Mageia Advisory: MGASA-2018-0131 - Updated qpdf packages fix security vulnerability

Updated qpdf packages fix security vulnerability

Publication date: 22 Feb 2018
Modification date: 22 Feb 2018
Type: security
Affected Mageia releases : 6

Description

Qpdf has been updated to the latest version to fix several security issues.
- Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
- Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
- Stack out of bounds read in iterate_rc4()
- heap out of bounds read (large) in Pl_Buffer::write
- Hang due to a pdf xref loop
Also, the cups-filters package has been rebuilt for the new qpdf.

References

https://bugs.mageia.org/show_bug.cgi?id=22586
http://openwall.com/lists/oss-security/2018/02/13/2

SRPMS

6/core

qpdf-7.1.1-1.mga6
cups-filters-1.13.4-2.2.mga6

Advisories » MGASA-2018-0131

Updated qpdf packages fix security vulnerability

Description

References

SRPMS

6/core