安全公告详情

NS-SA-2019-0202

2019-10-14 19:29:28

简介

moderate: httpd/poppler security update

严重级别

moderate

主题

An update for httpd/poppler is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

httpd: The Apache HTTP Server is a powerful, efficient, and extensible web server.
poppler: Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC.


Security Fix(es):
httpd: A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.(CVE-2019-0220)
httpd: A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)
httpd: bugfix
poppler: Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)
poppler: In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646)
poppler: An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)
poppler: An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)
poppler: An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)
poppler: An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)
poppler: In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.(CVE-2019-7310)
poppler: A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.(CVE-2019-9200)
poppler: Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)
poppler: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)
poppler: A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)
poppler: XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.(CVE-2018-20481)
poppler: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F18.

影响组件

  • httpd
  • poppler

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["httpd-2.4.6-90.el7.centos.x86_64.rpm","httpd-debuginfo-2.4.6-90.el7.centos.x86_64.rpm","mod_ldap-2.4.6-90.el7.centos.x86_64.rpm","httpd-devel-2.4.6-90.el7.centos.x86_64.rpm","httpd-manual-2.4.6-90.el7.centos.noarch.rpm","httpd-tools-2.4.6-90.el7.centos.x86_64.rpm","mod_proxy_html-2.4.6-90.el7.centos.x86_64.rpm","mod_session-2.4.6-90.el7.centos.x86_64.rpm","mod_ssl-2.4.6-90.el7.centos.x86_64.rpm"],"source":"httpd-2.4.6-90.el7.centos.src.rpm"},{"binary":["poppler-0.26.5-38.el7.x86_64.rpm","poppler-cpp-0.26.5-38.el7.x86_64.rpm","poppler-cpp-devel-0.26.5-38.el7.x86_64.rpm","poppler-debuginfo-0.26.5-38.el7.x86_64.rpm","poppler-demos-0.26.5-38.el7.x86_64.rpm","poppler-devel-0.26.5-38.el7.x86_64.rpm","poppler-glib-0.26.5-38.el7.x86_64.rpm","poppler-glib-devel-0.26.5-38.el7.x86_64.rpm","poppler-qt-0.26.5-38.el7.x86_64.rpm","poppler-qt-devel-0.26.5-38.el7.x86_64.rpm","poppler-utils-0.26.5-38.el7.x86_64.rpm"],"source":"poppler-0.26.5-38.el7.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["mod_ldap-2.4.6-90.el7.centos.x86_64.rpm","mod_proxy_html-2.4.6-90.el7.centos.x86_64.rpm","mod_session-2.4.6-90.el7.centos.x86_64.rpm","mod_ssl-2.4.6-90.el7.centos.x86_64.rpm","httpd-2.4.6-90.el7.centos.x86_64.rpm","httpd-debuginfo-2.4.6-90.el7.centos.x86_64.rpm","httpd-devel-2.4.6-90.el7.centos.x86_64.rpm","httpd-manual-2.4.6-90.el7.centos.noarch.rpm","httpd-tools-2.4.6-90.el7.centos.x86_64.rpm"],"source":"httpd-2.4.6-90.el7.centos.src.rpm"},{"binary":["poppler-0.26.5-38.el7.x86_64.rpm","poppler-cpp-0.26.5-38.el7.x86_64.rpm","poppler-cpp-devel-0.26.5-38.el7.x86_64.rpm","poppler-debuginfo-0.26.5-38.el7.x86_64.rpm","poppler-demos-0.26.5-38.el7.x86_64.rpm","poppler-devel-0.26.5-38.el7.x86_64.rpm","poppler-glib-0.26.5-38.el7.x86_64.rpm","poppler-glib-devel-0.26.5-38.el7.x86_64.rpm","poppler-qt-0.26.5-38.el7.x86_64.rpm","poppler-qt-devel-0.26.5-38.el7.x86_64.rpm","poppler-utils-0.26.5-38.el7.x86_64.rpm"],"source":"poppler-0.26.5-38.el7.src.rpm"}]}]}

CVE

参考