#96706) - updated Hungarian standard.bau (i#112387) - eensgezinswoning replaces eensgezinswoning - add 1/2, 3/4 and 1/4 symbols to af-ZA, de, en-ZA, mn and pl o filters : - adjust for table::BorderLine2 - table DOCX import crasher (rh#632236) - misc improvements for DOCX VML import - text position bug in DOC import. (bnc#532920) - implement import of alpha channel for RGBA .tiffs (fdo#30472) o impress : - improve randomisation in 'dissolve' transition o libs-core : - add in MonoSpace setting - print the formula itself by default - extension can contain compiled help (i#114008) - no update menu entry for bundled extensions (i#113524) - prevent online update for bundled extensions (i#113524) - make search/replace of colour names with translations safer (i#110142) o libs-gui : - maths brackets misformed in presentation mode (i#113400) - better font-name localization, i.e. en fallback (i#114703) - default to UTF-8 for HTML unless we know differently (i#76649) o writer : - color problem in RTF export (fdo#30604) - crash on export of TOC to .doc (i#112384) - prevent document modification while printing (i#112518) - dotted and dashed border types (fate#307731, fate#307730) - changes from libreoffice-3.2.99.1 (3.3-beta1): o features : - renamed to LibreOffice - based on ooo330-m7 - changed default branding - started to support the LibreOffice code base [all] - ordinal suffixes autocorrection improvements - updated Numbertext extension to version 0.9.3 - support new distros Raw, LibreOfficeLinux, LibreOfficeMacOSX, LibreOfficeWin32 o performance bits : - memory footprint during PPT import. (bnc#637925) - performance bug on row height adjustments (bnc#640112) o common bits : - don't set header in DDE tables (bnc#634517) o Calc bits : - cell content rendering [bnc#640128] o Excel's cell border thickness mapping. (bnc#636691) - relative and absolute references toggling (bnc#634260) o more on the Flat MSO XML file type detection (bnc#631993) o Writer bits : - SwXTextRange DOC import (i#112564) o table formulas DOC import (bnc#631912) o input field fixes (bnc#628098, bnc#623944) o OLE Links with image DOC import (bnc#628098) o nested SET/FILLIN fields DOC import (bnc#634478) o broken floating tables formatting in DOC import. (bnc#617593) - double-clicking on field gives 'read only' message (bnc#639288) o OOXML bits : - text paragraph autofit PPTX import o VBA bits : - implicit indexes handling - logical operator precedence - column para for Range.Cells (bnc#639297) o build bits : - update internal ICU to version 4.2.1 - fetch 185d60944ea767075d27247c3162b3bc-unowinreg.dll - updated to version 3.2.98.1 (3.3-alpha1): o features : - RTF export rewrite - writer navigation - remove obsolete Industrial icon theme o common bits : - gray read-only styles (i#85003) - Accelerators for OK/Cancel buttons in GTK (bnc#608572) o Calc bits : - cell borders not saved. (bnc#612263) - external reference rework. (bnc#628876) - Flat MSO XML file type detection. (bnc#631993) - disable custom tab colors in high contrast mode - display correct field in data pilot. (bnc#629920) - Watch Window extension doesn't show sheet name (bnc#604638) o Draw bits : - associate application/x-wpg with oodraw (bnc#589624) o Impress bits : - More on avmedia soundhandler (i#83753, bnc#515553) o Writer bits : - ww8 styles import (i#21939) - hairline table borders export - saving new document comparison data - Ruby in MS Word format (i#79246) o OOXML : - better internal hlinks XLSX export. (bnc#594248) - numbering roundtripping issues in DOCX. (bnc#569266) - untis translation from EMU in PPTX import. (bnc#621739) - group shapes geometry calculation in PPTX import. (bnc#621739) - many other import/export fixes and improvements o VBA bits : - changes in event handling - more container control fixes - more on invalid code name import for sheet (bnc#507768) o build bits : - update prebuilt cli dlls for OOo-3.3 - moving ooo-build patches to ooo git sources - use --without-junit on Win32 and openSUSE < 11.2 - used the prepatched OOo sources from ooo-build git - used mozilla-xulrunner192 for openSUSE > 11.3
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 52738
    published 2011-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52738
    title SuSE 10 Security Update : Libreoffice (ZYPP Patch Number 7365)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1201.NASL
    description From Red Hat Security Advisory 2012:1201 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code : Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68602
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68602
    title Oracle Linux 5 : tetex (ELSA-2012-1201)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1201.NASL
    description Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code : Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61653
    published 2012-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61653
    title RHEL 5 : tetex (RHSA-2012:1201)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0755.NASL
    description Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS 'pdftops' filter converts Portable Document Format (PDF) files to PostScript. Multiple flaws were discovered in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that, when printed, would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user. (CVE-2010-3702, CVE-2009-3609) Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49814
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49814
    title CentOS 4 : cups (CESA-2010:0755)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0755.NASL
    description From Red Hat Security Advisory 2010:0755 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS 'pdftops' filter converts Portable Document Format (PDF) files to PostScript. Multiple flaws were discovered in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that, when printed, would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user. (CVE-2010-3702, CVE-2009-3609) Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68116
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68116
    title Oracle Linux 4 : cups (ELSA-2010-0755)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120823_TETEX_ON_SL5_X.NASL
    description teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code : Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61657
    published 2012-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61657
    title Scientific Linux Security Update : tetex on SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101007_POPPLER_ON_SL5_X.NASL
    description An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60866
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60866
    title Scientific Linux Security Update : poppler on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-16705.NASL
    description apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 50480
    published 2010-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50480
    title Fedora 12 : xpdf-3.02-16.fc12 (2010-16705)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0755.NASL
    description Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS 'pdftops' filter converts Portable Document Format (PDF) files to PostScript. Multiple flaws were discovered in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that, when printed, would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user. (CVE-2010-3702, CVE-2009-3609) Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 49802
    published 2010-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49802
    title RHEL 4 : cups (RHSA-2010:0755)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_OPENOFFICE_ORG-110330.NASL
    description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - maintenance update (bnc#667421, MaintenanceTracker-38738) - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don't version the bundled ct2n extension - last update of translations from Pootle for 3.3.1 - calc - import of cell attributes from Excel documents - incorrect page number in page preview mode (fdo#33155) - components - remove pesky on-line registration menu entry (fdo#33112) - crash on changing position of drawing object in header (rhbz#673819) - extras - start using technical.dic instead of oracle.dic (fdo#31798) - filters - pictures DOCX import (bnc#655763) - parse 'color' property (fdo#33551) - fix ole object import for writer (DOCX) (fdo#33237) - help - OOo -> LibO on Getting Support page (fdo#33249) - libs-core - handle css::table::BorderLine - add preferred Malayalam fonts (fdo#32953) - fix KDE3 library search order (fdo#32797) - StarDesktop.terminate macro behaviour (#30879) - Sun Microsystems -> TDF in desktop file (fdo#31191) - fixed several crashes around config UNO API (fdo#33994) - implementation names weren't matching with xcu (fdo#32872) - improve the check for existence of the localized help (fdo#33258) - libs-extern - upgrade libwpd to 0.9.1 - libs-gui - painting of axial gradients (116318) - fix wrong collation for Catalan language - crash when moving through database types (fdo#32561) - paint toolbar handle positioned properly (fdo#32558) - remove the menu when Left Alt Key was pressed; for GTK - default currency for Estonia should be Euro (fdo#33160) - year of era in long format for zh_TW by default (fdo#33459) - writer - use standard Edit button width of 50 (fdo#32633) - improve formfield checkbox binary export (bnc#660816) - infinite loop while exporting some files in DOC/DOCX/RTF - CTL/Other Default Font (i#25247, i#25561, i#48064, i#92341) - libreoffice-build-3.3.0.4 == 3.3.0-rc4 == final - updated to libreoffice-3.3.0.4 (3.3-rc4) : - common : - remove pesky on-line registration menu entry (fdo#33112) - artwork : - fix search toolbar up/down search button icons - base : - report builder not shows properties on report fields (fdo#32742) - report left/right page margin setting ignored on 64-bit (i#116187) - build : - updated translations - calc : - reverted problematic and dangerous : - performance of filters with many filtered ranges (i#116164) - obtain correct data range for external references (i#115906) - libs-core : - FMR crasher (fdo#33099) - backgrounds for polypolygons in metafile (i#116371) - unopkg crasher on SLED11-SP1 (bnc#655912) - libs-gui : - use sane scrollbar sizes when drawing - painting of axial gradients (i#116318) - do not mix unrelated X11 Visuals (fdo#33108) - avoid GetHelpText() call which can be quite heavy - writer : - fields fixes: key inputs, 0-length fields import (bnc#657135) - replaced obsolete SuSEconfig gtk2 module call with %%icon_theme_cache_post(un) macros for openSUSE > 11.3 (bnc#663245) - updated to libreoffice-3.3.0.3 (3.3-rc3) : - build : - use libreoffice and lo* wrappers; update man pages accordingly - navigation buttons' patch selection handling (fdo#32380, bnc#649506) - calc : - bogus check for numerical sheet names (fdo#32570) - performance of filters with many filtered ranges (i#116164) - obtain correct data range for external references (i#115906) - avoid double-paste when pasting text into cell comment (fdo#32572) - components : - fix nsplugin for LibreOffice name - fixing large OOXML files (i#115944) - layout breakage for KDE, X11 and (possibly) Mac (fdo#32133) - extensions : - patching xpdf to patchlevel 3.02pl5 - extras : - creating technical.dic based on src/*.dic - filters : - small TGAReader improvement (i#164349) - PageRange handling in writer PDF export (#116085) - impress : - missing font color (rhbz#663857) - use updated anchor for group shapes (i#115898) - presentation objects on master pages (i#115993) - libs-core : - survive missing window (rhbz#666216) - better font selection in Japanese locale. - do not block when launching Firefox (fdo#32427) - show the license information in a separate dialog (fdo#32563) - make unopkg --suppress-license skip license in all cases (fdo#32840) - libs-extern-sys : - better XPATH handling (i#164350) - libs-gui : - use the initial language if not specified (fdo#32523) - clean up search cache singleton in correct order (rhbz#666088) - writer : - undo/redo crash with postits (rhbz#660342) - rearrange title dialog to get translations (fdo#32633) - move to the next record during mail merge (fdo#32790) - updated to libreoffice-3.3.0.2 (3.3-rc2) : - common : - copy & paste a text formatted cell (i#115825) - replaced http://www.openoffice.org (fdo#32169) - bootstrap : - check if KDE is >= 4.2 - cleanup unfortunate license duplication - calc : - ignore preceding spaces when parsing numbers - make the string 'New Record' localizable (fdo#32209) - remove trailing spaces too when parsing CSV simple numbers - display correct record information in Data Form dialog (fdo#32196) - components : - make the ODMA check box clickable again (fdo#32132) - fixed the sizes of Tips and Extended tips check boxes - make 'Reset help agent' button clickable again (fdo#32132) - extensions : - fix filled polygons on PDF import - filters : - performance for import of XLSX files with drawing objects (i#115940) - impress : - missing embedded object in ODP export (i#115898) - grey as default color for native tables in Impress - graphics on master page cannot be deleted (i#115993) - libs-core : - save with the proper DOC variant (fdo#32219) - removed dupe para ids introduced by copy&paste - colon needed for LD_LIBRARY_PATH set but empty - wikihelp: use the right Help ID URL (fdo#32338) - MySQL Cast(col1 as CHAR) yields error (i#115436) - import compatibility for enhanced fields names (fdo#32172) - libs-extern-sys : - XPATH handling fix - libs-gui : - PPTX import crasher (bnc#654065) - copy&paste problem of metafiles (i#115825) - force Qt paint system to native (fdo#30991) - display problem with Vegur font (fdo#31243) - URIs must be exported as 7bit ASCII (i#115788) - regression in WMF text rendering (fdo#32236, i#115825) - postprocess : - only register EvolutionLocal when EVO support is enabled (fdo#32007) - writer : - after 'data to fields' mail merge does not work (fdo#31190) - missing outline feature in new RTF export filter (fdo#32039) - encoding of Greek letters names with accent in French (i#115956) - build bits : - better build identification in the about dialog - updated to libreoffice-3.3.0.1 (3.3-rc1) : - ooo integration : - Merge commit 'ooo/OOO330_m17' into libreoffice-3-3 - common : - more RTF import/export fixes - updated branding for rc - artwork : - fixed icons with PNG optimizations - remove remaining ODF MIME type icons - bootstrap : - Add BrOffice artwork / branding support - Do not install HTML versions of LICENSE and README - install credits file - build : - empty toolbar (bnc#654039) - pack PostgreSQL driver as .oxt instead of .zip - calc : - avoid pasting data from OOo Calc as an OLE object - scaling factor calculation for drawing layer (i#115313) - broken filter option in Datapilot (i#115431) - 'Precision as shown' not working if automatic decimal (i#115512) - disable document modify and broadcasting of changes on range names - don't update visible ranges for invisible panes - changing margins in print preview should mark the document modified - make VLOOKUP work with an external reference once again (fdo#31718) - more strict parsing of external range names - no automatic width adjustment of the dropdown popups (fdo#31710) - re-calculate visible range when switching sheets - skip hidden cells while expanding range selection - components : - overlapping controls - bad alloc and convert to ZipIOException (rh#656191) - divide by zero (rh#657628) - extras : - use consistent autocorrect file names - filters : - fix writerfilter XSL to handle more elements - missing call to importDocumentProperties (bnc#655194) - rotated text DOCX import (fdo#30474) - impress : - avoid antialiasing for drag rect - libs-core : - Adapted README according to list feedback - register EvolutionLocal when evolution support is enabled (fdo#32007) - crash during toolpanel re-docking - crash in FR version when typing / as first character (i#115774) - only start the quick-starter on restart - don't crash when quickstarter is exited by user (rh#650170) - shutdown quickstarter at end of desktop session (rh#650170) - exit quickstarter if physically deleted (rh#610103) - autocorrect crasher (rh#647392) - start quickstarter on every launch if configured to use it - Switch toolbar icon size to 'auto-detect' - libs-extern : - Use the new stable libwp* releases as default - libs-extern-sys : - fixed urllib.urlopen in the internal python (fdo#31466) - libs-gui : - Allow the dropdown list of a combo box to be scrollable. (fdo#31710) - PDF export regression for simple RTL cases (i#115618) - freeze with ODP import (i#115761) - make toolbar icon size native-widget controlled - use BrOffice in pt_BR locale (fdo#31770) - release the clipboard after flush (i#163153) - l10n : - BrOffice in Brazil => %PRODUCTNAME_BR for win32 installer - sdk : - correct resolveLink function (i#115310) - writer : - crash when opening File/Print dialog fixed (i#115354) - better enhanced fields navigation - allow to localize the 'My AutoText' string (i#66304) - table alignment set to 'From Left' when moving the right (bnc#636367) - font color selection didn't effect new text (bnc#652204) - column break DOC import problem (bnc#652364) - build bits : - install branding for the welcome screen (bnc#653519) - fixed URL, summary, and description for LibreOffice - bumped requires to libreoffice-branding-upstream > 3.2.99.3 - created l10n-prebuilt subpackage for prebuilt registry files (bnc#651964) - disabled KDE3 stuff on openSUSE >= 11.2 (bnc#605472, bnc#621472) - added gcc-c++ and libxml2-devel into BuildRequires; were required by kdelibs3-devel before - updated to libreoffice-3.2.99.3 (3.3-beta3) : - ooo integration : - Merge commit 'ooo/OOO330_m13' - common : - impress ruler behaviour - add Title Page dialog (i#7065) - save 1MB on wizards per language - images optimized for smaller size - do not insert a new cell beyond the end - handle multiple selection for printing (i#115266) - remove VBAForm property and associated geometry hack (fdo#30856) - base : - key columns in all tables (i#114026) - reports executed for data display (i#114627) - calc : - non-functional select - defined names in Calc functions (i#79854) - use Ctrl-Shift-D to launch selection list - regression for range array input, e.g. {=A1:A5} - crash on importing docs with database functions - crash on importing named ranges on higher sheets - remove the 'insert new sheet' tab in read-only mode - incorrect display of references from the formula input wizard - new tab page 'Compatibility' in the Options dialog (fdo#30559) - components : - default to evolution - crash in scanner dialog (rh#648475) - extras : - added LibreOffice and Tango palettes - filters : - crash on unsupported .tiffs (i#93300) - vertical text alignment and placeholder style (bnc#645116) - impress : - broken zoom behaviour - crash in OGL transitions - support for PPT newsflash slide transition - libs-core : - register EVO address book - more quickstarter fixes (i#108846) - missing media-type for ODF thumbnails - add credits hyperlink into about dialog - freeze when adding an extension (i#114933) - -quickstart option, and help fix (i#108846) - GNOME filepicker filter selection (i#112411) - use 'Enter Password' in all dialogs (fdo#31075) - add display properties to control shapes (i#112597) - disable user migration when SAL_DISABLE_USERMIGRATION is set - libs-gui : - disable KDE's crash handler - refresh of OLE object previews - adding font aliases (i#114706) - comparison of key events for IM - show Java error just once by default - underlining problem with Graphite fonts (i#114765) - saving tempfiles when locking is not supported. - better selection of localized font names (i#114703) - MetricFields SetUnit conversions (fdo#30899, bnc#610921) - make Presenter Screen default to the projector (i#112421) - Qt event loop integration (when Glib is used) for KDE4 vclplug - writer : - title pages (i#i66619) - more RTF import/export fixes - tables in page styles (i#114366) - round-trip of DOC unhandled fields - double-click behavior on enhanced fields - leaky pStream after RTF import (fdo#31362) - crash when choosing starmath from start screen - OLE Links round-trip fixed for links as pictures - setup XML namespaces also for footers and headers (bnc#581954) - switched to the LibreOffice code base, http://www.documentfoundation.org/ - renamed packages from OpenOffice_org* to libreoffice* - updated to libreoffice-3.2.99.2 (3.3-beta2) : - common : - show menus in icons fixup - show all appropriate formats by default on save as (i#113141) - RenderBadPicture on multihead setups and Cairo (i#94007, i#111758) - base : - use correct table name (i#114246) - calc : - better performance on Excel doc import - components : - bound image controls (i#112659) - Appearance config dialog crasher (i#108246) - Euro converter didn't work with ODS (i#100686) - ImageURL and Graphic properties handling (i#113991) - extensions : - some reportbuilder fixes (i#114111, i#112652) - extras : - fix malformed XML file (i#111741) - add Croatian autocorrection (i#96706) - updated Hungarian standard.bau (i#112387) - eensgezinswoning replaces eensgezinswoning - add 1/2, 3/4 and 1/4 symbols to af-ZA, de, en-ZA, mn and pl - filters : - adjust for table::BorderLine2 - table DOCX import crasher (rh#632236) - misc improvements for DOCX VML import - text position bug in DOC import (bnc#532920) - implement import of alpha channel for RGBA .tiffs (fdo#30472) - impress : - improve randomisation in 'dissolve' transition - libs-core : - add in MonoSpace setting - print the formula itself by default - extension can contain compiled help (i#114008) - no update menu entry for bundled extensions (i#113524) - prevent online update for bundled extensions (i#113524) - make search/replace of colour names with translations safer (i#110142) - libs-gui : - maths brackets misformed in presentation mode (i#113400) - better font-name localization, i.e. en fallback (i#114703) - default to UTF-8 for HTML unless we know differently (i#76649) - writer : - color problem in RTF export (fdo#30604) - crash on export of TOC to .doc (i#112384) - prevent document modification while printing (i#112518) - dotted and dashed border types (fate#307731, fate#307730) - changes from libreoffice-3.2.99.1 (3.3-beta1) : - features : - renamed to LibreOffice - based on ooo330-m7 - changed default branding - started to support the LibreOffice code base [all] - ordinal suffixes autocorrection improvements - updated Numbertext extension to version 0.9.3 - support new distros Raw, LibreOfficeLinux, LibreOfficeMacOSX, LibreOfficeWin32 - performance bits : - memory footprint during PPT import (bnc#637925) - performance bug on row height adjustments (bnc#640112) - common bits : - don't set header in DDE tables (bnc#634517) - Calc bits : - cell content rendering [bnc#640128] - Excel's cell border thickness mapping (bnc#636691) - relative and absolute references toggling (bnc#634260) - more on the Flat MSO XML file type detection (bnc#631993) - Writer bits : - SwXTextRange DOC import (i#112564) - table formulas DOC import (bnc#631912) - input field fixes (bnc#628098, bnc#623944) - OLE Links with image DOC import (bnc#628098) - nested SET/FILLIN fields DOC import (bnc#634478) - broken floating tables formatting in DOC import (bnc#617593) - double-clicking on field gives 'read only' message (bnc#639288) - OOXML bits : - text paragraph autofit PPTX import - VBA bits : - implicit indexes handling - logical operator precedence - column para for Range.Cells (bnc#639297) - build bits : - update internal ICU to version 4.2.1 - fetch 185d60944ea767075d27247c3162b3bc-unowinreg.dll - updated to version 3.2.98.1 (3.3-alpha1) : - features : - RTF export rewrite - writer navigation - remove obsolete Industrial icon theme - common bits : - gray read-only styles (i#85003) - Accelerators for OK/Cancel buttons in GTK (bnc#608572) - Calc bits : - cell borders not saved (bnc#612263) - external reference rework (bnc#628876) - Flat MSO XML file type detection (bnc#631993) - disable custom tab colors in high contrast mode - display correct field in data pilot (bnc#629920) - Watch Window extension doesn't show sheet name (bnc#604638) - Draw bits : - associate application/x-wpg with oodraw (bnc#589624) - Impress bits : - More on avmedia soundhandler (i#83753, bnc#515553) - Writer bits : - ww8 styles import (i#21939) - hairline table borders export - saving new document comparison data - Ruby in MS Word format (i#79246) - OOXML : - better internal hlinks XLSX export (bnc#594248) - numbering roundtripping issues in DOCX (bnc#569266) - untis translation from EMU in PPTX import (bnc#621739) - group shapes geometry calculation in PPTX import (bnc#621739) - many other import/export fixes and improvements - VBA bits : - changes in event handling - more container control fixes - more on invalid code name import for sheet (bnc#507768) - build bits : - update prebuilt cli dlls for OOo-3.3 - moving ooo-build patches to ooo git sources - use --without-junit on Win32 and openSUSE < 11.2 - used the prepatched OOo sources from ooo-build git - used mozilla-xulrunner192 for openSUSE > 11.3 MaintenanceTracker-35044, CVE-2010-2935, CVE-2010-2936) : - Calc bits : - custom field names handling in Data Pilot (bnc#634974) - remember 'sort by' selection in Data Pilot (bnc#634974) - more on the Flat MSO XML file type detection (bnc#631993) - Impress bits : - cairocanvas border treatment (bnc#629546, rh#557317) MaintenanceTracker-35044, CVE-2010-2935, CVE-2010-2936) : - security fixes : - two impress vulnerabilities (CVE-2010-2935, CVE-2010-2936, bnc#629085) - common bits : - honour ure-link in SDK configure.pl - macro recording crasher (i#113084) [upstream, Rene] - Calc bits : - DataPilot sort by ID (bnc#622920) - Flat MSO XML file type detection (bnc#527738) - DDE linkage upon loading documents (bnc#618846, bnc#618864) - file name as sheet name in Excel 2.1 docs import (bnc#612902) - Draw bits : - random extra arrows around the custom shape (i#105654) - Impress bits : - slideshow clipping (i#112422) - cairocanvas border treatment (bnc#629546, rh#557317) - Writer bits : - input field fixes (bnc#628098, bnc#623944) - non-breaking space erasing freeze (i#i113461) [upstream, Rene] - broken floating tables formatting in DOC import (bnc#617593) - Netbooks bits : - decorate help window (bnc#621116) - more restrictive top level document window check (bnc#607735) - reduce height of PDF export and recovery dialogs (bnc#623352) - Win32 bits : - allow view 'details' in File Open dialog on XP (bnc#620924) - l10n bits : - non-localized Tools/Options/OOo Writer/Comparison (bnc#615000) - speed up : - faster ODS export with lots of hidden rows (deb#582785) - common bits : - allow to start OOo on cifs (i#108106) - non-working Euro Converter wizard (i#100686) - show the control geometric property correctly (bnc#610921) - remove one color from the OOo palette to get 100 colors - Calc bits : - broken cell borders export (bnc#612263) - incorrect automatic print area assignment - Draw bits : - mark invisible layers upon document load properly (bnc#606434) - Writer bits : - 'New table' toolbar behavior (bnc#612013) - l10n : - Hungarian translation fixes - update translations from the openSUSE community - KDE4 bits : - non-Oxygen theme crashes (bnc#612491, i#112102) - ooo-build-3.2.1.3 == 3.2.1-rc3 == final - common bits : - show the really used default icon theme in options (bnc#603169) - disable gcj in supported JRE's - Calc bits : - pasting time data into two cells crasher (bnc#606975) - Draw bits : - associate application/x-wpg with oodraw (bnc#589624) - Impress bits : - embedded media break on 2nd load - pressing 'Apply' in the Media Player crasher (bnc#597691) - Writer bits : - document comparsion saving improvements - bullets RTF import/export bugs (bnc#569266) - l10n bugs : - localize the layouted zoom dialog (bnc#595823) - KDE4 bits : - redraw the status bar when needed (bnc#567886, i#107945) - build bits : - sort filelists to get repeatable results - performance bits : - note's position calculation - faster string cell XLSX import (bnc#594513) - GUI improvements : - better about dialog (i#111425) - better 'New Table' toolbar widget - new toolbars crashers (bnc#601634) - better behavior of new toolbars (bnc#603588) - less intrusive approach to the nicer toolbar decorations - menu bar appearance with some GTK+ themes (i#103999, bnc#527356) - frame around Font color and Highlighting toolbars (bnc#598534) - common bits : - better CJK defaults (i#54320) - metric field limits and units - KDE4 border frame width (i#111464) - allow to start with fresh user configuration again (bnc#599590) - Calc bits : - another R1C1 parser error (bnc#604903) - default precision to 2 in DBF export (i#111074) - disable text wrap when the cell value is numeric - default display format for general number format (i#111533) - empty cells when fetching ext. range (bnc#600667, i#110595) - Impress bits : - more on autoplay PPS/PPSX files (bnc#485645) - bogus file links in exported presentation PDF (bnc#598816) - Writer bits : - non-editable documents with forms (bnc#60135) - invisible graphical bullets in ODT export (i#101131) - OOXML export/import : - Ruby DOCS export - document grid DOCX export - sub/superscripts DOCX export - auto-refresh style DOC(X) export - wrong default style name in DOCX export - shape reference PPTX import crasher (bnc#593611) - master style placeholders in PPTX import (bnc#592906) - char spacing, character style association in DOCX export - VBA bits : - make sure error data isn't cleared on raise - l10n bits : - update from the openSUSE community - fixes for renamed languages (xx-IN -> xx) - build bits : - put mdds into new top level module - parallel build of ct2n extension (bnc#595550) - unopkg-regenerate-cache improvements (bnc#597573) - set correctly the upstream build version (bnc#582120) - symlink uno.py and unohelper.py into the system python path - link against the versioned libmysqlcppconn - added initial support for build on MeeGo distro - common bits : - 64-bit nsplugin fix (i#110747) - assertion during HTML import (i#110806) - missing image in localized helps (i#99165) - non-existent topic auxiliary/shared.tree (i#110963) - scroll combo box content by default (bnc#591650, i#110227) - better support for globally enabled nsplugin (i#49590) - reset security preferences in unoxml; allows to use the system redland (i#110523) - Calc bits : - data validation XLS import (bnc#594235) - data pilot deletion crasher (bnc#595617) - better rendering in Asian vertical mode (bnc#595625) - merged icon state after shift left click (bnc#595822) - database functions regression (bnc#594332, bnc#595713) - conditional formatting XLS import regression (bnc#594266) - refreshing problem with vertical stack format (bnc#597658) - deleting rows inside a merged cell (bnc#596414, lp#558968) - do not export negative decimal places value in ODS (i#110634) - UI issues in R1C1 formula syntax mode (bnc#595078, bnc#595080) - Impress bits : - various Calc crashers with gcc-4.5 (bnc#588957, deb#576665) - Writer bits : - text input fields crasher - tabs not displayed in shapes (bnc#564454) - more on caption separator with empty caption text (i#110287) - VBA bits : - ErrObj behaviour - wizard truncation problems (bnc#591768) - passing wrong separator for range list (bnc#597351) - Err symbol resolution in VBA/non-VBA mode (bnc#597884) - OOXML : - DOCX font import crasher - add fly frames DOCS export (bnc#581604) - regression in paragraph PPTX import (bnc#479829) - l10n bits : - Hungarian translation update - update strings from openSUSE community - do not do extra hacks for en-US-only build - truncated translations in Diagram wizard (i#110702) - footnote anchor Norwegian Bokmal translation (i#109545) - Spanish 'boolean value' translation fix (deb#576842, i#110674) - build bits : - parallel build of ct2n extension (bnc#595550) - update prebuilt ooo-cli-prebuilt to version 3.2.1 - npwrap.cxx build without GTK (i#110833, gentoo#306181) - use --enable-hids (bnc#102592) - started to Require OpenOffice_org-branding >= 3.2.0.99.3 - features : - automatic scrollbars for writer (fate#588554) - dashed and dotted border types in Writer (fate#307731) - experimental VBA import from XLSM documents (fate#309162) - performance : - large Excel documents import speed up (bnc#582693) - page break preview mode speed up (bnc#504618, i#109935) - page number calculation speed up (bnc#504618, i#109935) - common bits : - badly inserted space by autocorrection - embedding video in Writer/Calc crasher - fix for UTF-8 encoded hyphen dictionaries - use .uno:NewDoc instead of deprecated slot:5500 - use Linux-specific template paths only on Linux - Base bits : - wizard crashers (bnc#587797) - Calc bits : - better insert new sheet icon - insert new sheet tab crasher (bnc#590187) - XLS import with drawing objects (bnc#588927) - machine area slot size and row limit (bnc#588554) - various Calc crashers with gcc-4.5 (bnc#588957) - matrix results did not work with auto complete (bnc#503918) - XLS export of heights of rows with wrapped text (bnc#580094) - Impress bits : - media link reference PPT import crasher (bnc#590442) - Writer bits : - DOC import crasher with Tcg records (bnc#590359) - DOC import loop with Tbc & TbcHeader records (bnc#589794) - omit caption separator if caption text is empty (i#110287) - l10n bits : - src/sdf directory clean up - Hungarian UI name order (i#105342) - more localizable strings for scp2 module - localize framework improvements - automated translations of language dependent components - enable CaptionOrderNumberingFirst by default for Hungarian - added WatchWindow Calc extension (fate#309182) - features : - Numbertext extension (fate#308028) - ConvertTextToNumber extension (fate#307906) - support embedded media also for PPT (fate#304532) - update PostgreSQL driver to 0.7.6a; it adds postgresql.xcu to actually offer this driver in the UI - speed up : - more on faster ODS import (n#582693) - more on the Calc's external reference manager refactoring (i#103739,i#108064,i#108404,i#109101,i#109168,i#109170) - common bits : - toolbar popups crasher - update recently used list when the document is saved - process UTF-8 encoded hyphen dictionaries (i#109543) - align style usage with style generation in SVG import - auto caps lock toggling without XTest API (bnc#394949) - Base bits : - more on the MySQL Connector - Calc bits : - search option for filtered cells (bnc#580408) - opcode list for the initial 'last used' functions - break links in formulas with external refs (bnc#585094) - allow PDF export on filtered range selection (bnc#585028) - populate string list in standard filter dialog (bnc#584975) - convert locale-specific date strings to values (bnc#584693) - TAB and autocompletion behavior clean up (n#584953, i#18748) - Impress bits : - fast boxclipper, use for WMF import (i#72418, bnc#535304) - Writer bits : - preserve character style on 'reset format' - show 'Remove Hyperlink' even with selection - OOXML bits : - better connector shape XLSX import (bnc#559393) - VBA bits : - broken OOo Writer API (bnc#585410) - GTK+ bits : - better process glib events on exit - i18n bits : - updated Hungarian localization - do the Hungarian fixes in the right localize.sdf - build bits : - build with gcc-4.5 (i#109853) - apply patches with --fuzz=0 - better handle the parallel build - used the new solution to control parallel build - called make more times to survive random parallel build problem - features : - toolbar popups refactoring - media embedding (i#83753) [upstream, Thorsten] - support for dotted and dashed borders - writer document comparing - 'insert new sheet' tab in Calc (fate#308396) - distributed text alignment support (fate#308334) - insert current date/time via Ctrl-/Shift-Ctrl- (fate#307762) - English function names instead of localized ones (fate#308029) - performance : - faster external reference handling (i#109168) - Common bits : - beginning of small screen mode - crash in headless mode (i#108681) - colorspace calculation fix - textpropreader limit in svdfppt.cxx - lots autocorrection stuff improvements - Add starmath to docs, for EDU project - extensions with nonstandard merge points crasher - valgrind test and other corner cases fixes - Calc bits : - Keep track of cells containing SUBTOTAL (bnc#578802) - incorrect cell positioning during row insertion (bnc#578588) - Impress bits : - sounds spanning multiple slides in PPT import (bnc#515553) - OOXML bits : - chart export - autofit on in OOXML import - better connector shape XLSX import (bnc#549331) - VBA bits : - moduleinfo fixes - lots container control fixes - fire MultiPage_Change event when needed - remove extra GROUPNAME prop from VCLXImageControl - support copy of worksheet to 'other' document via API - build bits : - don't statically link against mono in climaker - Calc bits : - modified date reset to '0' (bnc#581634) *l10n : - duplicate formula names in Spanish localization (i#109407) - removed broken Danish extra localizations sources; fixed function names in Calc (bnc#549027) - Common bits : - prefer OOo over okular and k* - exception handling in SVG import - Impress bits : - mis-detection of cloned displays (bnc#578730, bnc#551391) - OOXML bits : - image wrapping in DOCX import - numbering in DOCX import (bnc#580106) - l10n : - updated Hungarian translation - new strings from SLED11-SP1 translators - applying extra SDF files (i#109378) - really localize the layout dialogs (deb#570378) - localize Vendor in the Windows installer (bnc#571489) - ooo-build-3.2.0.5 == 3.2-rc5 == final - Common bits : - vcl's grey palette init - x86_64 bridge fixes (i#98028, bnc#575704) - not-properly initialized paradepth in svdfppt.cxx - decode URI escapes in subject when sending E-mail (bnc#575653) - various GNOME quickstarter fixes (i#108918, bnc#575555) - decode URI escapes in subject when sending E-mail (bnc#575653) - Base bits : - ReportBuilder crasher (i#108914, bnc#575698) - Calc bits : - better formula variable separator config check (bnc#556142) - Impress bits : - avoid looping in draw/impress - BadMatch crasher during slideshow (i#107763) - l10n bits : - Spanish accelerators fix (i#102645) - build bits : - look for moc in QT4DIR first - Common bits : - valgrind warnings - increase the default java stack size to 1MB (bnc#572372) - Calc bits : - CSV dialog parameters storing (i#108645) - hidden rows heights XLS export (bnc#573938) - pagenation when printing selected cells (bnc#569328) - drilling down on field member crasher (i#103347, bnc#573456) - Write bits : - bullets RTF export (bnc#569266) - create style via API (i#108426) - VBA bits : - library location so VBA services work for Windows - l10n bits : - Spanish translations fix - build bits : - presenter screen extension build - localize framework improvements - performance : - faster XLSX export (bnc#558577) - Common bits : - fixes from valgrind test - SVG import crasher (bnc#560255) - AFM parser crasher (bnc#535485) - Base bits : - Table wizard does not start (i#107917) [upstream, Rene] - Calc bits : - correctly query last flagged row (bnc#568146) - error when saving ODS document as XLSX (bnc#566581) - dis-joint ranges highlighting while in chart mode (bnc#568016) - Writer bits : - fields DOC import crasher (bnc#569348) - KDE4 bits : - override existing files - multiple auto-extension checkboxes - 3rd party plugin should not cause crash (bnc#548354) - VBA bits : - 'exe' checkbox under Load/Save|VBA Properties options - build bits : - update the prebuilt gdocs version to 2.1.0 (bnc#568399) - performance : - DBF import performance by 75% (bnc#558505) - string intern optimization for PC 850 code pages - do not load any VBA crap from non MSO documents - do not always load presenter screen (i#107568) - Common bits : - layout dialogs crashers - few WMF/EMF+ import fixes [upstream, Radek] - file read from sftp-folder (bnc#465102) - pasting from Firefox crashers (bnc#553819) - unnecessary exceptions in sfx2 (i#107512) - better wording of the always save option check box - saving when locking is not supported (bnc#560877, i#107511) - Calc bits : - Lotus import crasher (bnc#565184) - connector styles XLS import (bnc#559393) - minor bugs in datapilot ODS import/export - line count of move-copy sheet dialog (bnc#559438) - random ListBox::CalcMinimumSize() results (bnc#557230) - support XLSX export for more that 65536 rows (bnc#504623) - conflict between formula and decimal separators (bnc#556142) - number of the sheet in the 'Insert Sheet' dialog (bnc#559445) - Writer bits : - image position in DOC import - update table format when pasting a value (bnc#564789) - VBA bits : - macro properties fixup (bnc#566030) - listindex, radiobutton, listbox events (bnc#560355, bnc#561639) - features : - support ooo320-m6 - support iceape/icedove/iceweasel in open-url - add option for the save icon behavior (bnc#556125) - speed up : - filtering performance in presence of cell notes (bnc#556927) - Common bits : - French autocorrection improvements - fullscreen WM hints (bnc#551402) - work with odf-converter again (bnc#557368) - un-set Cairo font options crasher (i#59127) - find the moved help when registering extension (i#107283) [ab, Petr] - Calc bits : - filter removing crasher (bnc#558564) - percent format getting unlimited precision (bnc#555889) - return correct flag value from R1C1 parser (bnc#557475) - incorrect range separator for disjoint ranges (bnc#556268) - TAB key to auto-complete word and move cell cursor (i#18748) - incorrect XLS import of sheet protection options (bnc#542024) - Writer bits : - OLE objects DOC import (bnc#557965) - returning from writer fullscreen mode crasher (i#107248) - OOXML bits : - regression on image DOCX import - sections DOCX import crasher (bnc#548701) - temporary make the XLSX export a separate library - wrong type and position of connector shape in XLSX import (bnc#549331) - VBA bits : - late document event crasher (bnc#558907) - mappings between imported local names and orig excel name - l10n bits : - Hungarian fixes - speed up : - bunch of useless flush calls in rdb code - page break update and printing performance (bnc#554955) - row's hidden state lookup during pagenation (bnc#554955) - Common bits : - better document status icon in the status bar - Calc bits : - more on flat_segment_tree implementation - better icons in the datapilot popup window - datapilot position in XLS export/import (i#106583) - storing custom display names for datapilot tables (i#106975) - Draw bits : - malformed Bezier curve printing (bnc#553219) - more on custom shapes gradient color (bnc#485637) - VBA bits : - more Writer VBA API - more on sheet protection - event helper crasher (bnc#438606) - find fails to wrap search when it fails (bnc#554261) - build bits : - update Google Docs and Zoho extension to version 1.9.0 - added define use_xulrunner191 that would allow to use xulrunner191 on SLED11-SP1 (bnc#540726) - speed up : - do not call `uname` during start (i#106891) - Common bits : - broken find&search dialog (bnc#552450) - broken colors in PDF export (i#106523) - erasing elements in toolkit layout code (i#106575) - Calc bits : - more on automatic adjusting decimal numbers (bnc#541973) - disable paste mode when the input mode is active (i#102456) - rot. text + border in XLS import (i#38709, bnc#549728) - Writer bits : - recorded changes editing (bnc#545815) - image size DOC export (bnc#554549, i#59648) - background color and bullet indentation DOC import (bnc#547308) - OOXML bits : - more on shapes DOCX import - VBA bits : - control name override logic - selection reset after paste - combobox binding data import in userform (bnc#539220) - build bits : - switch back to the internal saxon (bnc#547157) - features : - NLPSolver extension (fate#304653) - oooblogger extension (fate#304555) - Google Docs and Zoho extension (fate#304577) - optional icon themes (i#105062, bnc#529404, bnc#537541) - speed up : - use stringbuf in SVG export - cache fontconfig's pre-match substitution results (bnc#529532) - common bits : - XML parser crasher - opacity SVG import - WebDAV locking stuff rework - many KDE4 integration fixes - set dev-install icons to small ones - regression in WMF import (bnc#417818) - more on fontconfig/cairofont stuff - wrong kerning on Linux (bnc#464436, i#26519) - inserting uiconfiguration ( menus/toolbar ) (i#105154) - keep locks after saving documents via WebDAV (bnc#464568) - better fix for quick-starter unload crasher (i#101245) - save non-English file names with KDE4 dialog (deb#536664) - driver string action and font object EMF+ import (bnc#519715) - prevent multiple window resize when maximised (i#104469) - Base bits : - UPDATE db record failure (i#104088) - Calc bits : - selection change and status icon (bnc#548116) - range selection for RTL languages (bnc#542684) - Force-interpret formula cell results (bnc#540563) - check for the General number format type (i#46511) - broken SUBTOTAL cell function after undo (bnc#545287) - erroneous export of OCX combo box controls (bnc#540566) - automatically adjust the number of decimals (bnc#541973) - skip filtered cells during search or replace (bnc#539282) - unicode strings in external ref URIs (i#103918, i#104166) - disable context menu on non-selectable cells (bnc#542024) - SHA1 hash algorithm for sheet and doc password by default - zero bytes encryption inside cond. formatting (bnc#541058) - selection of cells on protected sheets by default (bnc#538559) - cell selection handling when cell is being edited (bnc#541269) - Draw bits : - slides printing page offset (bnc#537931) - Impress bits : - wrong text bounds - missing drag rect on mac - PPT import crasher (bnc#546758) - bullet size PPT import (bnc#515972) - dock presentation minimizer toolbar - Writer bits : - Non-breaking spaces fixes - UNO API related to fields - unknown fields DOC import (i#61075, i#89667) - allow to add param into form field during import - two consecutive text fields in DOC import (bnc#546416) - OOXML bits : - collapsed paragraphs at the end of the sections DOCX import - VML shapes missing and bad sizes in DOCX import (bnc#549300) - styles without stylesheet definition DOCX import (bnc#545717) - VBA bits : - some wae fixes - controls visibility (bnc#542132) - AutoFilterMode macro (bnc#549383) - more on transient imported autotext - misc IBM fixes (i#104203, i#103653) - support for default member with automation bridge - boolean arguments to worksheet functions (bnc#541735) - more fixes for automation (bnc#535086, bnc#535087, bnc#535088, bnc#535089) - Do While Not 'foo'='' ' causes date type mismatch (i#105321) - IsEmpty RTL function fails with non-object params (bnc#541749) - object not cleared when entering new stack frame (bnc#541755) - l10n bits : - lots fixes - Russian and Slovak autocorection update (i#91304) - split build : - install extensions MIME type icon - install startcenter.desktop (bnc#548534) - Novell bits : - use xulrunner-1.9.1 on openSUSE-11.2 - branch configuration for openSUSE-11.2 - enable EMFPlus section for SLED10 (bnc#232232) - used internal boost on SLED10, openSUSE-10.3, openSUSE-11.0
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 53784
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53784
    title openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0337-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201310-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201310-03 (Poppler: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 70309
    published 2013-10-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70309
    title GLSA-201310-03 : Poppler: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBREOFFICE331-110318.NASL
    description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier 'Print' dialog - new easier 'Thesaurus' dialog - more options to modify letters case - added LibreOffice colors to the palette - import of alpha channel for RGBA TIFF (fdo#30472) Calc - sort dialog for DataPilot - increased document protection - insert drawing objects in charts - hierarchical axis labels for charts - automatic decimals digits for 'General' format - new tab page 'Compatibility' in the Options dialog - better performance and interoperability on Excel import - display custom names for DataPilot fields, items, and totals Writer - RTF export (GSoc) - new 'Title Page' dialog - 2-level document protection - better form controls handling - count the number of characters with and without spaces Impress/Draw - PPTX chart import feature - easier slide layout handling - presenter screen uses the laptop output by default - allow to add drawing documents to gallery via API (i#80184) Base - support explicit primary key - support of read-Only database registrations Math - new command 'nospace' Most important changes : - maintenance update (bnc#667421, MaintenanceTracker-38738) - fixed several security bugs : - PowerPoint document processing. (CVE-2010-2935 / CVE-2010-2936) - extensions and filter package files. (CVE-2010-3450) - RTF document processing. (CVE-2010-3451 / CVE-2010-3452) - Word document processing. (CVE-2010-3453 / CVE-2010-3454) - insecure LD_LIBRARY_PATH usage. (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD. (CVE-2010-3702 / CVE-2010-3704) - PNG file processing. (CVE-2010-4253) - TGA file processing. (CVE-2010-4643) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4. (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation. (bnc#647959) - defuzzed piece-packimages.diff to apply - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture. (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import. (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don't version the bundled ct2n extension - last update of translations from Pootle for 3.3.1 - calc - import of cell attributes from Excel documents - incorrect page number in page preview mode (fdo#33155) - components - remove pesky on-line registration menu entry (fdo#33112) - crash on changing position of drawing object in header (rhbz#673819) - extras - start using technical.dic instead of oracle.dic (fdo#31798) - filters - pictures DOCX import. (bnc#655763) - parse 'color' property (fdo#33551) - fix ole object import for writer (DOCX) (fdo#33237) - help - OOo -> LibO on Getting Support page (fdo#33249) - libs-core - handle css::table::BorderLine - add preferred Malayalam fonts (fdo#32953) - fix KDE3 library search order (fdo#32797) - StarDesktop.terminate macro behaviour (#30879) - Sun Microsystems -> TDF in desktop file (fdo#31191) - fixed several crashes around config UNO API (fdo#33994) - implementation names weren't matching with xcu (fdo#32872) - improve the check for existence of the localized help (fdo#33258) - libs-extern - upgrade libwpd to 0.9.1 - libs-gui - painting of axial gradients (116318) - fix wrong collation for Catalan language - crash when moving through database types (fdo#32561) - paint toolbar handle positioned properly (fdo#32558) - remove the menu when Left Alt Key was pressed; for GTK - default currency for Estonia should be Euro (fdo#33160) - year of era in long format for zh_TW by default (fdo#33459) - writer - use standard Edit button width of 50 (fdo#32633) - improve formfield checkbox binary export. (bnc#660816) - infinite loop while exporting some files in DOC/DOCX/RTF - CTL/Other Default Font (i#25247, i#25561, i#48064, i#92341) - libreoffice-build-3.3.0.4 == 3.3.0-rc4 == final - updated to libreoffice-3.3.0.4 (3.3-rc4) : - common : - remove pesky on-line registration menu entry (fdo#33112) - artwork : - fix search toolbar up/down search button icons - base : - report builder not shows properties on report fields (fdo#32742) - report left/right page margin setting ignored on 64-bit (i#116187) - build : - updated translations - calc : - reverted problematic and dangerous: # performance of filters with many filtered ranges (i#116164) # obtain correct data range for external references (i#115906) - libs-core : - FMR crasher (fdo#33099) - backgrounds for polypolygons in metafile (i#116371) - unopkg crasher on SLED11-SP1. (bnc#655912) - libs-gui : - use sane scrollbar sizes when drawing - painting of axial gradients (i#116318) - do not mix unrelated X11 Visuals (fdo#33108) - avoid GetHelpText() call which can be quite heavy - writer : - fields fixes: key inputs, 0-length fields import. (bnc#657135) - replaced obsolete SuSEconfig gtk2 module call with %%icon_theme_cache_post(un) macros for openSUSE > 11.3. (bnc#663245) - updated to libreoffice-3.3.0.3 (3.3-rc3) : - build : - use libreoffice and lo* wrappers; update man pages accordingly - navigation buttons' patch selection handling (fdo#32380, bnc#649506) - calc : - bogus check for numerical sheet names (fdo#32570) - performance of filters with many filtered ranges (i#116164) - obtain correct data range for external references (i#115906) - avoid double-paste when pasting text into cell comment (fdo#32572) - components : - fix nsplugin for LibreOffice name - fixing large OOXML files (i#115944) - layout breakage for KDE, X11 and (possibly) Mac (fdo#32133) - extensions : - patching xpdf to patchlevel 3.02pl5 - extras : - creating technical.dic based on src/*.dic - filters : - small TGAReader improvement (i#164349) - PageRange handling in writer PDF export (#116085) - impress : - missing font color (rhbz#663857) - use updated anchor for group shapes (i#115898) - presentation objects on master pages (i#115993) - libs-core : - survive missing window (rhbz#666216) - better font selection in Japanese locale. - do not block when launching Firefox (fdo#32427) - show the license information in a separate dialog (fdo#32563) - make unopkg --suppress-license skip license in all cases (fdo#32840) - libs-extern-sys : - better XPATH handling (i#164350) - libs-gui : - use the initial language if not specified (fdo#32523) - clean up search cache singleton in correct order (rhbz#666088) - writer : - undo/redo crash with postits (rhbz#660342) - rearrange title dialog to get translations (fdo#32633) - move to the next record during mail merge (fdo#32790) - updated to libreoffice-3.3.0.2 (3.3-rc2) : - common : - copy & paste a text formatted cell (i#115825) - replaced http://www.openoffice.org (fdo#32169) - bootstrap : - check if KDE is >= 4.2 - cleanup unfortunate license duplication - calc : - ignore preceding spaces when parsing numbers - make the string 'New Record' localizable (fdo#32209) - remove trailing spaces too when parsing CSV simple numbers - display correct record information in Data Form dialog (fdo#32196) - components : - make the ODMA check box clickable again (fdo#32132) - fixed the sizes of Tips and Extended tips check boxes - make 'Reset help agent' button clickable again (fdo#32132) - extensions : - fix filled polygons on PDF import - filters : - performance for import of XLSX files with drawing objects (i#115940) - impress : - missing embedded object in ODP export (i#115898) - grey as default color for native tables in Impress - graphics on master page cannot be deleted (i#115993) - libs-core : - save with the proper DOC variant (fdo#32219) - removed dupe para ids introduced by copy&paste - colon needed for LD_LIBRARY_PATH set but empty - wikihelp: use the right Help ID URL (fdo#32338) - MySQL Cast(col1 as CHAR) yields error (i#115436) - import compatibility for enhanced fields names (fdo#32172) - libs-extern-sys : - XPATH handling fix - libs-gui : - PPTX import crasher. (bnc#654065) - copy&paste problem of metafiles (i#115825) - force Qt paint system to native (fdo#30991) - display problem with Vegur font (fdo#31243) - URIs must be exported as 7bit ASCII (i#115788) - regression in WMF text rendering (fdo#32236, i#115825) - postprocess : - only register EvolutionLocal when EVO support is enabled (fdo#32007) - writer : - after 'data to fields' mail merge does not work (fdo#31190) - missing outline feature in new RTF export filter (fdo#32039) - encoding of Greek letters names with accent in French (i#115956) - build bits : - better build identification in the about dialog - updated to libreoffice-3.3.0.1 (3.3-rc1) : - ooo integration : - Merge commit 'ooo/OOO330_m17' into libreoffice-3-3 - common : - more RTF import/export fixes - updated branding for rc - artwork : - fixed icons with PNG optimizations - remove remaining ODF MIME type icons - bootstrap : - Add BrOffice artwork / branding support - Do not install HTML versions of LICENSE and README - install credits file - build : - empty toolbar. (bnc#654039) - pack PostgreSQL driver as .oxt instead of .zip - calc : - avoid pasting data from OOo Calc as an OLE object - scaling factor calculation for drawing layer (i#115313) - broken filter option in Datapilot (i#115431) - 'Precision as shown' not working if automatic decimal (i#115512) - disable document modify and broadcasting of changes on range names - don't update visible ranges for invisible panes - changing margins in print preview should mark the document modified - make VLOOKUP work with an external reference once again (fdo#31718) - more strict parsing of external range names - no automatic width adjustment of the dropdown popups (fdo#31710) - re-calculate visible range when switching sheets - skip hidden cells while expanding range selection - components : - overlapping controls - bad alloc and convert to ZipIOException (rh#656191) - divide by zero (rh#657628) - extras : - use consistent autocorrect file names - filters : - fix writerfilter XSL to handle more elements - missing call to importDocumentProperties. (bnc#655194) - rotated text DOCX import (fdo#30474) - impress : - avoid antialiasing for drag rect - libs-core : - Adapted README according to list feedback - register EvolutionLocal when evolution support is enabled (fdo#32007) - crash during toolpanel re-docking - crash in FR version when typing / as first character (i#115774) - only start the quick-starter on restart - don't crash when quickstarter is exited by user (rh#650170) - shutdown quickstarter at end of desktop session (rh#650170) - exit quickstarter if physically deleted (rh#610103) - autocorrect crasher (rh#647392) - start quickstarter on every launch if configured to use it - Switch toolbar icon size to 'auto-detect' - libs-extern : - Use the new stable libwp* releases as default - libs-extern-sys : - fixed urllib.urlopen in the internal python (fdo#31466) - libs-gui : - Allow the dropdown list of a combo box to be scrollable. (fdo#31710) - PDF export regression for simple RTL cases (i#115618) - freeze with ODP import (i#115761) - make toolbar icon size native-widget controlled - use BrOffice in pt_BR locale (fdo#31770) - release the clipboard after flush (i#163153) - l10n : - BrOffice in Brazil => %PRODUCTNAME_BR for win32 installer - sdk : - correct resolveLink function (i#115310) - writer : - crash when opening File/Print dialog fixed (i#115354) - better enhanced fields navigation - allow to localize the 'My AutoText' string (i#66304) - table alignment set to 'From Left' when moving the right. (bnc#636367) - font color selection didn't effect new text. (bnc#652204) - column break DOC import problem. (bnc#652364) - build bits : - install branding for the welcome screen. (bnc#653519) - fixed URL, summary, and description for LibreOffice - bumped requires to libreoffice-branding-upstream > 3.2.99.3 - created l10n-prebuilt subpackage for prebuilt registry files. (bnc#651964) - disabled KDE3 stuff on openSUSE >= 11.2. (bnc#605472, bnc#621472) - added gcc-c++ and libxml2-devel into BuildRequires; were required by kdelibs3-devel before - updated to libreoffice-3.2.99.3 (3.3-beta3) : - ooo integration : - Merge commit 'ooo/OOO330_m13' - common : - impress ruler behaviour - add Title Page dialog (i#7065) - save 1MB on wizards per language - images optimized for smaller size - do not insert a new cell beyond the end - handle multiple selection for printing (i#115266) - remove VBAForm property and associated geometry hack (fdo#30856) - base : - key columns in all tables (i#114026) - reports executed for data display (i#114627) - calc : - non-functional select - defined names in Calc functions (i#79854) - use Ctrl-Shift-D to launch selection list - regression for range array input, e.g. {=A1:A5} - crash on importing docs with database functions - crash on importing named ranges on higher sheets - remove the 'insert new sheet' tab in read-only mode - incorrect display of references from the formula input wizard - new tab page 'Compatibility' in the Options dialog (fdo#30559) - components : - default to evolution - crash in scanner dialog (rh#648475) - extras : - added LibreOffice and Tango palettes - filters : - crash on unsupported .tiffs (i#93300) - vertical text alignment and placeholder style. (bnc#645116) - impress : - broken zoom behaviour - crash in OGL transitions - support for PPT newsflash slide transition - libs-core : - register EVO address book - more quickstarter fixes (i#108846) - missing media-type for ODF thumbnails - add credits hyperlink into about dialog - freeze when adding an extension (i#114933) - -quickstart option, and help fix (i#108846) - GNOME filepicker filter selection (i#112411) - use 'Enter Password' in all dialogs (fdo#31075) - add display properties to control shapes (i#112597) - disable user migration when SAL_DISABLE_USERMIGRATION is set - libs-gui : - disable KDE's crash handler - refresh of OLE object previews - adding font aliases (i#114706) - comparison of key events for IM - show Java error just once by default - underlining problem with Graphite fonts (i#114765) - saving tempfiles when locking is not supported. - better selection of localized font names (i#114703) - MetricFields SetUnit conversions (fdo#30899, bnc#610921) - make Presenter Screen default to the projector (i#112421) - Qt event loop integration (when Glib is used) for KDE4 vclplug - writer : - title pages (i#i66619) - more RTF import/export fixes - tables in page styles (i#114366) - round-trip of DOC unhandled fields - double-click behavior on enhanced fields - leaky pStream after RTF import (fdo#31362) - crash when choosing starmath from start screen - OLE Links round-trip fixed for links as pictures - setup XML namespaces also for footers and headers. (bnc#581954) - switched to the LibreOffice code base, http://www.documentfoundation.org/ - renamed packages from OpenOffice_org* to libreoffice* - updated to libreoffice-3.2.99.2 (3.3-beta2) : - common : - show menus in icons fixup - show all appropriate formats by default on save as (i#113141) - RenderBadPicture on multihead setups and Cairo (i#94007, i#111758) - base : - use correct table name (i#114246) - calc : - better performance on Excel doc import - components : - bound image controls (i#112659) - Appearance config dialog crasher (i#108246) - Euro converter didn't work with ODS (i#100686) - ImageURL and Graphic properties handling (i#113991) - extensions : - some reportbuilder fixes (i#114111, i#112652) - extras : - fix malformed XML file (i#111741) - add Croatian autocorrection (i#96706) - updated Hungarian standard.bau (i#112387) - eensgezinswoning replaces eensgezinswoning - add 1/2, 3/4 and 1/4 symbols to af-ZA, de, en-ZA, mn and pl - filters : - adjust for table::BorderLine2 - table DOCX import crasher (rh#632236) - misc improvements for DOCX VML import - text position bug in DOC import. (bnc#532920) - implement import of alpha channel for RGBA .tiffs (fdo#30472) - impress : - improve randomisation in 'dissolve' transition - libs-core : - add in MonoSpace setting - print the formula itself by default - extension can contain compiled help (i#114008) - no update menu entry for bundled extensions (i#113524) - prevent online update for bundled extensions (i#113524) - make search/replace of colour names with translations safer (i#110142) - libs-gui : - maths brackets misformed in presentation mode (i#113400) - better font-name localization, i.e. en fallback (i#114703) - default to UTF-8 for HTML unless we know differently (i#76649) - writer : - color problem in RTF export (fdo#30604) - crash on export of TOC to .doc (i#112384) - prevent document modification while printing (i#112518) - dotted and dashed border types (fate#307731, fate#307730) - changes from libreoffice-3.2.99.1 (3.3-beta1) : - features : - renamed to LibreOffice - based on ooo330-m7 - changed default branding - started to support the LibreOffice code base [all] - ordinal suffixes autocorrection improvements - updated Numbertext extension to version 0.9.3 - support new distros Raw, LibreOfficeLinux, LibreOfficeMacOSX, LibreOfficeWin32 - performance bits : - memory footprint during PPT import. (bnc#637925) - performance bug on row height adjustments. (bnc#640112) - common bits : - don't set header in DDE tables. (bnc#634517) - Calc bits : - cell content rendering [bnc#640128] - Excel's cell border thickness mapping. (bnc#636691) - relative and absolute references toggling. (bnc#634260) - more on the Flat MSO XML file type detection. (bnc#631993) - Writer bits : - SwXTextRange DOC import (i#112564) - table formulas DOC import. (bnc#631912) - input field fixes. (bnc#628098, bnc#623944) - OLE Links with image DOC import. (bnc#628098) - nested SET/FILLIN fields DOC import. (bnc#634478) - broken floating tables formatting in DOC import. (bnc#617593) - double-clicking on field gives 'read only' message. (bnc#639288) - OOXML bits : - text paragraph autofit PPTX import - VBA bits : - implicit indexes handling - logical operator precedence - column para for Range.Cells. (bnc#639297) - build bits : - update internal ICU to version 4.2.1 - fetch 185d60944ea767075d27247c3162b3bc-unowinreg.dll - updated to version 3.2.98.1 (3.3-alpha1) : - features : - RTF export rewrite - writer navigation - remove obsolete Industrial icon theme - common bits : - gray read-only styles (i#85003) - Accelerators for OK/Cancel buttons in GTK. (bnc#608572) - Calc bits : - cell borders not saved. (bnc#612263) - external reference rework. (bnc#628876) - Flat MSO XML file type detection. (bnc#631993) - disable custom tab colors in high contrast mode - display correct field in data pilot. (bnc#629920) - Watch Window extension doesn't show sheet name. (bnc#604638) - Draw bits : - associate application/x-wpg with oodraw. (bnc#589624) - Impress bits : - More on avmedia soundhandler (i#83753, bnc#515553) - Writer bits : - ww8 styles import (i#21939) - hairline table borders export - saving new document comparison data - Ruby in MS Word format (i#79246) - OOXML : - better internal hlinks XLSX export. (bnc#594248) - numbering roundtripping issues in DOCX. (bnc#569266) - untis translation from EMU in PPTX import. (bnc#621739) - group shapes geometry calculation in PPTX import. (bnc#621739) - many other import/export fixes and improvements - VBA bits : - changes in event handling - more container control fixes - more on invalid code name import for sheet. (bnc#507768) - build bits : - update prebuilt cli dlls for OOo-3.3 - moving ooo-build patches to ooo git sources - use --without-junit on Win32 and openSUSE < 11.2 - used the prepatched OOo sources from ooo-build git - used mozilla-xulrunner192 for openSUSE > 11.3
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 52735
    published 2011-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52735
    title SuSE 11.1 Security Update : Libreoffice (SAT Patch Number 4082)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_OPENOFFICE_ORG-110330.NASL
    description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - add conflicts to force migration to libreoffice - obsolete Quickstarter - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don't version the bundled ct2n extension - last update of translations from Pootle for 3.3.1 - calc - import of cell attributes from Excel documents - incorrect page number in page preview mode (fdo#33155) - components - remove pesky on-line registration menu entry (fdo#33112) - crash on changing position of drawing object in header (rhbz#673819) - extras - start using technical.dic instead of oracle.dic (fdo#31798) - filters - pictures DOCX import (bnc#655763) - parse 'color' property (fdo#33551) - fix ole object import for writer (DOCX) (fdo#33237) - help - OOo -> LibO on Getting Support page (fdo#33249) - libs-core - handle css::table::BorderLine - add preferred Malayalam fonts (fdo#32953) - fix KDE3 library search order (fdo#32797) - StarDesktop.terminate macro behaviour (#30879) - Sun Microsystems -> TDF in desktop file (fdo#31191) - fixed several crashes around config UNO API (fdo#33994) - implementation names weren't matching with xcu (fdo#32872) - improve the check for existence of the localized help (fdo#33258) - libs-extern - upgrade libwpd to 0.9.1 - libs-gui - painting of axial gradients (116318) - fix wrong collation for Catalan language - crash when moving through database types (fdo#32561) - paint toolbar handle positioned properly (fdo#32558) - remove the menu when Left Alt Key was pressed; for GTK - default currency for Estonia should be Euro (fdo#33160) - year of era in long format for zh_TW by default (fdo#33459) - writer - use standard Edit button width of 50 (fdo#32633) - improve formfield checkbox binary export (bnc#660816) - infinite loop while exporting some files in DOC/DOCX/RTF - CTL/Other Default Font (i#25247, i#25561, i#48064, i#92341) - libreoffice-build-3.3.0.4 == 3.3.0-rc4 == final - updated to libreoffice-3.3.0.4 (3.3-rc4) : - common : - remove pesky on-line registration menu entry (fdo#33112) - artwork : - fix search toolbar up/down search button icons - base : - report builder not shows properties on report fields (fdo#32742) - report left/right page margin setting ignored on 64-bit (i#116187) - build : - updated translations - calc : - reverted problematic and dangerous : - performance of filters with many filtered ranges (i#116164) - obtain correct data range for external references (i#115906) - libs-core : - FMR crasher (fdo#33099) - backgrounds for polypolygons in metafile (i#116371) - unopkg crasher on SLED11-SP1 (bnc#655912) - libs-gui : - use sane scrollbar sizes when drawing - painting of axial gradients (i#116318) - do not mix unrelated X11 Visuals (fdo#33108) - avoid GetHelpText() call which can be quite heavy - writer : - fields fixes: key inputs, 0-length fields import (bnc#657135) - replaced obsolete SuSEconfig gtk2 module call with %%icon_theme_cache_post(un) macros for openSUSE > 11.3 (bnc#663245) - updated to libreoffice-3.3.0.3 (3.3-rc3) : - build : - use libreoffice and lo* wrappers; update man pages accordingly - navigation buttons' patch selection handling (fdo#32380, bnc#649506) - calc : - bogus check for numerical sheet names (fdo#32570) - performance of filters with many filtered ranges (i#116164) - obtain correct data range for external references (i#115906) - avoid double-paste when pasting text into cell comment (fdo#32572) - components : - fix nsplugin for LibreOffice name - fixing large OOXML files (i#115944) - layout breakage for KDE, X11 and (possibly) Mac (fdo#32133) - extensions : - patching xpdf to patchlevel 3.02pl5 - extras : - creating technical.dic based on src/*.dic - filters : - small TGAReader improvement (i#164349) - PageRange handling in writer PDF export (#116085) - impress : - missing font color (rhbz#663857) - use updated anchor for group shapes (i#115898) - presentation objects on master pages (i#115993) - libs-core : - survive missing window (rhbz#666216) - better font selection in Japanese locale. - do not block when launching Firefox (fdo#32427) - show the license information in a separate dialog (fdo#32563) - make unopkg --suppress-license skip license in all cases (fdo#32840) - libs-extern-sys : - better XPATH handling (i#164350) - libs-gui : - use the initial language if not specified (fdo#32523) - clean up search cache singleton in correct order (rhbz#666088) - writer : - undo/redo crash with postits (rhbz#660342) - rearrange title dialog to get translations (fdo#32633) - move to the next record during mail merge (fdo#32790) - updated to libreoffice-3.3.0.2 (3.3-rc2) : - common : - copy & paste a text formatted cell (i#115825) - replaced http://www.openoffice.org (fdo#32169) - bootstrap : - check if KDE is >= 4.2 - cleanup unfortunate license duplication - calc : - ignore preceding spaces when parsing numbers - make the string 'New Record' localizable (fdo#32209) - remove trailing spaces too when parsing CSV simple numbers - display correct record information in Data Form dialog (fdo#32196) - components : - make the ODMA check box clickable again (fdo#32132) - fixed the sizes of Tips and Extended tips check boxes - make 'Reset help agent' button clickable again (fdo#32132) - extensions : - fix filled polygons on PDF import - filters : - performance for import of XLSX files with drawing objects (i#115940) - impress : - missing embedded object in ODP export (i#115898) - grey as default color for native tables in Impress - graphics on master page cannot be deleted (i#115993) - libs-core : - save with the proper DOC variant (fdo#32219) - removed dupe para ids introduced by copy&paste - colon needed for LD_LIBRARY_PATH set but empty - wikihelp: use the right Help ID URL (fdo#32338) - MySQL Cast(col1 as CHAR) yields error (i#115436) - import compatibility for enhanced fields names (fdo#32172) - libs-extern-sys : - XPATH handling fix - libs-gui : - PPTX import crasher (bnc#654065) - copy&paste problem of metafiles (i#115825) - force Qt paint system to native (fdo#30991) - display problem with Vegur font (fdo#31243) - URIs must be exported as 7bit ASCII (i#115788) - regression in WMF text rendering (fdo#32236, i#115825) - postprocess : - only register EvolutionLocal when EVO support is enabled (fdo#32007) - writer : - after 'data to fields' mail merge does not work (fdo#31190) - missing outline feature in new RTF export filter (fdo#32039) - encoding of Greek letters names with accent in French (i#115956) - build bits : - better build identification in the about dialog - updated to libreoffice-3.3.0.1 (3.3-rc1) : - ooo integration : - Merge commit 'ooo/OOO330_m17' into libreoffice-3-3 - common : - more RTF import/export fixes - updated branding for rc - artwork : - fixed icons with PNG optimizations - remove remaining ODF MIME type icons - bootstrap : - Add BrOffice artwork / branding support - Do not install HTML versions of LICENSE and README - install credits file - build : - empty toolbar (bnc#654039) - pack PostgreSQL driver as .oxt instead of .zip - calc : - avoid pasting data from OOo Calc as an OLE object - scaling factor calculation for drawing layer (i#115313) - broken filter option in Datapilot (i#115431) - 'Precision as shown' not working if automatic decimal (i#115512) - disable document modify and broadcasting of changes on range names - don't update visible ranges for invisible panes - changing margins in print preview should mark the document modified - make VLOOKUP work with an external reference once again (fdo#31718) - more strict parsing of external range names - no automatic width adjustment of the dropdown popups (fdo#31710) - re-calculate visible range when switching sheets - skip hidden cells while expanding range selection - components : - overlapping controls - bad alloc and convert to ZipIOException (rh#656191) - divide by zero (rh#657628) - extras : - use consistent autocorrect file names - filters : - fix writerfilter XSL to handle more elements - missing call to importDocumentProperties (bnc#655194) - rotated text DOCX import (fdo#30474) - impress : - avoid antialiasing for drag rect - libs-core : - Adapted README according to list feedback - register EvolutionLocal when evolution support is enabled (fdo#32007) - crash during toolpanel re-docking - crash in FR version when typing / as first character (i#115774) - only start the quick-starter on restart - don't crash when quickstarter is exited by user (rh#650170) - shutdown quickstarter at end of desktop session (rh#650170) - exit quickstarter if physically deleted (rh#610103) - autocorrect crasher (rh#647392) - start quickstarter on every launch if configured to use it - Switch toolbar icon size to 'auto-detect' - libs-extern : - Use the new stable libwp* releases as default - libs-extern-sys : - fixed urllib.urlopen in the internal python (fdo#31466) - libs-gui : - Allow the dropdown list of a combo box to be scrollable. (fdo#31710) - PDF export regression for simple RTL cases (i#115618) - freeze with ODP import (i#115761) - make toolbar icon size native-widget controlled - use BrOffice in pt_BR locale (fdo#31770) - release the clipboard after flush (i#163153) - l10n : - BrOffice in Brazil => %PRODUCTNAME_BR for win32 installer - sdk : - correct resolveLink function (i#115310) - writer : - crash when opening File/Print dialog fixed (i#115354) - better enhanced fields navigation - allow to localize the 'My AutoText' string (i#66304) - table alignment set to 'From Left' when moving the right (bnc#636367) - font color selection didn't effect new text (bnc#652204) - column break DOC import problem (bnc#652364) - build bits : - install branding for the welcome screen (bnc#653519) - fixed URL, summary, and description for LibreOffice - bumped requires to libreoffice-branding-upstream > 3.2.99.3 - created l10n-prebuilt subpackage for prebuilt registry files (bnc#651964) - disabled KDE3 stuff on openSUSE >= 11.2 (bnc#605472, bnc#621472) - added gcc-c++ and libxml2-devel into BuildRequires; were required by kdelibs3-devel before - updated to libreoffice-3.2.99.3 (3.3-beta3) : - ooo integration : - Merge commit 'ooo/OOO330_m13' - common : - impress ruler behaviour - add Title Page dialog (i#7065) - save 1MB on wizards per language - images optimized for smaller size - do not insert a new cell beyond the end - handle multiple selection for printing (i#115266) - remove VBAForm property and associated geometry hack (fdo#30856) - base : - key columns in all tables (i#114026) - reports executed for data display (i#114627) - calc : - non-functional select - defined names in Calc functions (i#79854) - use Ctrl-Shift-D to launch selection list - regression for range array input, e.g. {=A1:A5} - crash on importing docs with database functions - crash on importing named ranges on higher sheets - remove the 'insert new sheet' tab in read-only mode - incorrect display of references from the formula input wizard - new tab page 'Compatibility' in the Options dialog (fdo#30559) - components : - default to evolution - crash in scanner dialog (rh#648475) - extras : - added LibreOffice and Tango palettes - filters : - crash on unsupported .tiffs (i#93300) - vertical text alignment and placeholder style (bnc#645116) - impress : - broken zoom behaviour - crash in OGL transitions - support for PPT newsflash slide transition - libs-core : - register EVO address book - more quickstarter fixes (i#108846) - missing media-type for ODF thumbnails - add credits hyperlink into about dialog - freeze when adding an extension (i#114933) - -quickstart option, and help fix (i#108846) - GNOME filepicker filter selection (i#112411) - use 'Enter Password' in all dialogs (fdo#31075) - add display properties to control shapes (i#112597) - disable user migration when SAL_DISABLE_USERMIGRATION is set - libs-gui : - disable KDE's crash handler - refresh of OLE object previews - adding font aliases (i#114706) - comparison of key events for IM - show Java error just once by default - underlining problem with Graphite fonts (i#114765) - saving tempfiles when locking is not supported. - better selection of localized font names (i#114703) - MetricFields SetUnit conversions (fdo#30899, bnc#610921) - make Presenter Screen default to the projector (i#112421) - Qt event loop integration (when Glib is used) for KDE4 vclplug - writer : - title pages (i#i66619) - more RTF import/export fixes - tables in page styles (i#114366) - round-trip of DOC unhandled fields - double-click behavior on enhanced fields - leaky pStream after RTF import (fdo#31362) - crash when choosing starmath from start screen - OLE Links round-trip fixed for links as pictures - setup XML namespaces also for footers and headers (bnc#581954) - switched to the LibreOffice code base, http://www.documentfoundation.org/ - renamed packages from OpenOffice_org* to libreoffice* - updated to libreoffice-3.2.99.2 (3.3-beta2) : - common : - show menus in icons fixup - show all appropriate formats by default on save as (i#113141) - RenderBadPicture on multihead setups and Cairo (i#94007, i#111758) - base : - use correct table name (i#114246) - calc : - better performance on Excel doc import - components : - bound image controls (i#112659) - Appearance config dialog crasher (i#108246) - Euro converter didn't work with ODS (i#100686) - ImageURL and Graphic properties handling (i#113991) - extensions : - some reportbuilder fixes (i#114111, i#112652) - extras : - fix malformed XML file (i#111741) - add Croatian autocorrection (i#96706) - updated Hungarian standard.bau (i#112387) - eensgezinswoning replaces eensgezinswoning - add 1/2, 3/4 and 1/4 symbols to af-ZA, de, en-ZA, mn and pl - filters : - adjust for table::BorderLine2 - table DOCX import crasher (rh#632236) - misc improvements for DOCX VML import - text position bug in DOC import (bnc#532920) - implement import of alpha channel for RGBA .tiffs (fdo#30472) - impress : - improve randomisation in 'dissolve' transition - libs-core : - add in MonoSpace setting - print the formula itself by default - extension can contain compiled help (i#114008) - no update menu entry for bundled extensions (i#113524) - prevent online update for bundled extensions (i#113524) - make search/replace of colour names with translations safer (i#110142) - libs-gui : - maths brackets misformed in presentation mode (i#113400) - better font-name localization, i.e. en fallback (i#114703) - default to UTF-8 for HTML unless we know differently (i#76649) - writer : - color problem in RTF export (fdo#30604) - crash on export of TOC to .doc (i#112384) - prevent document modification while printing (i#112518) - dotted and dashed border types (fate#307731, fate#307730) - changes from libreoffice-3.2.99.1 (3.3-beta1) : - features : - renamed to LibreOffice - based on ooo330-m7 - changed default branding - started to support the LibreOffice code base [all] - ordinal suffixes autocorrection improvements - updated Numbertext extension to version 0.9.3 - support new distros Raw, LibreOfficeLinux, LibreOfficeMacOSX, LibreOfficeWin32 - performance bits : - memory footprint during PPT import (bnc#637925) - performance bug on row height adjustments (bnc#640112) - common bits : - don't set header in DDE tables (bnc#634517) - Calc bits : - cell content rendering [bnc#640128] - Excel's cell border thickness mapping (bnc#636691) - relative and absolute references toggling (bnc#634260) - more on the Flat MSO XML file type detection (bnc#631993) - Writer bits : - SwXTextRange DOC import (i#112564) - table formulas DOC import (bnc#631912) - input field fixes (bnc#628098, bnc#623944) - OLE Links with image DOC import (bnc#628098) - nested SET/FILLIN fields DOC import (bnc#634478) - broken floating tables formatting in DOC import (bnc#617593) - double-clicking on field gives 'read only' message (bnc#639288) - OOXML bits : - text paragraph autofit PPTX import - VBA bits : - implicit indexes handling - logical operator precedence - column para for Range.Cells (bnc#639297) - build bits : - update internal ICU to version 4.2.1 - fetch 185d60944ea767075d27247c3162b3bc-unowinreg.dll - updated to version 3.2.98.1 (3.3-alpha1) : - features : - RTF export rewrite - writer navigation - remove obsolete Industrial icon theme - common bits : - gray read-only styles (i#85003) - Accelerators for OK/Cancel buttons in GTK (bnc#608572) - Calc bits : - cell borders not saved (bnc#612263) - external reference rework (bnc#628876) - Flat MSO XML file type detection (bnc#631993) - disable custom tab colors in high contrast mode - display correct field in data pilot (bnc#629920) - Watch Window extension doesn't show sheet name (bnc#604638) - Draw bits : - associate application/x-wpg with oodraw (bnc#589624) - Impress bits : - More on avmedia soundhandler (i#83753, bnc#515553) - Writer bits : - ww8 styles import (i#21939) - hairline table borders export - saving new document comparison data - Ruby in MS Word format (i#79246) - OOXML : - better internal hlinks XLSX export (bnc#594248) - numbering roundtripping issues in DOCX (bnc#569266) - untis translation from EMU in PPTX import (bnc#621739) - group shapes geometry calculation in PPTX import (bnc#621739) - many other import/export fixes and improvements - VBA bits : - changes in event handling - more container control fixes - more on invalid code name import for sheet (bnc#507768) - build bits : - update prebuilt cli dlls for OOo-3.3 - moving ooo-build patches to ooo git sources - use --without-junit on Win32 and openSUSE < 11.2 - used the prepatched OOo sources from ooo-build git - used mozilla-xulrunner192 for openSUSE > 11.3 MaintenanceTracker-35044, CVE-2010-2935, CVE-2010-2936) : - Calc bits : - custom field names handling in Data Pilot (bnc#634974) - remember 'sort by' selection in Data Pilot (bnc#634974) - more on the Flat MSO XML file type detection (bnc#631993) - Impress bits : - cairocanvas border treatment (bnc#629546, rh#557317) MaintenanceTracker-35044, CVE-2010-2935, CVE-2010-2936) : - security fixes : - two impress vulnerabilities (CVE-2010-2935, CVE-2010-2936, bnc#629085) - common bits : - honour ure-link in SDK configure.pl - macro recording crasher (i#113084) [upstream, Rene] - Calc bits : - DataPilot sort by ID (bnc#622920) - Flat MSO XML file type detection (bnc#527738) - DDE linkage upon loading documents (bnc#618846, bnc#618864) - file name as sheet name in Excel 2.1 docs import (bnc#612902) - Draw bits : - random extra arrows around the custom shape (i#105654) - Impress bits : - slideshow clipping (i#112422) - cairocanvas border treatment (bnc#629546, rh#557317) - Writer bits : - input field fixes (bnc#628098, bnc#623944) - non-breaking space erasing freeze (i#i113461) [upstream, Rene] - broken floating tables formatting in DOC import (bnc#617593) - Netbooks bits : - decorate help window (bnc#621116) - more restrictive top level document window check (bnc#607735) - reduce height of PDF export and recovery dialogs (bnc#623352) - Win32 bits : - allow view 'details' in File Open dialog on XP (bnc#620924) - l10n bits : - non-localized Tools/Options/OOo Writer/Comparison (bnc#615000)
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 75687
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75687
    title openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101007_XPDF_ON_SL3_X.NASL
    description An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (SL4 only - CVE-2010-3704)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60867
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60867
    title Scientific Linux Security Update : xpdf on SL3.x, SL4.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0751.NASL
    description An updated xpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 49798
    published 2010-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49798
    title RHEL 4 : xpdf (RHSA-2010:0751)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBPOPPLER-DEVEL-101021.NASL
    description specially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3704)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53677
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53677
    title openSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0754.NASL
    description Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS 'pdftops' filter converts Portable Document Format (PDF) files to PostScript. An uninitialized pointer use flaw was discovered in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that, when printed, would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user. (CVE-2010-3702) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49813
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49813
    title CentOS 3 : cups (CESA-2010:0754)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0749.NASL
    description From Red Hat Security Advisory 2010:0749 : Updated poppler packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 68110
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68110
    title Oracle Linux 5 : poppler (ELSA-2010-0749)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0754.NASL
    description From Red Hat Security Advisory 2010:0754 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS 'pdftops' filter converts Portable Document Format (PDF) files to PostScript. An uninitialized pointer use flaw was discovered in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that, when printed, would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user. (CVE-2010-3702) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68115
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68115
    title Oracle Linux 3 : cups (ELSA-2010-0754)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101007_GPDF_ON_SL4_X.NASL
    description An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60864
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60864
    title Scientific Linux Security Update : gpdf on SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_XPDF-101015.NASL
    description A specially crafted PDF files could crash xpdf or potentially even cause execution of arbitrary code. (CVE-2010-3702 / CVE-2010-3703 / CVE-2010-3704)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 51637
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51637
    title SuSE 11.1 Security Update : xpdf (SAT Patch Number 3377)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBPOPPLER-DEVEL-101016.NASL
    description Specially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702 / CVE-2010-3704). This has been fixed.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 50942
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50942
    title SuSE 11 Security Update : libpoppler (SAT Patch Number 3337)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0752.NASL
    description An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49811
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49811
    title CentOS 4 : gpdf (CESA-2010:0752)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBPOPPLER-DEVEL-101016.NASL
    description Specially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3703, CVE-2010-3704)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75606
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75606
    title openSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0751.NASL
    description An updated xpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49810
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49810
    title CentOS 4 : xpdf (CESA-2010:0751)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0859.NASL
    description From Red Hat Security Advisory 2010:0859 : Updated poppler packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68137
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68137
    title Oracle Linux 6 : poppler (ELSA-2010-0859)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0750.NASL
    description An updated xpdf package that fixes one security issue is now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49809
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49809
    title CentOS 3 : xpdf (CESA-2010:0750)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101110_POPPLER_ON_SL6_X.NASL
    description Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60896
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60896
    title Scientific Linux Security Update : poppler on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0859.NASL
    description Updated poppler packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50631
    published 2010-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50631
    title RHEL 6 : poppler (RHSA-2010:0859)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-15981.NASL
    description - Thu Oct 7 2010 Marek Kasik - 0.12.4-5 - Add poppler-0.12.4-CVE-2010-3702.patch (Properly initialize parser) - Add poppler-0.12.4-CVE-2010-3703.patch (Properly initialize stack) - Add poppler-0.12.4-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) - Resolves: #639861 - Mon Jul 19 2010 Marek Kasik - 0.12.4-4 - Accept 4-digit values in ToUnicode CMaps - (#574964) - Tue Jun 29 2010 Marek Kasik - 0.12.4-3 - Fix initialization of members of TextOutputDev in its constructor - (#606870) - Thu Mar 4 2010 Marek Kasik - 0.12.4-2 - Fix showing of radio buttons (#480868) - Fri Feb 19 2010 Marek Kasik - 0.12.4-1 - Update to 0.12.4 - Mon Feb 15 2010 Marek Kasik - 0.12.3-9 - Fix downscaling of rotated pages (#563353) - Thu Jan 28 2010 Marek Kasik - 0.12.3-8 - Get current FcConfig before using it (#533992) - Sun Jan 24 2010 Rex Dieter - 0.12.3-7 - use alternative/upstream downscale patch (#556549, fdo#5589) - Wed Jan 20 2010 Marek Kasik - 0.12.3-6 - Add dependency on poppler-data (#553991) - Tue Jan 19 2010 Rex Dieter - 0.12.3-5 - cairo backend, scale images correctly (#556549, fdo#5589) - Fri Jan 15 2010 Rex Dieter - 0.12.3-4 - Sanitize versioned Obsoletes/Provides - Fri Jan 15 2010 Marek Kasik - 0.12.3-3 - Correct permissions of goo/GooTimer.h - Convert pdftohtml.1 to utf8 - Make the pdftohtml's Provides/Obsoletes versioned - Thu Jan 7 2010 Rex Dieter - 0.12.3-1 - poppler-0.12.3 - Mon Nov 23 2009 Rex Dieter - 0.12.2-1 - poppler-0.12.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 50033
    published 2010-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50033
    title Fedora 12 : poppler-0.12.4-5.fc12 (2010-15981)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-230.NASL
    description Multiple vulnerabilities were discovered and corrected in poppler : The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 50582
    published 2010-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50582
    title Mandriva Linux Security Advisory : poppler (MDVSA-2010:230)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2135.NASL
    description Joel Voss of Leviathan Security Group discovered two vulnerabilities in xpdf rendering engine, which may lead to the execution of arbitrary code if a malformed PDF file is opened.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 51397
    published 2011-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51397
    title Debian DSA-2135-1 : xpdf - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2119.NASL
    description Joel Voss of Leviathan Security Group discovered two vulnerabilities in the Poppler PDF rendering library, which may lead to the execution of arbitrary code if a malformed PDF file is opened.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49965
    published 2010-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49965
    title Debian DSA-2119-1 : poppler - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0750.NASL
    description From Red Hat Security Advisory 2010:0750 : An updated xpdf package that fixes one security issue is now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 68111
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68111
    title Oracle Linux 3 : xpdf (ELSA-2010-0750)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0754.NASL
    description Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS 'pdftops' filter converts Portable Document Format (PDF) files to PostScript. An uninitialized pointer use flaw was discovered in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that, when printed, would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user. (CVE-2010-3702) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 49801
    published 2010-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49801
    title RHEL 3 : cups (RHSA-2010:0754)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBPOPPLER-DEVEL-101017.NASL
    description Specially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702 / CVE-2010-3703 / CVE-2010-3704). This has been fixed.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 51622
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51622
    title SuSE 11.1 Security Update : libpoppler (SAT Patch Number 3338)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0749.NASL
    description Updated poppler packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49936
    published 2010-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49936
    title CentOS 5 : poppler (CESA-2010:0749)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0753.NASL
    description From Red Hat Security Advisory 2010:0753 : Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 68114
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68114
    title Oracle Linux 4 : kdegraphics (ELSA-2010-0753)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-16744.NASL
    description apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 50483
    published 2010-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50483
    title Fedora 14 : xpdf-3.02-16.fc14 (2010-16744)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-231.NASL
    description Multiple vulnerabilities were discovered and corrected in poppler : The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference (CVE-2010-3703). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 50583
    published 2010-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50583
    title Mandriva Linux Security Advisory : poppler (MDVSA-2010:231)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2010-324-01.NASL
    description New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 50660
    published 2010-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50660
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 9.1 / current : xpdf (SSA:2010-324-01)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-228.NASL
    description Multiple vulnerabilities were discovered and corrected in xpdf : The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 50581
    published 2010-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50581
    title Mandriva Linux Security Advisory : xpdf (MDVSA-2010:228)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-15911.NASL
    description - Thu Oct 7 2010 Marek Kasik - 0.12.4-6 - Add poppler-0.12.4-CVE-2010-3702.patch (Properly initialize parser) - Add poppler-0.12.4-CVE-2010-3703.patch (Properly initialize stack) - Add poppler-0.12.4-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) - Resolves: #639861 - Mon Jul 19 2010 Marek Kasik - 0.12.4-5 - Accept 4-digit values in ToUnicode CMaps - (#574964) - Tue Jun 29 2010 Marek Kasik - 0.12.4-4 - A little modification of poppler-0.12.4-TextOutputDev.patch - Tue Jun 29 2010 Marek Kasik - 0.12.4-3 - Fix initialization of members of TextOutputDev in its constructor - (#606870) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 50027
    published 2010-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50027
    title Fedora 13 : poppler-0.12.4-6.fc13 (2010-15911)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBPOPPLER-DEVEL-101016.NASL
    description Specially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3704)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53755
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53755
    title openSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0752.NASL
    description An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 49799
    published 2010-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49799
    title RHEL 4 : gpdf (RHSA-2010:0752)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_XPDF-101014.NASL
    description specially crafted PDF files could crash xpdf or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3703, CVE-2010-3704)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53690
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53690
    title openSUSE Security Update : xpdf (openSUSE-SU-2010:1091-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0753.NASL
    description Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 49800
    published 2010-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49800
    title RHEL 4 / 5 : kdegraphics (RHSA-2010:0753)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1005-1.NASL
    description It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 50045
    published 2010-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50045
    title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : poppler vulnerabilities (USN-1005-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2010-324-02.NASL
    description New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2013-10-08
    plugin id 50661
    published 2010-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50661
    title Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : poppler (SSA:2010-324-02)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-16662.NASL
    description apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 50479
    published 2010-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50479
    title Fedora 13 : xpdf-3.02-16.fc13 (2010-16662)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0749.NASL
    description Updated poppler packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 49796
    published 2010-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49796
    title RHEL 5 : poppler (RHSA-2010:0749)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0753.NASL
    description Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49812
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49812
    title CentOS 4 / 5 : kdegraphics (CESA-2010:0753)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0750.NASL
    description An updated xpdf package that fixes one security issue is now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 49797
    published 2010-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49797
    title RHEL 3 : xpdf (RHSA-2010:0750)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XPDF-7190.NASL
    description A specially crafted PDF files could crash xpdf or potentially even cause execution of arbitrary code. (CVE-2010-3702 / CVE-2010-3703 / CVE-2010-3704)
    last seen 2019-02-21
    modified 2012-10-03
    plugin id 51365
    published 2010-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51365
    title SuSE 10 Security Update : xpdf (ZYPP Patch Number 7190)
redhat via4
advisories
  • bugzilla
    id 638960
    title CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment poppler is earlier than 0:0.5.4-4.4.el5_5.14
          oval oval:com.redhat.rhsa:tst:20100749002
        • comment poppler is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070732003
      • AND
        • comment poppler-devel is earlier than 0:0.5.4-4.4.el5_5.14
          oval oval:com.redhat.rhsa:tst:20100749006
        • comment poppler-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070732005
      • AND
        • comment poppler-utils is earlier than 0:0.5.4-4.4.el5_5.14
          oval oval:com.redhat.rhsa:tst:20100749004
        • comment poppler-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070732007
    rhsa
    id RHSA-2010:0749
    released 2010-10-07
    severity Important
    title RHSA-2010:0749: poppler security update (Important)
  • bugzilla
    id 638960
    title CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • comment xpdf is earlier than 1:3.00-24.el4_8.1
      oval oval:com.redhat.rhsa:tst:20100751002
    • comment xpdf is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070735003
    rhsa
    id RHSA-2010:0751
    released 2010-10-07
    severity Important
    title RHSA-2010:0751: xpdf security update (Important)
  • bugzilla
    id 638960
    title CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • comment gpdf is earlier than 0:2.8.2-7.7.2.el4_8.7
      oval oval:com.redhat.rhsa:tst:20100752002
    • comment gpdf is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070730003
    rhsa
    id RHSA-2010:0752
    released 2010-10-07
    severity Important
    title RHSA-2010:0752: gpdf security update (Important)
  • bugzilla
    id 638960
    title CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment kdegraphics is earlier than 7:3.3.1-18.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100753002
          • comment kdegraphics is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070729003
        • AND
          • comment kdegraphics-devel is earlier than 7:3.3.1-18.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100753004
          • comment kdegraphics-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070729005
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment kdegraphics is earlier than 7:3.5.4-17.el5_5.1
            oval oval:com.redhat.rhsa:tst:20100753007
          • comment kdegraphics is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070729008
        • AND
          • comment kdegraphics-devel is earlier than 7:3.5.4-17.el5_5.1
            oval oval:com.redhat.rhsa:tst:20100753009
          • comment kdegraphics-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070729010
    rhsa
    id RHSA-2010:0753
    released 2010-10-07
    severity Important
    title RHSA-2010:0753: kdegraphics security update (Important)
  • bugzilla
    id 639356
    title CVE-2010-3703 poppler: use of initialized pointer in PostScriptFunction
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment poppler is earlier than 0:0.12.4-3.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100859005
        • comment poppler is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859006
      • AND
        • comment poppler-devel is earlier than 0:0.12.4-3.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100859013
        • comment poppler-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859014
      • AND
        • comment poppler-glib is earlier than 0:0.12.4-3.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100859015
        • comment poppler-glib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859016
      • AND
        • comment poppler-glib-devel is earlier than 0:0.12.4-3.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100859019
        • comment poppler-glib-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859020
      • AND
        • comment poppler-qt is earlier than 0:0.12.4-3.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100859017
        • comment poppler-qt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859018
      • AND
        • comment poppler-qt-devel is earlier than 0:0.12.4-3.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100859011
        • comment poppler-qt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859012
      • AND
        • comment poppler-qt4 is earlier than 0:0.12.4-3.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100859021
        • comment poppler-qt4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859022
      • AND
        • comment poppler-qt4-devel is earlier than 0:0.12.4-3.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100859007
        • comment poppler-qt4-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859008
      • AND
        • comment poppler-utils is earlier than 0:0.12.4-3.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100859009
        • comment poppler-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100859010
    rhsa
    id RHSA-2010:0859
    released 2010-11-10
    severity Important
    title RHSA-2010:0859: poppler security update (Important)
  • rhsa
    id RHSA-2012:1201
rpms
  • poppler-0:0.5.4-4.4.el5_5.14
  • poppler-devel-0:0.5.4-4.4.el5_5.14
  • poppler-utils-0:0.5.4-4.4.el5_5.14
  • xpdf-1:3.00-24.el4_8.1
  • gpdf-0:2.8.2-7.7.2.el4_8.7
  • kdegraphics-7:3.3.1-18.el4_8.1
  • kdegraphics-devel-7:3.3.1-18.el4_8.1
  • kdegraphics-7:3.5.4-17.el5_5.1
  • kdegraphics-devel-7:3.5.4-17.el5_5.1
  • poppler-0:0.12.4-3.el6_0.1
  • poppler-devel-0:0.12.4-3.el6_0.1
  • poppler-glib-0:0.12.4-3.el6_0.1
  • poppler-glib-devel-0:0.12.4-3.el6_0.1
  • poppler-qt-0:0.12.4-3.el6_0.1
  • poppler-qt-devel-0:0.12.4-3.el6_0.1
  • poppler-qt4-0:0.12.4-3.el6_0.1
  • poppler-qt4-devel-0:0.12.4-3.el6_0.1
  • poppler-utils-0:0.12.4-3.el6_0.1
  • tetex-0:3.0-33.15.el5_8.1
  • tetex-afm-0:3.0-33.15.el5_8.1
  • tetex-doc-0:3.0-33.15.el5_8.1
  • tetex-dvips-0:3.0-33.15.el5_8.1
  • tetex-fonts-0:3.0-33.15.el5_8.1
  • tetex-latex-0:3.0-33.15.el5_8.1
  • tetex-xdvi-0:3.0-33.15.el5_8.1
refmap via4
bid 43841
confirm
debian
  • DSA-2119
  • DSA-2135
fedora
  • FEDORA-2010-15857
  • FEDORA-2010-15911
  • FEDORA-2010-15981
  • FEDORA-2010-16662
  • FEDORA-2010-16705
  • FEDORA-2010-16744
mandriva
  • MDVSA-2010:228
  • MDVSA-2010:229
  • MDVSA-2010:230
  • MDVSA-2010:231
  • MDVSA-2012:144
mlist [oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark
secunia
  • 42141
  • 42357
  • 42397
  • 42691
  • 43079
slackware SSA:2010-324-01
suse
  • SUSE-SR:2010:022
  • SUSE-SR:2010:024
ubuntu USN-1005-1
vupen
  • ADV-2010-2897
  • ADV-2010-3097
  • ADV-2011-0230
Last major update 19-11-2012 - 23:24
Published 05-11-2010 - 14:00
Last modified 06-03-2019 - 11:30
Back to Top