Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 27: qpdf Critical Stack Depletion Advisory 2022-c09gfh44c2

fedora
Calendar Grey April 27, 2018
Dist Fedora Esm H88
Address critical security issues in qpdf for Fedora 27, focusing on stack depletion risks that require immediate action.
Rebase to qpdf-7.1.1 because of CVEs

Summary

QPDF is a command-line program that does structural, content-preserving

transformations on PDF files. It could have been called something

like pdf-to-pdf. It includes support for merging and splitting PDFs

and to manipulate the list of pages in a PDF file. It is not a PDF viewer

or a program capable of converting PDF into other formats.

Rebase to qpdf-7.1.1 because of CVEs

* Mon Apr 16 2018 Zdenek Dohnal - 7.1.1-5

- CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all]

* Mon Feb 19 2018 Zdenek Dohnal - 7.1.1-4

- gcc and gcc-c++ are no longer in buildroot by default

* Fri Feb 9 2018 Fedora Release Engineering - 7.1.1-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Thu Feb 8 2018 Zdenek Dohnal - 7.1.1-2

- remove old stuff

* Mon Feb 5 2018 Zdenek Dohnal - 7.1.1-1

- rebase to 7.1.1

* Tue Sep 19 2017 Zdenek Dohnal - 7.0.0-1

- rebase to 7.0.0

* Fri Aug 11 2017 Zdenek Dohnal - 6.0.0-10

- adding patches for CVE back (cups-filters needed to rebuild)

* Mon Aug 7 2017 Zdenek Dohnal - 6.0.0-9

- removing patches for CVEs, because they break other things now

* Thu Aug 3 2017 Zdenek Dohnal - 6.0.0-8

- 1477213 - Detect recursions loop resolving objects

- 1454820 - CVE-2017-9208

- 1454820 - CVE-2017-9209

- 1454820 - CVE-2017-9210

* Thu Aug 3 2017 Fedora Release Engineering - 6.0.0-7

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering - 6.0.0-6

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

su -c 'dnf upgrade --advisory FEDORA-2018-d7ea552cde' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory moderate update Fedora stack exhaustion qpdf

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 7.1.1
Release: 5.fc26
URL: https://qpdf.sourceforge.io/
Summary: Command-line tools and library for transforming PDF files

Topics%20covered

Topics Covered

security advisory moderate update Fedora stack exhaustion qpdf

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here