Fedora 28: 2019-g3d3a17415 Urgent: libxml2 Memory Leak Detection

fedora

April 30, 2018

Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918, CVE-2017-11627, CVE-2017-12595.

Summary

QPDF is a command-line program that does structural, content-preserving

transformations on PDF files. It could have been called something

like pdf-to-pdf. It includes support for merging and splitting PDFs

and to manipulate the list of pages in a PDF file. It is not a PDF viewer

or a program capable of converting PDF into other formats.

Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918,

CVE-2017-11627, CVE-2017-12595.

* Mon Apr 16 2018 Zdenek Dohnal - 7.1.1-5

- CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all]

* Mon Feb 19 2018 Zdenek Dohnal - 7.1.1-4

- gcc and gcc-c++ are no longer in buildroot by default

* Fri Feb 9 2018 Fedora Release Engineering - 7.1.1-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Thu Feb 8 2018 Zdenek Dohnal - 7.1.1-2

- remove old stuff

* Mon Feb 5 2018 Zdenek Dohnal - 7.1.1-1

- rebase to 7.1.1

* Tue Sep 19 2017 Zdenek Dohnal - 7.0.0-1

- rebase to 7.0.0

[ 1 ] Bug #1566756 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a

https://bugzilla.redhat.com/show_bug.cgi?id=1566756

[ 2 ] Bug #1475517 - CVE-2017-11627 qpdf: Infinite loop in PointerHolder function in PointerHolder.hh

https://bugzilla.redhat.com/show_bug.cgi?id=1475517

[ 3 ] Bug #1485847 - CVE-2017-12595 qpdf: Stack overflow when processing deeply nested arrays and dictionaries

https://bugzilla.redhat.com/show_bug.cgi?id=1485847

su -c 'dnf upgrade --advisory FEDORA-2018-f2e1c09437' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics Covered

security advisory critical issue fedora stack exhaustion qpdf pdf manipulation

Change Log

References

Update Instructions

Severity

critical

Lowest

Low

Medium

High

Critical

Product: Fedora 27

Version: 7.1.1

Release: 5.fc27

URL: https://qpdf.sourceforge.io/

Summary: Command-line tools and library for transforming PDF files

Topics Covered

security advisory critical issue fedora stack exhaustion qpdf pdf manipulation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Fedora 28: 2019-g3d3a17415 Urgent: libxml2 Memory Leak Detection

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Fedora 28: 2019-g3d3a17415 Urgent: libxml2 Memory Leak Detection

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!