Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 31: FEDORA-2020-c3a2b4ccd3 Critical: libvirt Remote Code Execution

fedora
Calendar Grey May 21, 2019
Dist Fedora Esm H88
Fedora 31 introduces a crucial update for MuPDF, tackling several security flaws while improving the stability and efficiency of the PDF viewer.
rebase to 1.15.0

Summary

MuPDF is a lightweight PDF viewer and toolkit written in portable C.

The renderer in MuPDF is tailored for high quality anti-aliased

graphics. MuPDF renders text with metrics and spacing accurate to

within fractions of a pixel for the highest fidelity in reproducing

the look of a printed page on screen.

MuPDF has a small footprint. A binary that includes the standard

Roman fonts is only one megabyte. A build with full CJK support

(including an Asian font) is approximately five megabytes.

MuPDF has support for all non-interactive PDF 1.7 features, and the

toolkit provides a simple API for accessing the internal structures of

the PDF document. Example code for navigating interactive links and

bookmarks, encrypting PDF files, extracting fonts, images, and

searchable text, and rendering pages to image files is provided.

rebase to 1.15.0

* Tue May 7 2019 Michael J Gruber - 1.15.0-1

- rebase to 1.15.0

* Mon Apr 29 2019 Michael J Gruber - 1.15rc1-1

- rc1 test

[ 1 ] Bug #1656767 - CVE-2018-19881 mupdf: Excessive stack consumption in fitz/xml.c fz_xml_att resulting in a denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1656767

[ 2 ] Bug #1656768 - CVE-2018-19882 mupdf: NULL pointer dereference in the svg_run_image function resulting in a denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1656768

[ 3 ] Bug #1667319 - CVE-2019-6131 mupdf: Stack overflow in function svg_run_element, svg_run_use_symbol, svg_run_use of file svg_run.c

https://bugzilla.redhat.com/show_bug.cgi?id=1667319

[ 4 ] Bug #1667309 - CVE-2019-6130 mupdf: NULL pointer dereference in fz_load_page() in fitz/document.c

https://bugzilla.redhat.com/show_bug.cgi?id=1667309

su -c 'dnf upgrade --advisory FEDORA-2019-befe3bd225' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory denial of service Fedora vulnerability update notification mupdf

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 1.15.0
Release: 1.fc30
URL: https://mupdf.com/
Summary: A lightweight PDF viewer and toolkit

Topics%20covered

Topics Covered

security advisory denial of service Fedora vulnerability update notification mupdf

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here