ALAS-2016-769


Amazon Linux AMI Security Advisory: ALAS-2016-769
Advisory Release Date: 2016-11-18 12:30 Pacific
Severity: Medium
References: CVE-2015-8868 

Issue Overview:

A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when opened.


Affected Packages:

poppler


Issue Correction:
Run yum update poppler to update your system.

New Packages:
i686:
    poppler-cpp-devel-0.22.5-6.16.amzn1.i686
    poppler-glib-0.22.5-6.16.amzn1.i686
    poppler-devel-0.22.5-6.16.amzn1.i686
    poppler-0.22.5-6.16.amzn1.i686
    poppler-cpp-0.22.5-6.16.amzn1.i686
    poppler-debuginfo-0.22.5-6.16.amzn1.i686
    poppler-glib-devel-0.22.5-6.16.amzn1.i686
    poppler-utils-0.22.5-6.16.amzn1.i686

src:
    poppler-0.22.5-6.16.amzn1.src

x86_64:
    poppler-debuginfo-0.22.5-6.16.amzn1.x86_64
    poppler-utils-0.22.5-6.16.amzn1.x86_64
    poppler-glib-0.22.5-6.16.amzn1.x86_64
    poppler-0.22.5-6.16.amzn1.x86_64
    poppler-cpp-0.22.5-6.16.amzn1.x86_64
    poppler-glib-devel-0.22.5-6.16.amzn1.x86_64
    poppler-devel-0.22.5-6.16.amzn1.x86_64
    poppler-cpp-devel-0.22.5-6.16.amzn1.x86_64