Stay Secure with the Latest Linux Advisories

security advisoryFedorastack exhaustion

Fedora 27: qpdf Security Update for Stack Exhaustion and Infinite Loop

Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918, CVE-2017-11627, CVE-2017-12595.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-f2e1c09437 2018-04-30 16:33:57.130928 --------------------------------------------------------------------------------Name : qpdf Product : Fedora 27 Version : 7.1.1 Release : 5.fc27 URL : https://qpdf.sourceforge.io/ Summary : Command-line tools and library for transforming PDF files Description : QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program capable of converting PDF into other formats. --------------------------------------------------------------------------------Update Information: Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918, CVE-2017-11627, CVE-2017-12595. --------------------------------------------------------------------------------ChangeLog: * Mon Apr 16 2018 Zdenek Dohnal - 7.1.1-5 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all] * Mon Feb 19 2018 Zdenek Dohnal - 7.1.1-4 - gcc and gcc-c++ are no longer in buildroot by default * Fri Feb 9 2018 Fedora Release Engineering - 7.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Feb 8 2018 Zdenek Dohnal - 7.1.1-2 - remove old stuff * Mon Feb 5 2018 Zdenek Dohnal - 7.1.1-1 - rebase to 7.1.1 * Tue Sep 19 2017 Zdenek Dohnal - 7.0.0-1 - rebase to 7.0.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #1566756 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a https://bugzilla.redhat.com/show_bug.cgi?id=1566756 [ 2 ] Bug #1475517 - CVE-2017-11627 qpdf: Infinite loop in PointerHolder function in PointerHolder.hh https://bugzilla.redhat.com/show_bug.cgi?id=1475517 [ 3 ] Bug #1485847 - CVE-2017-12595 qpdf: Stack overflow when processing deeply nested arrays and dictionaries https://bugzilla.redhat.com/show_bug.cgi?id=1485847 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-f2e1c09437' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest qpdf update improves PDF handling on Fedora 27, addressing vulnerabilities and boosting security protocols.. PDF Security Fix, Fedora 27 Update, qpdf Update. . Severity: Important. LinuxSecurity.com Team

Apr 30, 2018 •Important Fedora