Stay Secure with the Latest Linux Advisories

security advisorycritical issuefedora

Fedora 28: 2019-g3d3a17415 Urgent: libxml2 Memory Leak Detection

Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918, CVE-2017-11627, CVE-2017-12595.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-f2e1c09437 2018-04-30 16:33:57.130928 --------------------------------------------------------------------------------Name : qpdf Product : Fedora 27 Version : 7.1.1 Release : 5.fc27 URL : https://qpdf.sourceforge.io/ Summary : Command-line tools and library for transforming PDF files Description : QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program capable of converting PDF into other formats. --------------------------------------------------------------------------------Update Information: Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918, CVE-2017-11627, CVE-2017-12595. --------------------------------------------------------------------------------ChangeLog: * Mon Apr 16 2018 Zdenek Dohnal - 7.1.1-5 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all] * Mon Feb 19 2018 Zdenek Dohnal - 7.1.1-4 - gcc and gcc-c++ are no longer in buildroot by default * Fri Feb 9 2018 Fedora Release Engineering - 7.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Feb 8 2018 Zdenek Dohnal - 7.1.1-2 - remove old stuff * Mon Feb 5 2018 Zdenek Dohnal - 7.1.1-1 - rebase to 7.1.1 * Tue Sep 19 2017 Zdenek Dohnal - 7.0.0-1 - rebase to 7.0.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #1566756 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a https://bugzilla.redhat.com/show_bug.cgi?id=1566756 [ 2 ] Bug #1475517 - CVE-2017-11627 qpdf: Infinite loop in PointerHolder function in PointerHolder.hh https://bugzilla.redhat.com/show_bug.cgi?id=1475517 [ 3 ] Bug #1485847 - CVE-2017-12595 qpdf: Stack overflow when processing deeply nested arrays and dictionaries https://bugzilla.redhat.com/show_bug.cgi?id=1485847 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-f2e1c09437' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Upgrade qpdf to version 7.1.1 in Fedora to resolve significant security vulnerabilities, improving PDF processing features.. Fedora Security Update, qpdf, Command-line Tools, Stack Exhaustion, PDF Manipulation. . Severity: Critical. LinuxSecurity.com Team

Apr 30, 2018 •Critical Fedora