Advisories ยป MGASA-2018-0145

Updated qpdf packages fix security vulnerabilities

Publication date: 26 Feb 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-11624 , CVE-2017-11625 , CVE-2017-11626 , CVE-2017-11627 , CVE-2017-12595 , CVE-2017-9208 , CVE-2017-9209 , CVE-2017-9210


Updated qpdf packages fix security vulnerabilities:

1. Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
2. Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
3. Stack out of bounds read in iterate_rc4()
4. heap out of bounds read (large) in Pl_Buffer::write
5. Hang due to a pdf xref loop:

Also, the libjpeg package has been patched to provide pkgconfig files, so that
cups-filters could be rebuilt against this qpdf update.