Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 29 Poppler Security Update: Addressing Memory Leaks and DoS

fedora
Calendar Grey January 24, 2019
Dist Fedora Esm H88
Fedora 29 introduces a security patch for poppler, rectifying several vulnerabilities, such as memory overflow and denial-of-service risks.
Security fix for CVE-2018-20551, CVE-2018-20481, CVE-2018-20650 and CVE-2018-18897.

Summary

poppler is a PDF rendering library.

Security fix for CVE-2018-20551, CVE-2018-20481, CVE-2018-20650 and

CVE-2018-18897.

* Tue Jan 22 2019 Marek Kasik - 0.67.0-10

- Avoid global display profile state becoming an uncontrolled

- memory leak

- Resolves: #1646549

* Mon Jan 21 2019 Marek Kasik - 0.67.0-9

- Do not try to parse into unallocated XRef entry

- Resolves: #1665268

* Mon Jan 21 2019 Marek Kasik - 0.67.0-8

- Move the fileSpec.dictLookup call inside fileSpec.isDict if

- Resolves: #1665264

* Mon Jan 21 2019 Marek Kasik - 0.67.0-7

- Do not try to construct invalid rich media annotation assets

- Resolves: #1665260

* Thu Nov 15 2018 Marek Kasik - 0.67.0-6

- Check for valid file name of embedded file

- Resolves: #1649451

* Thu Nov 15 2018 Marek Kasik - 0.67.0-5

- Check for valid embedded file before trying to save it

- Resolves: #1649441

* Thu Nov 15 2018 Marek Kasik - 0.67.0-4

- Check for stream before calling stream methods

- when saving an embedded file

- Resolves: #1649436

* Mon Nov 12 2018 Marek Kasik - 0.67.0-3

- Avoid cycles in PDF parsing

- Resolves: #1626620

* Wed Oct 17 2018 Marek Kasik - 0.67.0-2

- Fix crash on missing embedded file

- Resolves: #1569334

[ 1 ] Bug #1665259 - CVE-2018-20551 poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c

https://bugzilla.redhat.com/show_bug.cgi?id=1665259

[ 2 ] Bug #1665266 - CVE-2018-20481 poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc

https://bugzilla.redhat.com/show_bug.cgi?id=1665266

[ 3 ] Bug #1665263 - CVE-2018-20650 poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc

https://bugzilla.redhat.com/show_bug.cgi?id=1665263

[ 4 ] Bug #1646546 - CVE-2018-18897 poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc

https://bugzilla.redhat.com/show_bug.cgi?id=1646546

su -c 'dnf upgrade --advisory FEDORA-2019-7ff7f5093e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora DoS memory leak poppler

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 0.67.0
Release: 10.fc29
URL: http://poppler.freedesktop.org/
Summary: PDF rendering library

Topics%20covered

Topics Covered

security advisory Fedora DoS memory leak poppler

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here