-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2018-e3b98be78a 2018-05-09 16:03:11.775609 --------------------------------------------------------------------------------
Name : qpdf Product : Fedora EPEL 6 Version : 5.1.1 Release : 6.el6 URL : http://qpdf.sourceforge.net/ Summary : Command-line tools and library for transforming PDF files Description : QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program capable of converting PDF into other formats. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-11625, CVE-2017-11624, CVE-2017-12595, CVE-2018-9918. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1566756 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a https://bugzilla.redhat.com/show_bug.cgi?id=1566756 [ 2 ] Bug #1485847 - CVE-2017-12595 qpdf: Stack overflow when processing deeply nested arrays and dictionaries https://bugzilla.redhat.com/show_bug.cgi?id=1485847 [ 3 ] Bug #1475507 - CVE-2017-11624 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc https://bugzilla.redhat.com/show_bug.cgi?id=1475507 [ 4 ] Bug #1475510 - CVE-2017-11625 qpdf: Infinite loop in QPDF::resolveObjectsInStream function in QPDF.cc https://bugzilla.redhat.com/show_bug.cgi?id=1475510 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update qpdf' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ epel-package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
