|
|
Subscribe / Log in / New account

Mageia alert MGASA-2018-0131 (qpdf)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2018-0131: Updated qpdf packages fix security vulnerability 


Date:
    	      Thu, 22 Feb 2018 20:50:26 +0100


Message-ID:
    	      <20180222195026.127BE9FC59@duvel.mageia.org>


MGASA-2018-0131 - Updated qpdf packages fix security vulnerability

Publication date: 22 Feb 2018
URL: https://advisories.mageia.org/MGASA-2018-0131.html
Type: security
Affected Mageia releases: 6

Description:
Qpdf has been updated to the latest version to fix several security issues.
- Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
- Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
- Stack out of bounds read in iterate_rc4()
- heap out of bounds read (large) in Pl_Buffer::write
- Hang due to a pdf xref loop
Also, the cups-filters package has been rebuilt for the new qpdf.

References:
- https://bugs.mageia.org/show_bug.cgi?id=22586
- http://openwall.com/lists/oss-security/2018/02/13/2

SRPMS:
- 6/core/qpdf-7.1.1-1.mga6
- 6/core/cups-filters-1.13.4-2.2.mga6
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds