poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| poppler (Ubuntu) |
Undecided
|
Unassigned | ||
| Xenial |
Undecided
|
Marc Deslauriers | ||
| Bionic |
Undecided
|
Marc Deslauriers |
Bug Description
The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests)
I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11)
Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK
The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image.
Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)"
CVE References
Even Rouault (even.rouault) wrote : | #1 |
information type: | Public → Public Security |
information type: | Public Security → Public |
Marc Deslauriers (mdeslaur) wrote : | #2 |
Changed in poppler (Ubuntu): | |
status: | New → Invalid |
Changed in poppler (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in poppler (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in poppler (Ubuntu Xenial): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in poppler (Ubuntu Bionic): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Launchpad Janitor (janitor) wrote : | #3 |
This bug was fixed in the package poppler - 0.62.0-2ubuntu2.12
---------------
poppler (0.62.0-
* SECURITY REGRESSION: broken Splash output (LP: #1905741)
- debian/rules: don't build with SPLASH_CMYK=ON as this causes a
regression with xpdf and gdal. This reverts the fix for
CVE-
-- Marc Deslauriers <email address hidden> Thu, 26 Nov 2020 10:55:59 -0500
Changed in poppler (Ubuntu Bionic): | |
status: | In Progress → Fix Released |
Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package poppler - 0.41.0-0ubuntu1.16
---------------
poppler (0.41.0-
* SECURITY REGRESSION: broken Splash output (LP: #1905741)
- debian/rules: don't build with --enable-cmyk as this causes a
regression with xpdf and gdal. This reverts the fix for
CVE-
-- Marc Deslauriers <email address hidden> Thu, 26 Nov 2020 10:59:16 -0500
Changed in poppler (Ubuntu Xenial): | |
status: | In Progress → Fix Released |
Even Rouault (even.rouault) wrote : | #5 |
@mdelsaur Thanks for the prompt fixes. I confirm they fix the issues I had observed
George Kissandrakis (gkissand) wrote : | #6 |
# lsb_release -rd
Description: Ubuntu 18.04.5 LTS
Release: 18.04
I have an Epson TM BA Thermal network printer, configured in CUPS
After today's unattended upgrade it stopped working
Logs found on server
[540009.389033] pdftoraster[63919]: segfault at d00000400 ip 0000557a50f569a8 sp 00007ffd5ca826d8 error 6 in pdftoraster[
Thu Nov 26 14:14:19 2020: apport: report /var/crash/
# dpkg -S /usr/lib/
cups-filters-
Start-Date: 2019-11-25 17:01:06
Install cups-filters-
# dpkg -l|grep cups-filters-
ii cups-filters-
I checked what was updated with unattended upgrade
Start-Date: 2020-11-24 06:20:02
Commandline: /usr/bin/
Upgrade: libpulse0:amd64 (1:11.1-
End-Date: 2020-11-24 06:20:10
and I rolled back
# wget https:/
# wget https:/
# ls apt/
libpoppler73_
#dpkg -R --install apt/
and started to work again
and of course
apt-mark hold libpoppler73 poppler-utils
# apt-cache policy poppler-utils libpoppler73
poppler-utils:
Installed: 0.62.0-2ubuntu2.10
Candidate: 0.62.0-2ubuntu2.11
Version table:
0.
500 http://
500 http://
*** 0.62.0-2ubuntu2.10 100
100 /var/lib/
0.
500 http://
libpoppler73:
Installed: 0.62.0-2ubuntu2.10
Candidate: 0.62.0-2ubuntu2.11
Version table:
0.
500 http://
500 http://
*** 0.62.0-2ubuntu2.10 100
100 /var/lib/
0.
500 http://
George Kissandrakis (gkissand) wrote : | #7 |
I confirm that the version 0.62.0-2ubuntu2.12 fixes the 0.62.0-2ubuntu2.11 bug
Thanks for reporting this, I'll back out the fix and will release updates shortly.