Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

DLA 1115-1: debsecan update
DLA 1116-1: poppler security update



DLA 1115-1: debsecan update

Package : debsecan
Version : 0.4.16+nmu1+deb7u1
Debian Bug : 842428

Debsecan in Wheezy in its default configuration currently fails to
download recent vulnerability data due to an URL change.

For Debian 7 "Wheezy", these problems have been fixed in version
0.4.16+nmu1+deb7u1.

We recommend that you upgrade your debsecan packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1116-1: poppler security update




Package : poppler
Version : 0.18.4-6+deb7u3
CVE ID : CVE-2017-14517 CVE-2017-14519 CVE-2017-14617
Debian Bug : 876086 876385 876079

It was discovered that poppler, a PDF rendering library, was affected
by several denial-of-service (application crash), null pointer
dereferences and memory corruption bugs:

CVE-2017-14517
NULL Pointer Dereference in the XRef::parseEntry() function in
XRef.cc

CVE-2017-14519
Memory corruption occurs in a call to Object::streamGetChar that
may lead to a denial of service or other unspecified impact.

CVE-2017-14617
Potential buffer overflow in the ImageStream class in Stream.cc,
which may lead to a denial of service or other unspecified impact.

For Debian 7 "Wheezy", these problems have been fixed in version
0.18.4-6+deb7u3.

We recommend that you upgrade your poppler packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS