Stay Secure with the Latest Linux Advisories

security advisorysoftware updateFedora

Fedora 40: FEDORA-2024-d6b0e72e3d critical: php-tcpdf security update

Version 6.8.0 (2024-12-23) Requires PHP 7.1+ and curl extension. Escape error message. Use strict time-constant function to compare TCPDF-tag hashes. Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-d6b0e72e3d 2025-01-08 03:05:51.306082+00:00 -------------------------------------------------------------------------------- Name : php-tcpdf Product : Fedora 40 Version : 6.8.0 Release : 1.fc40 URL : https://tcpdf.org/ Summary : PHP class for generating PDF documents and barcodes Description : PHP class for generating PDF documents. * no external libraries are required for the basic functions; * all standard page formats, custom page formats, custom margins and units of measure; * UTF-8 Unicode and Right-To-Left languages; * TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0 fonts; * font subsetting; * methods to publish some XHTML + CSS code, Javascript and Forms; * images, graphic (geometric figures) and transformation methods; * supports JPEG, PNG and SVG images natively, all images supported by GD (GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported via ImagMagick (http: ) * 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93, USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET, RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code), KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode, USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS, Datamatrix ECC200, QR-Code, PDF417; * ICC Color Profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies; * automatic page header and footer management; * document encryption up to 256 bit and digital signature certifications; * transactionsto UNDO commands; * PDF annotations, including links, text and file attachments; * text rendering modes (fill, stroke and clipping); * multiple columns mode; * no-write page regions; * bookmarks and table of content; * text hyphenation; * text stretching and spacing (tracking/kerning); * automatic page break, line break and text alignments including justification; * automatic page numbering and page groups; * move and delete pages; * page compression (requires php-zlib extension); * XOBject templates; * PDF/A-1b (ISO 19005-1:2005) support. By default, TCPDF uses the GD library which is know as slower than ImageMagick solution. You can optionally install php-pecl-imagick; TCPDF will use it. -------------------------------------------------------------------------------- Update Information: Version 6.8.0 (2024-12-23) Requires PHP 7.1+ and curl extension. Escape error message. Use strict time-constant function to compare TCPDF-tag hashes. Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have changed). Add some addTTFfont fixes from tc-lib-pdf-font. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 23 2024 Remi Collet - 6.8.0-1 - update to 6.8.0 - raise dependency on PHP 7.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2334288 - CVE-2024-56522 php-tcpdf: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334288 [ 2 ] Bug #2334292 - CVE-2024-56519 php-tcpdf: setSVGStyles does not sanitize the SVG font-family attribute [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334292 [ 3 ] Bug #2334297 - CVE-2024-56521 php-tcpdf: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334297 [ 4 ] Bug #2334342 - CVE-2024-56527 php-tcpdf: Error function lacks an htmlspecialchars call for the error message. [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334342 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-d6b0e72e3d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . PHP TCPDF version 6.8.0 for Fedora 40 brings vital updates, improved security measures, and additional configuration options.. tcpdf update, php security, Fedora software, PDF generation issues. . Severity: Critical. LinuxSecurity.com Team

Jan 08, 2025 •Critical Fedora