Mageia 2019-0293: xpdf security update

    Date06 Oct 2019
    648
    Posted ByLinuxSecurity Advisories
    The updated xpdf packages fix security vulnerabilities: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. (CVE-2019-10018)
    MGASA-2019-0293 - Updated xpdf packages fix security vulnerabilities
    
    Publication date: 06 Oct 2019
    URL: https://advisories.mageia.org/MGASA-2019-0293.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-10018,
         CVE-2019-10019,
         CVE-2019-10021,
         CVE-2019-10023,
         CVE-2019-16927
    
    The updated xpdf packages fix security vulnerabilities:
    
    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
    PostScriptFunction::exec at Function.cc for the psOpIdiv case.
    (CVE-2019-10018)
    
    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
    PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
    (CVE-2019-10019)
    
    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
    ImageStream::ImageStream at Stream.cc for nComps. (CVE-2019-10021)
    
    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
    PostScriptFunction::exec at Function.cc for the psOpMod case.
    (CVE-2019-10023)
    
    Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the
    TextPage::findGaps function in TextOutputDev.cc, a different vulnerability
    than CVE-2019-9877. (CVE-2019-16927)
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=25364
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10019
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10021
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10023
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16927
    
    SRPMS:
    - 7/core/xpdf-4.02-1.mga7
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.