You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa poppler

Sigurnosni nedostaci programskog paketa poppler

——————————————————————————–
Fedora Update Notification
FEDORA-2019-95eb49ef49
2019-04-30 02:27:07.062997
——————————————————————————–

Name : poppler
Product : Fedora 29
Version : 0.67.0
Release : 18.fc29
URL : http://poppler.freedesktop.org/
Summary : PDF rendering library
Description :
poppler is a PDF rendering library.

——————————————————————————–
Update Information:

Security fix for CVE-2019-9903 and CVE-2019-11026.
——————————————————————————–
ChangeLog:

* Wed Apr 17 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-18
– Fix stack overflow on broken file
– Resolves: #1691725
* Wed Apr 17 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-17
– Fix infinite loop in broken files
– Resolves: #1699863
* Mon Apr 1 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-16
– Constrain number of cycles in rescale filter
– Compute correct coverage values for box filter
– Resolves: #1686803
* Mon Apr 1 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-15
– Check for Ref type before unwrapping Object
– Resolves: #1694457
* Mon Mar 11 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-14
– Fix possible crash on broken files in ImageStream::getLine()
– Resolves: #1683633
* Fri Mar 8 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-13
– Synchronize previous patch with upstream
– Related: #1665274
* Wed Feb 20 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-12
– Check Catalog from XRef for being a Dict
– Resolves: #1665274
* Wed Feb 20 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-11
– Defend against requests for negative XRef indices
– Resolves: #1672420
* Tue Jan 22 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-10
– Avoid global display profile state becoming an uncontrolled
– memory leak
– Resolves: #1646549
* Mon Jan 21 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-9
– Do not try to parse into unallocated XRef entry
– Resolves: #1665268
* Mon Jan 21 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-8
– Move the fileSpec.dictLookup call inside fileSpec.isDict if
– Resolves: #1665264
* Mon Jan 21 2019 Marek Kasik <mkasik@redhat.com> – 0.67.0-7
– Do not try to construct invalid rich media annotation assets
– Resolves: #1665260
* Thu Nov 15 2018 Marek Kasik <mkasik@redhat.com> – 0.67.0-6
– Check for valid file name of embedded file
– Resolves: #1649451
* Thu Nov 15 2018 Marek Kasik <mkasik@redhat.com> – 0.67.0-5
– Check for valid embedded file before trying to save it
– Resolves: #1649441
* Thu Nov 15 2018 Marek Kasik <mkasik@redhat.com> – 0.67.0-4
– Check for stream before calling stream methods
– when saving an embedded file
– Resolves: #1649436
* Mon Nov 12 2018 Marek Kasik <mkasik@redhat.com> – 0.67.0-3
– Avoid cycles in PDF parsing
– Resolves: #1626620
* Wed Oct 17 2018 Marek Kasik <mkasik@redhat.com> – 0.67.0-2
– Fix crash on missing embedded file
– Resolves: #1569334
——————————————————————————–
References:

[ 1 ] Bug #1691724 – CVE-2019-9903 poppler: stack consumption in function Dict::find() in Dict.cc
https://bugzilla.redhat.com/show_bug.cgi?id=1691724
[ 2 ] Bug #1699862 – CVE-2019-11026 poppler: infinite recursion in function FontInfoScanner::scanFonts in FontInfo.cc
https://bugzilla.redhat.com/show_bug.cgi?id=1699862
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-95eb49ef49’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libX11

Otkriveni su sigurnosni nedostaci programske biblioteke libX11 za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja. Savjetuje...

Close