OVAL Reference oval:org.opensuse.security:def:5905

Oval Definition:

oval:org.opensuse.security:def:5905

Revision Date:	2021-12-01	Version:	1
Title:	Security update for poppler (Important)
Description:	This update for poppler fixes the following issues: - CVE-2017-18267: Fixed an infinite recursion that would allow remote attackers to cause a denial of service (bsc#1092945). - CVE-2018-13988: Added an improper implementation check which otherwise could allow buffer overflows, memory corruption, and denial of service (bsc#1102531). - CVE-2018-16646: Fixed an infinite recursion which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1107597). - CVE-2018-18897: Fixed a memory leak (bsc#1114966). - CVE-2018-19058: Fixed a bug which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1115187). - CVE-2018-19059: Fixed an out-of-bounds read access which could allow a denial-of-service attack (bsc#1115186). - CVE-2018-19060: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115185). - CVE-2018-19149: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115626). - CVE-2018-20481: Fixed a NULL pointer dereference while handling unallocated XRef entries which could allow a denial-of-service attack (bsc#1120495). - CVE-2018-20551: Fixed a reachable assertion which could allow a denial-of-service attack through specially crafted PDF files (bsc#1120496). - CVE-2018-20650: Fixed a reachable assertion which could allow denial-of-service through specially crafted PDF files (bsc#1120939). - CVE-2018-20662: Fixed a bug which could potentially crash the running process by SIGABRT resulting in a denial-of-service attack through a specially crafted PDF file (bsc#1120956). - CVE-2019-10871: Fixed a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc (bsc#1131696). - CVE-2019-10872: Fixed a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc (bsc#1131722). - CVE-2019-14494: Fixed a divide-by-zero error in the function SplashOutputDev::tilingPatternFill (bsc#1143950). - CVE-2019-7310: Fixed a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) that allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document (bsc#1124150). - CVE-2019-9200: Fixed a heap-based buffer underwrite which could allow denial-of-service attack through a specially crafted PDF file (bsc#1127329) - CVE-2019-9631: Fixed a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function (bsc#1129202). - CVE-2019-9903: Fixed excessive stack consumption in the Dict::find() method, which can be triggered by passing a crafted pdf file to the pdfunite binary (bsc#1130229). - CVE-2019-9959: Fixed integer overflow that made it possible to allocate a large memory chunk on the heap with a size controlled by an attacker (bsc#1142465). - CVE-2020-27778: Fixed buffer overflow vulnerability in pdftohtml (bsc#1179163).
Family:	unix	Class:	patch
Status:		Reference(s):	1092945 1102531 1107597 1114966 1115185 1115186 1115187 1115626 1120495 1120496 1120939 1120956 1124150 1127329 1129202 1130229 1131696 1131722 1142465 1143950 1179163 CVE-2009-0945 CVE-2010-0405 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 CVE-2010-2761 CVE-2010-2947 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2011-3193 CVE-2011-3922 CVE-2012-2451 CVE-2012-2737 CVE-2012-2738 CVE-2012-4510 CVE-2012-4929 CVE-2012-6093 CVE-2012-6706 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2015-0295 CVE-2015-1782 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2015-8872 CVE-2016-0787 CVE-2016-1601 CVE-2016-4804 CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 CVE-2016-9811 CVE-2017-18267 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 CVE-2018-13988 CVE-2018-16646 CVE-2018-18897 CVE-2018-19058 CVE-2018-19059 CVE-2018-19060 CVE-2018-19149 CVE-2018-20481 CVE-2018-20551 CVE-2018-20650 CVE-2018-20662 CVE-2019-10871 CVE-2019-10872 CVE-2019-14494 CVE-2019-7310 CVE-2019-9200 CVE-2019-9631 CVE-2019-9903 CVE-2019-9959 CVE-2020-27778
Platform(s):	openSUSE 13.1 openSUSE 13.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Build System Kit 12 SUSE Linux Enterprise Build System Kit 12 SP1 SUSE Linux Enterprise Build System Kit 12 SP2 SUSE Linux Enterprise Build System Kit 12 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise for SAP 12 SP2 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise High Availability 12 SP1 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 12 SP5 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP4 SUSE OpenStack Cloud 6	Product(s):
Definition Synopsis
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information openstack-ceilometer-2014.2.4.dev18-3.2 is installed OR openstack-ceilometer-agent-compute-2014.2.4.dev18-3.2 is installed OR openstack-neutron-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-ha-tool-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-l3-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-lbaas-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-metadata-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-metering-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-openvswitch-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-vpn-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-nova-2014.2.4~a0~dev61-6.2 is installed OR openstack-nova-compute-2014.2.4~a0~dev61-6.2 is installed OR openstack-suse-2014.2-5.1 is installed OR openstack-suse-sudo-2014.2-5.1 is installed OR python-ceilometer-2014.2.4.dev18-3.2 is installed OR python-neutron-2014.2.4~a0~dev78-7.2 is installed OR python-nova-2014.2.4~a0~dev61-6.2 is installed
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 is installed AND kernel-zfcpdump-3.12.39-47 is installed
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 SP1 is installed AND kernel-zfcpdump-3.12.59-60.45 is installed
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 SP2 is installed AND kernel-zfcpdump-4.4.103-92.59 is installed
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 SP3 is installed AND kernel-zfcpdump-4.4.82-6.6 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND libvte9-0.28.2-17 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information bzip2-1.0.6-29 is installed OR libbz2-1-1.0.6-29 is installed OR libbz2-1-32bit-1.0.6-29 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information accountsservice-0.6.42-16.3 is installed OR accountsservice-lang-0.6.42-16.3 is installed OR libaccountsservice0-0.6.42-16.3 is installed OR typelib-1_0-AccountsService-1_0-0.6.42-16.3 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 is installed AND Package Information kgraft-patch-3_12_60-52_54-default-2-2.2 is installed OR kgraft-patch-3_12_60-52_54-xen-2-2.2 is installed OR kgraft-patch-SLE12_Update_15-2-2.2 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 SP1 is installed AND Package Information openvpn-2.3.8-16.17.1 is installed OR openvpn-auth-pam-plugin-2.3.8-16.17.1 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 SP2 is installed AND cryptctl-1.2.6-5.3.11 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 is installed AND Package Information ctdb-4.2.4-18.30 is installed OR samba-4.2.4-18.30 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP1 is installed AND Package Information libpcreposix0-8.39-5 is installed OR pcre-8.39-5 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP2 is installed AND Package Information libpcreposix0-8.39-7 is installed OR pcre-8.39-7 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP3 is installed AND Package Information libpacemaker3-1.1.16-4 is installed OR pacemaker-1.1.16-4 is installed OR pacemaker-cli-1.1.16-4 is installed OR pacemaker-cts-1.1.16-4 is installed OR pacemaker-remote-1.1.16-4 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP4 is installed AND ctdb-4.6.16+git.124.aee309c5c18-3.32 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP5 is installed AND ctdb-4.10.5+git.129.35f7bb6e177-1 is installed
Definition Synopsis
SUSE Linux Enterprise High Performance Computing 12 SP5 is installed AND Package Information apache2-2.4.23-29.43 is installed OR apache2-doc-2.4.23-29.43 is installed OR apache2-example-pages-2.4.23-29.43 is installed OR apache2-prefork-2.4.23-29.43 is installed OR apache2-utils-2.4.23-29.43 is installed OR apache2-worker-2.4.23-29.43 is installed
Definition Synopsis
SUSE Linux Enterprise Live Patching 12 is installed AND Package Information kgraft-patch-3_12_38-44-default-1-2 is installed OR kgraft-patch-3_12_38-44-xen-1-2 is installed OR kgraft-patch-SLE12_Update_3-1-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP1 is installed AND Package Information PolicyKit-0.9-14.34.9 is installed OR PolicyKit-32bit-0.9-14.34.9 is installed OR PolicyKit-doc-0.9-14.34.11 is installed OR PolicyKit-x86-0.9-14.34.9 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 11 SP2 is installed AND openswan-2.6.16-1.40.1 is installed OR openswan-doc-2.6.16-1.40.1 is installed OR Package Information SUSE Linux Enterprise Server for VMWare 11 SP2 is installed AND openswan-2.6.16-1.40.1 is installed OR openswan-doc-2.6.16-1.40.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP2 is installed AND aaa_base-11-6.65.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP2-LTSS is installed AND Package Information MozillaFirefox-24.6.0esr-0.3.1 is installed OR MozillaFirefox-branding-SLED-24-0.4.10.24 is installed OR MozillaFirefox-translations-24.6.0esr-0.3.1 is installed OR libfreebl3-3.16.1-0.3.1 is installed OR libfreebl3-32bit-3.16.1-0.3.1 is installed OR mozilla-nspr-4.10.6-0.3.1 is installed OR mozilla-nspr-32bit-4.10.6-0.3.1 is installed OR mozilla-nspr-devel-4.10.6-0.3.1 is installed OR mozilla-nss-3.16.1-0.3.1 is installed OR mozilla-nss-32bit-3.16.1-0.3.1 is installed OR mozilla-nss-devel-3.16.1-0.3.1 is installed OR mozilla-nss-tools-3.16.1-0.3.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 11 SP3 is installed AND lcms-1.17-77.16.1 is installed OR liblcms1-1.17-77.16.1 is installed OR liblcms1-32bit-1.17-77.16.1 is installed OR liblcms1-x86-1.17-77.16.1 is installed OR Package Information SUSE Linux Enterprise Server for VMWare 11 SP3 is installed AND lcms-1.17-77.16.1 is installed OR liblcms1-1.17-77.16.1 is installed OR liblcms1-32bit-1.17-77.16.1 is installed OR liblcms1-x86-1.17-77.16.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP3 is installed AND Package Information PolicyKit-0.9-14.41.1 is installed OR PolicyKit-32bit-0.9-14.41.1 is installed OR PolicyKit-doc-0.9-14.39.2 is installed OR PolicyKit-x86-0.9-14.41.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP3-LTSS is installed AND Package Information ntp-4.2.8p8-47.3 is installed OR ntp-doc-4.2.8p8-47.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP4 is installed AND aaa_base-11-6.105.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND Package Information libXi6-1.7.2-3 is installed OR libXi6-32bit-1.7.2-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information accountsservice-0.6.35-3 is installed OR accountsservice-lang-0.6.35-3 is installed OR libaccountsservice0-0.6.35-3 is installed OR typelib-1_0-AccountsService-1_0-0.6.35-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information MozillaFirefox-45.4.0esr-81 is installed OR MozillaFirefox-translations-45.4.0esr-81 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information at-3.1.14-7 is installed OR flex-2.5.37-8 is installed OR flex-32bit-2.5.37-8 is installed OR libQtWebKit4-4.8.6+2.3.3-3 is installed OR libQtWebKit4-32bit-4.8.6+2.3.3-3 is installed OR libbonobo-2.32.1-16 is installed OR libbonobo-32bit-2.32.1-16 is installed OR libbonobo-doc-2.32.1-16 is installed OR libbonobo-lang-2.32.1-16 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information python-pyOpenSSL-16.0.0-4.6 is installed OR python3-pyOpenSSL-16.0.0-4.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 12 SP1 is installed AND Package Information libpython2_7-1_0-2.7.13-28.21 is installed OR libpython2_7-1_0-32bit-2.7.13-28.21 is installed OR python-2.7.13-28.21 is installed OR python-32bit-2.7.13-28.21 is installed OR python-base-2.7.13-28.21 is installed OR python-base-32bit-2.7.13-28.21 is installed OR python-curses-2.7.13-28.21 is installed OR python-demo-2.7.13-28.21 is installed OR python-devel-2.7.13-28.21 is installed OR python-doc-2.7.13-28.21 is installed OR python-doc-pdf-2.7.13-28.21 is installed OR python-gdbm-2.7.13-28.21 is installed OR python-idle-2.7.13-28.21 is installed OR python-tk-2.7.13-28.21 is installed OR python-xml-2.7.13-28.21 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed AND Package Information kernel-firmware-20170530-21.22 is installed OR ucode-amd-20170530-21.22 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP3 is installed AND Package Information libmysql55client_r18-32bit-5.5.39-0.7.1 is installed OR libmysql55client_r18-x86-5.5.39-0.7.1 is installed OR libmysqlclient_r15-32bit-5.0.96-0.6.13 is installed OR libmysqlclient_r15-x86-5.0.96-0.6.13 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND Package Information PackageKit-devel-0.3.14-2.30.11 is installed OR hal-devel-0.5.12-23.76.1 is installed OR libpackagekit-glib10-devel-0.3.14-2.30.11 is installed OR libpackagekit-qt10-0.3.14-2.30.11 is installed OR libpackagekit-qt10-devel-0.3.14-2.30.11 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 is installed AND accountsservice-devel-0.6.35-1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND java-1_8_0-ibm-devel-1.8.0_sr1.10-2 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND bind-devel-9.9.9P1-46 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 is installed AND Package Information libsilc-1_1-2-1.1.10-24 is installed OR libsilcclient-1_1-3-1.1.10-24 is installed OR silc-toolkit-1.1.10-24 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND argyllcms-1.6.3-1 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND cyrus-sasl-digestmd5-32bit-2.1.26-7 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP3 is installed AND Package Information colord-1.3.3-12 is installed OR colord-lang-1.3.3-12 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP4 is installed AND Package Information ImageMagick-6.8.8.1-71.85 is installed OR libMagick++-6_Q16-3-6.8.8.1-71.85 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85 is installed

BACK