Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 26 qpdf High Risk Buffer Overflow CVE-2018-9918 FEDORA-2018-d7ea552cde

fedora
Calendar Grey April 27, 2018
Dist Fedora Esm H88
Update to qpdf-7.1.1 to address buffer overflow issues impacting Fedora 26 and enhance system security and stability
Rebase to qpdf-7.1.1 because of CVEs

Summary

QPDF is a command-line program that does structural, content-preserving

transformations on PDF files. It could have been called something

like pdf-to-pdf. It includes support for merging and splitting PDFs

and to manipulate the list of pages in a PDF file. It is not a PDF viewer

or a program capable of converting PDF into other formats.

Rebase to qpdf-7.1.1 because of CVEs

* Mon Apr 16 2018 Zdenek Dohnal - 7.1.1-5

- CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all]

* Mon Feb 19 2018 Zdenek Dohnal - 7.1.1-4

- gcc and gcc-c++ are no longer in buildroot by default

* Fri Feb 9 2018 Fedora Release Engineering - 7.1.1-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Thu Feb 8 2018 Zdenek Dohnal - 7.1.1-2

- remove old stuff

* Mon Feb 5 2018 Zdenek Dohnal - 7.1.1-1

- rebase to 7.1.1

* Tue Sep 19 2017 Zdenek Dohnal - 7.0.0-1

- rebase to 7.0.0

* Fri Aug 11 2017 Zdenek Dohnal - 6.0.0-10

- adding patches for CVE back (cups-filters needed to rebuild)

* Mon Aug 7 2017 Zdenek Dohnal - 6.0.0-9

- removing patches for CVEs, because they break other things now

* Thu Aug 3 2017 Zdenek Dohnal - 6.0.0-8

- 1477213 - Detect recursions loop resolving objects

- 1454820 - CVE-2017-9208

- 1454820 - CVE-2017-9209

- 1454820 - CVE-2017-9210

* Thu Aug 3 2017 Fedora Release Engineering - 6.0.0-7

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering - 6.0.0-6

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

su -c 'dnf upgrade --advisory FEDORA-2018-d7ea552cde' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory moderate software update Fedora stack exhaustion qpdf PDF transformation

Change Log

References

Update Instructions

Product: Fedora 26
Version: 7.1.1
Release: 5.fc26
URL: https://qpdf.sourceforge.io/
Summary: Command-line tools and library for transforming PDF files

Topics%20covered

Topics Covered

security advisory moderate software update Fedora stack exhaustion qpdf PDF transformation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here