Updated qpdf packages fix security vulnerabilities
Publication date: 03 Aug 2017Modification date: 03 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-9208 , CVE-2017-9209 , CVE-2017-9210 , CVE-2017-11624 , CVE-2017-11625 , CVE-2017-11626 , CVE-2017-11627
Description
This snapshot of the upstream development branch (6.0) of qpdf fixes
several infinite loop vulnerabilities: CVE-2017-9208, CVE-2017-9209,
CVE-2017-9210, CVE-2017-11624, CVE-2017-11625, CVE-2017-11626,
CVE-2017-11627.
For Mageia 5, the cups-filters package was also rebuilt against this
new major version of qpdf.
References
- https://bugs.mageia.org/show_bug.cgi?id=20915
- https://github.com/qpdf/qpdf/tree/8ee83ca722baad9434119bb72d620dfd8e6103c4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9208
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9209
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9210
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11624
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11625
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11626
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11627
SRPMS
5/core
- cups-filters-1.0.71-1.3.mga5
- qpdf-6.0.0-2.20170730.1.mga5
6/core
- qpdf-6.0.0-2.20170730.1.mga6