- Vulnerability/
- USN-3837-2
USN-3837-2: poppler regression
First published: Tue Dec 11 2018(Updated: )
USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-19149)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libpoppler79 | <0.68.0-0ubuntu1.3 | 0.68.0-0ubuntu1.3 |
| Ubuntu OpenSSH Client | =18.10 | |
| All of | ||
| ubuntu/poppler-utils | <0.68.0-0ubuntu1.3 | 0.68.0-0ubuntu1.3 |
| Ubuntu OpenSSH Client | =18.10 | |
| All of | ||
| ubuntu/libpoppler73 | <0.62.0-2ubuntu2.5 | 0.62.0-2ubuntu2.5 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/poppler-utils | <0.62.0-2ubuntu2.5 | 0.62.0-2ubuntu2.5 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/libpoppler58 | <0.41.0-0ubuntu1.10 | 0.41.0-0ubuntu1.10 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/poppler-utils | <0.41.0-0ubuntu1.10 | 0.41.0-0ubuntu1.10 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/libpoppler44 | <0.24.5-2ubuntu4.14 | 0.24.5-2ubuntu4.14 |
| Ubuntu OpenSSH Client | =14.04 | |
| All of | ||
| ubuntu/poppler-utils | <0.24.5-2ubuntu4.14 | 0.24.5-2ubuntu4.14 |
| Ubuntu OpenSSH Client | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2018-16646
- https://ubuntu.com/security/CVE-2018-19149
- https://ubuntu.com/security/notices/USN-3837-1
- https://launchpad.net/ubuntu/+source/poppler/0.68.0-0ubuntu1.3
- https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.5
- https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.10
- https://launchpad.net/ubuntu/+source/poppler/0.24.5-2ubuntu4.14
- https://ubuntu.com/security/notices/USN-3837-2 (Advisory)
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is USN-3837-2.
What software is affected by this vulnerability?
The software affected by this vulnerability includes libpoppler79, poppler-utils, libpoppler73, libpoppler58, and libpoppler44.
What versions of Ubuntu are affected?
Ubuntu versions 18.10, 18.04, and 16.04 are affected by this vulnerability.
What is the severity of this vulnerability?
The severity of this vulnerability is not provided in the information provided.
Is there a fix available for this vulnerability?
Yes, there is a fix available for this vulnerability. Update to version 0.68.0-0ubuntu1.3 (for libpoppler79 and poppler-utils in Ubuntu 18.10), version 0.62.0-2ubuntu2.5 (for libpoppler73 and poppler-utils in Ubuntu 18.04), version 0.41.0-0ubuntu1.10 (for libpoppler58 and poppler-utils in Ubuntu 16.04), or version 0.24.5-2ubuntu4.14 (for libpoppler44 and poppler-utils in Ubuntu 14.04).
- agent/severity
- agent/type
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/title
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu openssh client
- version/ubuntu openssh client/18.10
- version/ubuntu openssh client/18.04
- version/ubuntu openssh client/16.04
- version/ubuntu openssh client/14.04