Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
203
security advisorysecurity issueinteger overflowMageia 9 MGASA-2024-0035 Important: Xpdf Memory Access Threats
The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. (CVE-2022-30524) Integer overflow in rasterizer. (CVE-2022-30775) PDF object loop in Catalog::countPageTree. (CVE-2022-33108) . MGASA-2024-0035 - Updated xpdf packages fix security vulnerabilities Publication date: 10 Feb 2024 URL: https://advisories.mageia.org/MGASA-2024-0035.html Type: security Affected Mageia releases: 9 CVE: CVE-2022-30524, CVE-2022-30775, CVE-2022-33108, CVE-2022-36561, CVE-2022-38222, CVE-2022-38334, CVE-2022-38928, CVE-2022-41842, CVE-2022-41843, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295, CVE-2022-45586, CVE-2022-45587, CVE-2023-2662, CVE-2023-2663, CVE-2023-2664, CVE-2023-3044, CVE-2023-3436 The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. (CVE-2022-30524) Integer overflow in rasterizer. (CVE-2022-30775) PDF object loop in Catalog::countPageTree. (CVE-2022-33108) PDF object loop in AcroForm::scanField. (CVE-2022-36561) Logic bug in JBIG2 decoder. (CVE-2022-38222) PDF object loop in Catalog::countPageTree. (CVE-2022-38334) Missing bounds check in CFF font converter caused null pointer dereference. (CVE-2022-38928) PDF object loop in Catalog::countPageTree. (CVE-2022-41842) Missing bounds check in CFF font parser caused invalid memory access. (CVE-2022-41843) PDF object loop in AcroForm::scanField. (CVE-2022-41844) PDF object loop in Catalog::readPageLabelTree2. (CVE-2022-43071) PDF object loop in Catalog::countPageTree. (CVE-2022-43295) PDF object loop in Catalog::countPageTree. (CVE-2022-45586) PDF object loop in Catalog::countPageTree. (CVE-2022-45587) Divide-by-zero in Xpdf 4.04 due to bad color space object. (CVE-2023-2662) PDF object loop in Catalog::readPageLabelTree2. (CVE-2023-2663) PDF object loop in Catalog::readEmbeddedFileTree. (CVE-2023-2664) Divide-by-zero in Xpdf 4.04 due to very large page size.(CVE-2023-3044) Deadlock in Xpdf 4.04 due to PDF object stream references. (CVE-203-3436) References: - https://bugs.mageia.org/show_bug.cgi?id=30812 - http://www.xpdfreader.com/security-fixes.html - https://www.cve.org/CVERecord?id=CVE-2022-30524 - https://www.cve.org/CVERecord?id=CVE-2022-30775 - https://www.cve.org/CVERecord?id=CVE-2022-33108 - https://www.cve.org/CVERecord?id=CVE-2022-36561 - https://www.cve.org/CVERecord?id=CVE-2022-38222 - https://www.cve.org/CVERecord?id=CVE-2022-38334 - https://www.cve.org/CVERecord?id=CVE-2022-38928 - https://www.cve.org/CVERecord?id=CVE-2022-41842 - https://www.cve.org/CVERecord?id=CVE-2022-41843 - https://www.cve.org/CVERecord?id=CVE-2022-41844 - https://www.cve.org/CVERecord?id=CVE-2022-43071 - https://www.cve.org/CVERecord?id=CVE-2022-43295 - https://www.cve.org/CVERecord?id=CVE-2022-45586 - https://www.cve.org/CVERecord?id=CVE-2022-45587 - https://www.cve.org/CVERecord?id=CVE-2023-2662 - https://www.cve.org/CVERecord?id=CVE-2023-2663 - https://www.cve.org/CVERecord?id=CVE-2023-2664 - https://www.cve.org/CVERecord?id=CVE-2023-3044 - https://www.cve.org/CVERecord?id=CVE-2023-3436 SRPMS: - 9/core/xpdf-4.05-1.mga9 . Newly released xpdf updates for Mageia resolve various security vulnerabilities, including improper memory access and potential integer overflows.. xpdf Security Update,Memory Access Bug,PDF Processing Issue,Mageia Advisory. . Severity: Important. LinuxSecurity.com Team
Feb 10, 2024
•Important
Mageia
89
security advisoryupdatecriticalFedora 24 Poppler Update: Critical Null Pointer Issue Resolved
CVE-2017-7511 poppler: Null pointer dereference in pdfunite via crafted documents. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-7e6f5f6957 2017-06-15 02:56:58.020723 --------------------------------------------------------------------------------Name : poppler Product : Fedora 24 Version : 0.41.0 Release : 4.fc24 URL : https://poppler.freedesktop.org/ Summary : PDF rendering library Description : Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. --------------------------------------------------------------------------------Update Information: CVE-2017-7511 poppler: Null pointer dereference in pdfunite via crafted documents --------------------------------------------------------------------------------References: [ 1 ] Bug #1456828 - CVE-2017-7511 poppler: Null pointer dereference in pdfunite via crafted documents [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1456828 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade poppler' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 15, 2017
•Critical
Fedora
89
security advisoryFedorabug fixFedora 20: clamav Security Advisory - Critical Scanning Enhancements
ClamAV 0.98.7 This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-7378 2015-05-01 11:30:34 -------------------------------------------------------------------------------- Name : clamav Product : Fedora 20 Version : 0.98.7 Release : 1.fc20 URL : http://www.clamav.net Summary : End-user tools for the Clam Antivirus scanner Description : Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. -------------------------------------------------------------------------------- Update Information: ClamAV 0.98.7 ============ This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format. - Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. - Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222. - Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong. - Fix a couple crashes on crafted upackpacked file. Identified and patches supplied by Sebastian Andrzej Siewior. - Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior. - Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668. - Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes. - Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305. - Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170. - Fix segfault scanning certain HTML files. Reported with sample by Kai Risku. - Improve detections within xar/pkg files. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2015 Robert Scheck - 0.98.7-1 - Upgrade to 0.98.7 and updated daily.cvd (#1217014) * Tue Mar 10 2015 Adam Jackson 0.98.6-2 - Drop sysvinit subpackages in F23+ * Thu Jan 29 2015 Robert Scheck - 0.98.6-1 - Upgrade to 0.98.6 and updated daily.cvd (#1187050) * Wed Nov 19 2014 Robert Scheck - 0.98.5-2 - Corrected summary of clamav-server-systemd package (#1165672) * Wed Nov 19 2014 Robert Scheck - 0.98.5-1 - Upgrade to 0.98.5 and updated daily.cvd (#1138101) * Sat Aug 16 2014 Fedora Release Engineering - 0.98.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 21 2014 Robert Scheck - 0.98.4-1 - Upgrade to 0.98.4 and updated daily.cvd (#1111811) - Add build requirement to libxml2 for DMG, OpenIOC and XAR * Sat Jun 7 2014 Fedora Release Engineering - 0.98.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat May 10 2014 Robert Scheck - 0.98.3-1 - Upgrade to 0.98.3 and updated daily.cvd (#1095614) - Avoid automatic path detection breakage regarding curl - Added build requirement to openssl-devel for hasing code - Added clamsubmit to main package *Wed Jan 15 2014 Robert Scheck - 0.98.1-1 - Upgrade to 0.98.1 and updated daily.cvd (#1053400) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1217207 - CVE-2015-2222 clamav: crash on crafted petite packed file https://bugzilla.redhat.com/show_bug.cgi?id=1217207 [ 2 ] Bug #1217209 - CVE-2015-2170: clamav: Crash in upx decoder with crafted file https://bugzilla.redhat.com/show_bug.cgi?id=1217209 [ 3 ] Bug #1217206 - CVE-2015-2221: clamav Infinite loop condition on crafted y0da cryptor file https://bugzilla.redhat.com/show_bug.cgi?id=1217206 [ 4 ] Bug #1217208 - CVE-2015-2668 clamav: Infinite loop condition on a crafted "xz" archive file https://bugzilla.redhat.com/show_bug.cgi?id=1217208 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update clamav' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
May 12, 2015
•Critical
Fedora
172
security advisorycode executionremote attackUbuntu 10.04 LTS & 10.10: USN-1031-1 Critical ClamAV Code Execution
Arkadiusz Miskiewicz and others discovered that the PDF processingcode in libclamav improperly validated input. This could allow aremote attacker to craft a PDF document that could crash clamav orpossibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479) [More...]. ==========================================================Ubuntu Security Notice USN-1031-1 December 10, 2010 clamav vulnerabilities CVE-2010-4260, CVE-2010-4261, CVE-2010-4479 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: libclamav6 0.96.3+dfsg-2ubuntu1.0.10.04.2 Ubuntu 10.10: libclamav6 0.96.3+dfsg-2ubuntu1.2 In general, a standard system update will make all the necessary changes. Details follow: Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input. This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479) It was discovered that an off-by-one error in the icon_cb function in pe_icons.c in libclamav could allow an attacker to corrupt memory, causing clamav to crash or possibly execute arbitrary code. (CVE-2010-4261) In the default installation, attackers would be isolated by the clamav AppArmor profile. Updated packages for Ubuntu 10.04 LTS: Source archives: Size/MD5: 284066 72a7c4ff80f395c5dc8e4e7acd6fcd39 Size/MD5: 2323 d1d47147356bfaf610c993b8a9ed0530 Size/MD5: 40572329 730c1af9badcee2bce4bbaf1cf8ea20a Architecture independent packages: Size/MD5: 297088 745b7132479daa4dbdc5ca6cc023e0b2 Size/MD5: 1295426 b03dae836f5cdf461c3a5f6a98a7363f Size/MD5: 5257088aa5604ebd0f1e4646ce5d9e056513d11 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 424096 28c2f45042aafbf487e59ce679327bb3 Size/MD5: 22343058 abe9dff9f24f9f9b6b9f9faf5be2936b Size/MD5: 313300 e88ecbee6c0f900b5854b2c1ca9b0771 Size/MD5: 335490 6d0081c84e0f46ee73bbf452309c03a3 Size/MD5: 217914 11b54c1f926069a93149ce28b7cf5325 Size/MD5: 3898290 0bd7e669232378b4b83a8bfdd0c8d716 Size/MD5: 345108 843a766d2909777cc88ccbf03468a6fa i386 architecture (x86 compatible Intel/AMD): Size/MD5: 410854 416f5d73612e5d37fbb904bb80dffb49 Size/MD5: 22043342 aa53f5f25b3a28b22315e17544bd7a6d Size/MD5: 308344 d090653db3483820420e465513b7d858 Size/MD5: 327348 4cdcc06e3cfb9c241c7d6f560963116b Size/MD5: 218084 752cc79037d5f08df096c528bc7eb8b6 Size/MD5: 3751526 c6dc2280d050c37f1f82ce62ba612cac Size/MD5: 338432 7156843fc6e5b7087d1fba58177ee81f armel architecture (ARM Architecture): Size/MD5: 406882 b19ca9fc2963a4fe76940587ca7f8442 Size/MD5: 1495938 235245876f8a1fd659ad3696e0b8cff0 Size/MD5: 309068 4901391a555ca3b99facd67598e3ef63 Size/MD5: 325884 8a8c68c7bef2a417c05140649aabb9e7 Size/MD5: 217988 af08d9ccb28d785bd3067cee79f2d342 Size/MD5: 692904 0a11d55c4b11b7c4b6fde5b7ae283f96 Size/MD5: 338696 3956ef9d6b6a60777ac474f39594f5b7 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 424978 52b56412f9313f830a49e6730f7bb4f1 Size/MD5: 21946304 dadb3d6e3edd3d878c23043e0b3584d8 Size/MD5: 312588 525bf79e6f80fa681de6e53a177fe4c8 Size/MD5: 332978 b5e3e48ab070066931c15f0f9843b71c Size/MD5: 217914 7dd955a186cb8879aa479dd624b9f83a Size/MD5: 3694500 19f57c2f9c3330de8403f95ed26bd89a Size/MD5: 346032 4dcf3621752746f0683e88cfae681f98 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 41750447562db771ffce66d1e33b023815529b Size/MD5: 1521812 7e2834b60264a9944b54182dd66d2644 Size/MD5: 310268 09362fd78f8dd8aa40bf8d638f7e953c Size/MD5: 330544 243c260c46b4786b22a831feca6c22a6 Size/MD5: 217912 140f98988be6715168cf7f5422ab6f76 Size/MD5: 772802 dd43c6b2029227a726eb3f5ab90e944a Size/MD5: 343194 6e4b332cb4162cd29895a4b5171d2abd Updated packages for Ubuntu 10.10: Source archives: Size/MD5: 291139 9ce8ad8427f113d6e329a3c3812d68c0 Size/MD5: 2291 337c8ca91f8956bb01144d4bf3f13609 Size/MD5: 40572329 730c1af9badcee2bce4bbaf1cf8ea20a Architecture independent packages: Size/MD5: 299354 0702fd8ea1c31955e8fc797ae87c46b2 Size/MD5: 1288682 882a0315fe510542baab00e77d557a78 Size/MD5: 5257128 6e78e746dcee221c2e95bc4dfa05f362 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 423112 f64bda3984cd1f8b760f5da57d3bca92 Size/MD5: 22417984 963e7c2edb60496ca072725e539e5b41 Size/MD5: 311226 0a361a85a35b6650d00fbe84c5a7580a Size/MD5: 334098 32f9b98511150530ad007a7c93c40386 Size/MD5: 217926 e1c3ab677049300717250e3908666cd1 Size/MD5: 3922972 35138e4e10a58348be364e5b19ea5df9 Size/MD5: 342886 de12b75256683c846f2919c696c71887 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 410320 a7060679083c339a102a767ed2a3d9f7 Size/MD5: 21960252 d96e86f0a3d8cddd55cfc3bea3ef3daf Size/MD5: 310040 a482134aedc49b9a7eff0186fb6035cd Size/MD5: 327554 f969082370c05ca79fcaf44062adebee Size/MD5: 217872 8f719985193939a25b03473bfbbcb952 Size/MD5: 3725056 58b1925563125ea7eddb29731d27374a Size/MD5: 340596 10c0a5c04be3d339c5301df687cb7487 armel architecture (ARM Architecture): Size/MD5: 416402 e22a834a33f2d363598865896256c192 Size/MD5: 1530710 01fd1a616c74c7612913b3cc8a875395 Size/MD5: 3080924a743b08c9a1c8ad4ec79a6455334486 Size/MD5: 328372 0ca2551f95b67a8af4c285e36b1efc50 Size/MD5: 217954 db4b7c26334bc6f9a48af201f3c8ce53 Size/MD5: 762684 87f79650eea51f5bca7953b4108f44c7 Size/MD5: 341370 f941f44011e8220f1a1369e575ca8511 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 423734 a3cba413ddba7c8c869ef1052695d72f Size/MD5: 21943056 c945d37dfdc2f90cfdd3afa9e13770ff Size/MD5: 312116 f75d13c70a666b6c50c94f11d8fc5fc7 Size/MD5: 332152 9875d25fd10e30aa1caa97274fc6490c Size/MD5: 217878 dd01a33de40da567649a02f9bee20135 Size/MD5: 3689510 ff8cd6d3eb28b66036db5ada5629cd7e Size/MD5: 345698 af4e9a8d36665dce94083e6c499ffdb3 . Ubuntu Security Notice USN-1031-1 reveals critical ClamAV vulnerabilities allowing remote code execution through harmful PDF files, emphasizing urgent security updates to safeguard systems. Ubuntu Security Notice, ClamAV Security Issues, PDF Processing Threats. . Severity: Critical. LinuxSecurity.com Team
Dec 10, 2010
•Critical
Ubuntu
89
security advisorymoderateFedoraFedora 9: 2009-2655 Moderate: Pdfjam Script Security Issues
PDFjam scripts previously create temporary files with predictable names, and are also susceptible to the search path being modified. This update fixes the two issues.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-2655 2009-03-13 18:03:29 --------------------------------------------------------------------------------Name : pdfjam Product : Fedora 9 Version : 1.21 Release : 1.fc9 URL : Summary : Utilities for join, rotate and align PDFs Description : PDFjam is a small collection of shell scripts which provide a simple interface to some of the functionality of the excellent pdfpages package (by Andreas Matthias) for pdfLaTeX. At present the utilities available are: * pdfnup, which allows PDF files to be "n-upped" in roughly the way that psnup does for PostScript files; * pdfjoin, which concatenates the pages of multiple PDF files together into a single file; * pdf90, which rotates the pages of one or more PDF files through 90 degrees (anti-clockwise). In every case, source files are left unchanged. A potential drawback of these utilities is that any hyperlinks in the source PDF are lost. On the positive side, there is no appreciable degradation of image quality in processing PDF files with these programs, unlike some other indirect methods such as "pdf2ps | psnup | ps2pdf" (in the author's experience). --------------------------------------------------------------------------------Update Information: PDFjam scripts previously create temporary files with predictable names, and are also susceptible to the search path being modified. This update fixes the two issues. --------------------------------------------------------------------------------References: [ 1 ] Bug #480174 - pdfjam: multiple security issues (CVE-2008-5743, CVE-2008-5843) https://bugzilla.redhat.com/show_bug.cgi?id=480174 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update pdfjam' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Mar 13, 2009
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!