Mageia 2019-0293: xpdf security update

    Date06 Oct 2019
    CategoryMageia
    468
    Posted ByLinuxSecurity Advisories
    The updated xpdf packages fix security vulnerabilities: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. (CVE-2019-10018)
    MGASA-2019-0293 - Updated xpdf packages fix security vulnerabilities
    
    Publication date: 06 Oct 2019
    URL: https://advisories.mageia.org/MGASA-2019-0293.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-10018,
         CVE-2019-10019,
         CVE-2019-10021,
         CVE-2019-10023,
         CVE-2019-16927
    
    The updated xpdf packages fix security vulnerabilities:
    
    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
    PostScriptFunction::exec at Function.cc for the psOpIdiv case.
    (CVE-2019-10018)
    
    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
    PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
    (CVE-2019-10019)
    
    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
    ImageStream::ImageStream at Stream.cc for nComps. (CVE-2019-10021)
    
    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
    PostScriptFunction::exec at Function.cc for the psOpMod case.
    (CVE-2019-10023)
    
    Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the
    TextPage::findGaps function in TextOutputDev.cc, a different vulnerability
    than CVE-2019-9877. (CVE-2019-16927)
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=25364
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10019
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10021
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10023
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16927
    
    SRPMS:
    - 7/core/xpdf-4.02-1.mga7
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.