Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 29: FEDORA-2019-80e5e20cf8 Moderate: pdfresurrect Updates

fedora
Calendar Grey September 6, 2019
Dist Fedora Esm H88
Fedora 29 users are advised that improvement patches for pdfresurrect have been released to address vulnerabilities, including buffer overflow issues and out-of-bounds writes
* Security fix for CVE-2019-14267 * Security fix for CVE-2019-14934

Summary

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format

allows for previous document changes to be retained in a more recent

version of the document, thereby creating a running history of changes

for the document. This tool attempts to extract all previous versions

while also producing a summary of changes between versions. This tool

can also "scrub" or write data over the original instances of PDF objects

that have been modified or deleted, in an effort to disguise information

from previous versions that might not be intended for anyone else to read.

* Security fix for CVE-2019-14267 * Security fix for CVE-2019-14934

* Thu Aug 29 2019 Peter Lemenkov - 0.18-1

- Ver. 0.18

* Fri Jul 26 2019 Fedora Release Engineering - 0.15-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Fri Feb 1 2019 Fedora Release Engineering - 0.15-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Mon Oct 1 2018 Peter Lemenkov - 0.15-1

- Ver. 0.15

[ 1 ] Bug #1735556 - CVE-2019-14267 pdfresurrect: buffer overflow via a crafted PDF file

https://bugzilla.redhat.com/show_bug.cgi?id=1735556

[ 2 ] Bug #1743106 - CVE-2019-14934 pdfresurrect: out-of bounds write in pdf_load_pages_kids in pdf.c

https://bugzilla.redhat.com/show_bug.cgi?id=1743106

su -c 'dnf upgrade --advisory FEDORA-2019-80e5e20cf8' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora out-of-bounds write pdfresurrect

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 0.18
Release: 1.fc29
URL: https://github.com/enferex/pdfresurrect
Summary: PDF Analysis and Scrubbing Utility

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora out-of-bounds write pdfresurrect

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here