The following updates has been released for Debian GNU/Linux:
DLA 1115-1: debsecan update
DLA 1116-1: poppler security update
DLA 1115-1: debsecan update
DLA 1116-1: poppler security update
DLA 1115-1: debsecan update
Package : debsecan
Version : 0.4.16+nmu1+deb7u1
Debian Bug : 842428
Debsecan in Wheezy in its default configuration currently fails to
download recent vulnerability data due to an URL change.
For Debian 7 "Wheezy", these problems have been fixed in version
0.4.16+nmu1+deb7u1.
We recommend that you upgrade your debsecan packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1116-1: poppler security update
Package : poppler
Version : 0.18.4-6+deb7u3
CVE ID : CVE-2017-14517 CVE-2017-14519 CVE-2017-14617
Debian Bug : 876086 876385 876079
It was discovered that poppler, a PDF rendering library, was affected
by several denial-of-service (application crash), null pointer
dereferences and memory corruption bugs:
CVE-2017-14517
NULL Pointer Dereference in the XRef::parseEntry() function in
XRef.cc
CVE-2017-14519
Memory corruption occurs in a call to Object::streamGetChar that
may lead to a denial of service or other unspecified impact.
CVE-2017-14617
Potential buffer overflow in the ImageStream class in Stream.cc,
which may lead to a denial of service or other unspecified impact.
For Debian 7 "Wheezy", these problems have been fixed in version
0.18.4-6+deb7u3.
We recommend that you upgrade your poppler packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
