--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2019-15af6a9a07
2019-05-25 03:34:29.627763
--------------------------------------------------------------------------------Name        : mupdf
Product     : Fedora 29
Version     : 1.15.0
Release     : 1.fc29
URL         : https://mupdf.com/
Summary     : A lightweight PDF viewer and toolkit
Description :
MuPDF is a lightweight PDF viewer and toolkit written in portable C.
The renderer in MuPDF is tailored for high quality anti-aliased
graphics.  MuPDF renders text with metrics and spacing accurate to
within fractions of a pixel for the highest fidelity in reproducing
the look of a printed page on screen.
MuPDF has a small footprint.  A binary that includes the standard
Roman fonts is only one megabyte.  A build with full CJK support
(including an Asian font) is approximately five megabytes.
MuPDF has support for all non-interactive PDF 1.7 features, and the
toolkit provides a simple API for accessing the internal structures of
the PDF document.  Example code for navigating interactive links and
bookmarks, encrypting PDF files, extracting fonts, images, and
searchable text, and rendering pages to image files is provided.

--------------------------------------------------------------------------------Update Information:

rebase to 1.15.0
--------------------------------------------------------------------------------ChangeLog:

* Tue May  7 2019 Michael J Gruber  - 1.15.0-1
- rebase to 1.15.0
* Mon Apr 29 2019 Michael J Gruber  - 1.15rc1-1
- rc1 test
* Fri Feb  1 2019 Fedora Release Engineering  - 1.14.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Nov 15 2018 Michael J Gruber  - 1.14.0-7
- work around missing mesa EGl dependency
* Thu Nov 15 2018 Michael J Gruber  - 1.14.0-6
- signature handling fix needs more patches than claimed
* Thu Nov 15 2018 Michael J Gruber  - 1.14.0-5
- fix signature handling
* Thu Nov 15 2018 Michael J Gruber  - 1.14.0-4
- bz #1644444 #1644445
* Thu Nov 15 2018 Michael J Gruber  - 1.14.0-3
- bz #1626481 #1626484
* Thu Nov 15 2018 Michael J Gruber  - 1.14.0-2
- bz #1626483 #1626484
* Thu Nov 15 2018 Michael J Gruber  - 1.14.0-1
- rebase to 1.14.0
* Mon Oct  1 2018 Michael J Gruber  - 1.14rc1-3
- mupdf-gl desktop entry
* Mon Oct  1 2018 Michael J Gruber  - 1.14rc1-2
- enable libcrypto
* Wed Sep 26 2018 Michael J Gruber  - 1.14rc1-1
- rc test
- adjust to new build system setup
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1656767 - CVE-2018-19881 mupdf: Excessive stack consumption in fitz/xml.c fz_xml_att resulting in a denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=1656767
  [ 2 ] Bug #1656768 - CVE-2018-19882 mupdf: NULL pointer dereference in the svg_run_image function resulting in a denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=1656768
  [ 3 ] Bug #1667309 - CVE-2019-6130 mupdf: NULL pointer dereference in fz_load_page() in fitz/document.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1667309
  [ 4 ] Bug #1667319 - CVE-2019-6131 mupdf: Stack overflow in function svg_run_element, svg_run_use_symbol, svg_run_use of file svg_run.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1667319
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-15af6a9a07' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Fedora 29: mupdf Security Update

May 24, 2019
rebase to 1.15.0

Summary

MuPDF is a lightweight PDF viewer and toolkit written in portable C.

The renderer in MuPDF is tailored for high quality anti-aliased

graphics. MuPDF renders text with metrics and spacing accurate to

within fractions of a pixel for the highest fidelity in reproducing

the look of a printed page on screen.

MuPDF has a small footprint. A binary that includes the standard

Roman fonts is only one megabyte. A build with full CJK support

(including an Asian font) is approximately five megabytes.

MuPDF has support for all non-interactive PDF 1.7 features, and the

toolkit provides a simple API for accessing the internal structures of

the PDF document. Example code for navigating interactive links and

bookmarks, encrypting PDF files, extracting fonts, images, and

searchable text, and rendering pages to image files is provided.

rebase to 1.15.0

* Tue May 7 2019 Michael J Gruber - 1.15.0-1

- rebase to 1.15.0

* Mon Apr 29 2019 Michael J Gruber - 1.15rc1-1

- rc1 test

* Fri Feb 1 2019 Fedora Release Engineering - 1.14.0-8

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Thu Nov 15 2018 Michael J Gruber - 1.14.0-7

- work around missing mesa EGl dependency

* Thu Nov 15 2018 Michael J Gruber - 1.14.0-6

- signature handling fix needs more patches than claimed

* Thu Nov 15 2018 Michael J Gruber - 1.14.0-5

- fix signature handling

* Thu Nov 15 2018 Michael J Gruber - 1.14.0-4

- bz #1644444 #1644445

* Thu Nov 15 2018 Michael J Gruber - 1.14.0-3

- bz #1626481 #1626484

* Thu Nov 15 2018 Michael J Gruber - 1.14.0-2

- bz #1626483 #1626484

* Thu Nov 15 2018 Michael J Gruber - 1.14.0-1

- rebase to 1.14.0

* Mon Oct 1 2018 Michael J Gruber - 1.14rc1-3

- mupdf-gl desktop entry

* Mon Oct 1 2018 Michael J Gruber - 1.14rc1-2

- enable libcrypto

* Wed Sep 26 2018 Michael J Gruber - 1.14rc1-1

- rc test

- adjust to new build system setup

[ 1 ] Bug #1656767 - CVE-2018-19881 mupdf: Excessive stack consumption in fitz/xml.c fz_xml_att resulting in a denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1656767

[ 2 ] Bug #1656768 - CVE-2018-19882 mupdf: NULL pointer dereference in the svg_run_image function resulting in a denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1656768

[ 3 ] Bug #1667309 - CVE-2019-6130 mupdf: NULL pointer dereference in fz_load_page() in fitz/document.c

https://bugzilla.redhat.com/show_bug.cgi?id=1667309

[ 4 ] Bug #1667319 - CVE-2019-6131 mupdf: Stack overflow in function svg_run_element, svg_run_use_symbol, svg_run_use of file svg_run.c

https://bugzilla.redhat.com/show_bug.cgi?id=1667319

su -c 'dnf upgrade --advisory FEDORA-2019-15af6a9a07' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

FEDORA-2019-15af6a9a07 2019-05-25 03:34:29.627763 Product : Fedora 29 Version : 1.15.0 Release : 1.fc29 URL : https://mupdf.com/ Summary : A lightweight PDF viewer and toolkit Description : MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately five megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. rebase to 1.15.0 * Tue May 7 2019 Michael J Gruber - 1.15.0-1 - rebase to 1.15.0 * Mon Apr 29 2019 Michael J Gruber - 1.15rc1-1 - rc1 test * Fri Feb 1 2019 Fedora Release Engineering - 1.14.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Nov 15 2018 Michael J Gruber - 1.14.0-7 - work around missing mesa EGl dependency * Thu Nov 15 2018 Michael J Gruber - 1.14.0-6 - signature handling fix needs more patches than claimed * Thu Nov 15 2018 Michael J Gruber - 1.14.0-5 - fix signature handling * Thu Nov 15 2018 Michael J Gruber - 1.14.0-4 - bz #1644444 #1644445 * Thu Nov 15 2018 Michael J Gruber - 1.14.0-3 - bz #1626481 #1626484 * Thu Nov 15 2018 Michael J Gruber - 1.14.0-2 - bz #1626483 #1626484 * Thu Nov 15 2018 Michael J Gruber - 1.14.0-1 - rebase to 1.14.0 * Mon Oct 1 2018 Michael J Gruber - 1.14rc1-3 - mupdf-gl desktop entry * Mon Oct 1 2018 Michael J Gruber - 1.14rc1-2 - enable libcrypto * Wed Sep 26 2018 Michael J Gruber - 1.14rc1-1 - rc test - adjust to new build system setup [ 1 ] Bug #1656767 - CVE-2018-19881 mupdf: Excessive stack consumption in fitz/xml.c fz_xml_att resulting in a denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1656767 [ 2 ] Bug #1656768 - CVE-2018-19882 mupdf: NULL pointer dereference in the svg_run_image function resulting in a denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1656768 [ 3 ] Bug #1667309 - CVE-2019-6130 mupdf: NULL pointer dereference in fz_load_page() in fitz/document.c https://bugzilla.redhat.com/show_bug.cgi?id=1667309 [ 4 ] Bug #1667319 - CVE-2019-6131 mupdf: Stack overflow in function svg_run_element, svg_run_use_symbol, svg_run_use of file svg_run.c https://bugzilla.redhat.com/show_bug.cgi?id=1667319 su -c 'dnf upgrade --advisory FEDORA-2019-15af6a9a07' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
Product : Fedora 29
Version : 1.15.0
Release : 1.fc29
URL : https://mupdf.com/
Summary : A lightweight PDF viewer and toolkit

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved