Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu: 2021-7af12f3cde Vital: Ghostscript Vulnerability Resolution

fedora
Calendar Grey November 21, 2018
Dist Fedora Esm H88
Patch applied for various vulnerabilities in the poppler library on Fedora 28, addressing significant bugs that may result in security breaches.
Security fix for CVE-2018-16646, CVE-2018-19058, CVE-2018-19059 and CVE-2018-19060.

Summary

poppler is a PDF rendering library.

Security fix for CVE-2018-16646, CVE-2018-19058, CVE-2018-19059 and

CVE-2018-19060.

* Thu Nov 15 2018 Marek Kasik - 0.62.0-10

- Check for valid file name of embedded file

- Resolves: #1649451

* Thu Nov 15 2018 Marek Kasik - 0.62.0-9

- Check for valid embedded file before trying to save it

- Resolves: #1649441

* Thu Nov 15 2018 Marek Kasik - 0.62.0-8

- Check for stream before calling stream methods

- when saving an embedded file

- Resolves: #1649436

* Mon Nov 12 2018 Marek Kasik - 0.62.0-7

- Avoid cycles in PDF parsing

- Resolves: #1626620

* Wed Oct 17 2018 Marek Kasik - 0.62.0-6

- Use python3 in make-glib-api-docs and gtkdoc.py

* Wed Oct 17 2018 Marek Kasik - 0.62.0-5

- Fix crash on missing embedded file

- Resolves: #1569334

* Tue Aug 7 2018 Marek Kasik - 0.62.0-4

- Fix tiling patterns when pattern cell is too far

- Resolves: #1557355

* Thu Jul 26 2018 Marek Kasik - 0.62.0-3

- Fix crash when Object has negative number (CVE-2018-13988)

- Resolves: #1607461

* Mon May 28 2018 Marek Kasik - 0.62.0-2

- Fix infinite recursion (CVE-2017-18267)

- Resolves: #1578780

[ 1 ] Bug #1649451 - CVE-2018-19060 poppler: pdfdetach utility does not validate save paths [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1649451

[ 2 ] Bug #1649441 - CVE-2018-19059 poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1649441

[ 3 ] Bug #1649436 - CVE-2018-19058 poppler: reachable abort in Object.h [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1649436

[ 4 ] Bug #1626620 - CVE-2018-16646 poppler: infinite recursion in Parser::getObj function in Parser.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1626620

su -c 'dnf upgrade --advisory FEDORA-2018-54ed26a423' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory security issue critical Fedora security fix poppler PDF rendering

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 0.62.0
Release: 10.fc28
URL: http://poppler.freedesktop.org/
Summary: PDF rendering library

Topics%20covered

Topics Covered

security advisory security issue critical Fedora security fix poppler PDF rendering

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here