ALSA-2021:1881

[ALSA-2021:1881] Moderate: poppler and evince security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2021-08-11

Description:

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.

The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.

The following packages have been upgraded to a later upstream version: poppler (20.11.0). (BZ#1644423)

Security Fix(es):

* poppler: pdftohtml: access to uninitialized pointer could lead to DoS (CVE-2020-27778)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

CVE-2020-27778

Updated packages listed below:

Architecture	Package	Checksum
i686	evince-devel-3.28.4-11.el8.i686.rpm	1d222d1be01bf9317e523117403202b00234658740fba21659327c29461c1523
i686	poppler-cpp-devel-20.11.0-2.el8.i686.rpm	36d63b4da09e453a4ff4431953511383ed89776d2efe7c492f7fdf9cf1b8587c
i686	poppler-qt5-devel-20.11.0-2.el8.i686.rpm	3eed8f4ea2934e836d454df14edfffe3a88b80ad82ceab0c91dbe3238ab7c574
i686	poppler-devel-20.11.0-2.el8.i686.rpm	4dc2ed376c4683f3db7ceabd6891967b431b85c6fe0e59cd247a8a79e72a6058
i686	poppler-cpp-20.11.0-2.el8.i686.rpm	4f827736c6542649e0d32c72b4b3b1b20785f20c80b2c11970ddc1201879a9d7
i686	poppler-qt5-20.11.0-2.el8.i686.rpm	9519555fbcc9f09f7b09ae45024fa7f5e63422d1005a2852030ec194acb7daaf
i686	poppler-glib-devel-20.11.0-2.el8.i686.rpm	c0f0a993f0fbd34910daeb045a1af5e47284064d0bc40d19be18a98c045b9f92
x86_64	poppler-glib-devel-20.11.0-2.el8.x86_64.rpm	1e220521711b75e5955298b20334dbdf8a5bd74689b0cac0ae93c0c16556f072
x86_64	poppler-cpp-20.11.0-2.el8.x86_64.rpm	2c342a803a62a0aa9f7c8e17ef81211fc361c3514e9ae398465fd564623123e1
x86_64	poppler-qt5-20.11.0-2.el8.x86_64.rpm	6797fa284bc59d586493deeb6bb20bff3696573be51de5e55550e2b95c04cfcf
x86_64	poppler-qt5-devel-20.11.0-2.el8.x86_64.rpm	68a64663858701a736c4f81e0976c2b6e16bc26aaec05b78ba3fd90b316e6e85
x86_64	evince-devel-3.28.4-11.el8.x86_64.rpm	6bd29c996b184c6da0a634e1a5d270c7b0489ad6462a756893a3cc5cb1cc830e
x86_64	poppler-devel-20.11.0-2.el8.x86_64.rpm	c16af004d62df5f8e7088ba1b82fd8823e162c9943a08ec5abc4ebfd170cc6bc
x86_64	poppler-cpp-devel-20.11.0-2.el8.x86_64.rpm	f3ae108e6dec90fd7964335c43da2a4546ea5684a381da24b994981b716f7023

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.