Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Fedora 41: php-tcpdf 2024-7d6412477b critical: error handling improvements

fedora
Calendar Grey January 8, 2025
Dist Fedora Esm H88
The recent upgrade for php-tcpdf in Fedora 41 resolves various concerns including enhanced error management and revised dependency specifications.
Version 6.8.0 (2024-12-23) Requires PHP 7.1+ and curl extension

Summary

PHP class for generating PDF documents.

* no external libraries are required for the basic functions;

* all standard page formats, custom page formats, custom margins and units

of measure;

* UTF-8 Unicode and Right-To-Left languages;

* TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0 fonts;

* font subsetting;

* methods to publish some XHTML + CSS code, Javascript and Forms;

* images, graphic (geometric figures) and transformation methods;

* supports JPEG, PNG and SVG images natively, all images supported by GD

(GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported

via ImagMagick (http: )

* 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93,

USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits

UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET,

RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code),

KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode,

USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS,

Datamatrix ECC200, QR-Code, PDF417;

* ICC Color Profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies;

* automatic page header and footer management;

* document encryption up to 256 bit and digital signature certifications;

* transactions to UNDO commands;

* PDF annotations, including links, text and file attachments;

* text rendering modes (fill, stroke and clipping);

* multiple columns mode;

* no-write page regions;

* bookmarks and table of content;

* text hyphenation;

* text stretching and spacing (tracking/kerning);

* automatic page break, line break and text alignments including justification;

* automatic page numbering and page groups;

* move and delete pages;

* page compression (requires php-zlib extension);

* XOBject templates;

* PDF/A-1b (ISO 19005-1:2005) support.

By default, TCPDF uses the GD library which is know as slower than ImageMagick

solution. You can optionally install php-pecl-imagick; TCPDF will use it.

Update Information:

Version 6.8.0 (2024-12-23) Requires PHP 7.1+ and curl extension. Escape error message. Use strict time-constant function to compare TCPDF-tag hashes. Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have changed). Add some addTTFfont fixes from tc-lib-pdf-font.

Change Log

* Mon Dec 23 2024 Remi Collet - 6.8.0-1 - update to 6.8.0 - raise dependency on PHP 7.1

References


[ 1 ] Bug #2334296 - CVE-2024-56522 php-tcpdf: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334296 [ 2 ] Bug #2334301 - CVE-2024-56519 php-tcpdf: setSVGStyles does not sanitize the SVG font-family attribute [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334301 [ 3 ] Bug #2334304 - CVE-2024-56521 php-tcpdf: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334304 [ 4 ] Bug #2334345 - CVE-2024-56527 php-tcpdf: Error function lacks an htmlspecialchars call for the error message. [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334345

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7d6412477b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-tcpdf
Product: Fedora 41
Version: 6.8.0
Release: 1.fc41
Summary: PHP class for generating PDF documents and barcodes

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here