Detections
Analytics

OracleVM 3.3 / 3.4 : poppler (OVMSA-2017-0147)

high Nessus Plugin ID 102905

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Resolves: rhbz#1479815 (CVE-2017-9776)

 - Don't crash on streams without Length

 - Resolves: #1302365

 - Use better default pixel size for printing of 0 width lines

 - Resolves: #1316163

 - Identification of fonts directly from streams and files

 - Resolves: #1208719

 - Embed type1 fonts to PostScript files correctly

 - Resolves: #1232210

 - Fix lines disappearing when selecting paragraph

 - Resolves: #614824

 - Silence illegal entry in bfrange block in ToUnicode CMap

 - Resolves: #710816

 - Fix captions of push button fields.

 - Resolves: #1191907

 - Add poppler-0.12.4-CVE-2010-3702.patch (Properly initialize parser)

 - Add poppler-0.12.4-CVE-2010-3703.patch (Properly initialize stack)

 - Add poppler-0.12.4-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0))

 - Resolves: #639860

Solution

Update the affected poppler / poppler-utils packages.

See Also

http://www.nessus.org/u?a6e108d5

http://www.nessus.org/u?72469efb

Plugin Details

Severity: High

ID: 102905

File Name: oraclevm_OVMSA-2017-0147.nasl

Version: 3.8

Type: local

Published: 9/1/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:poppler, p-cpe:/a:oracle:vm:poppler-utils, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/31/2017

Vulnerability Publication Date: 11/5/2010

Reference Information

CVE: CVE-2010-3702, CVE-2010-3703, CVE-2010-3704, CVE-2017-9776

BID: 43594, 43841, 43845