{ "schema_version": "1.7.0", "id": "MGASA-2018-0131", "published": "2018-02-22T19:49:44Z", "modified": "2018-02-22T19:35:22Z", "summary": "Updated qpdf packages fix security vulnerability", "details": "Qpdf has been updated to the latest version to fix several security issues.\n- Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()\n- Another stack overflow / endless recursion in QPDFWriter::enqueueObject()\n- Stack out of bounds read in iterate_rc4()\n- heap out of bounds read (large) in Pl_Buffer::write\n- Hang due to a pdf xref loop\nAlso, the cups-filters package has been rebuilt for the new qpdf.\n", "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2018-0131.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=22586" }, { "type": "WEB", "url": "http://openwall.com/lists/oss-security/2018/02/13/2" } ], "affected": [ { "package": { "ecosystem": "Mageia:6", "name": "qpdf", "purl": "pkg:rpm/mageia/qpdf?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "7.1.1-1.mga6" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:6", "name": "cups-filters", "purl": "pkg:rpm/mageia/cups-filters?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.13.4-2.2.mga6" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }