Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

SUSE: 2018:3318-1 Moderate: apache-pdfbox DoS Threat Fix

suse
Calendar Grey October 23, 2018
Dist Suse Esm H88
A new release for apache-pdfbox resolves a couple of concerns, particularly with denial of service vulnerabilities linked to specially designed files on SUSE Linux.
An update that fixes two vulnerabilities is now available

Summary

This update for apache-pdfbox fixes the following security issue: - CVE-2018-8036: A crafted file could have triggered an infinite loop which lead to DoS (bsc#1099721). - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009): Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2391=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): apache-pdfbox-1.8.12-3.5.4

References

#1099721 #1111009

Cross- CVE-2018-11797 CVE-2018-8036

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

https://www.suse.com/security/cve/CVE-2018-11797.html

https://www.suse.com/security/cve/CVE-2018-8036.html

https://bugzilla.suse.com/1099721

https://bugzilla.suse.com/1111009

Announcement ID: SUSE-SU-2018:3318-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.