[website] r1751 - html/trunk/blfs/advisories

Wed, 24 Mar 2021 21:45:54 -0700 

Author: renodr
Date: Wed Mar 24 21:45:39 2021
New Revision: 1751

Log:
Advisories: Add 10.1-010 for PDFBox (FOP)

Modified:
   html/trunk/blfs/advisories/10.1.html
   html/trunk/blfs/advisories/consolidated.html

Modified: html/trunk/blfs/advisories/10.1.html
==============================================================================
--- html/trunk/blfs/advisories/10.1.html        Tue Mar 23 11:03:30 2021        
(r1750)
+++ html/trunk/blfs/advisories/10.1.html        Wed Mar 24 21:45:39 2021        
(r1751)
@@ -104,6 +104,16 @@
 
     <!-- end of OpenSSH -->
 
+    <h3>PDFBox (FOP)</h3>
+
+    <a id="10.1-010">
+    <h4>10.1 010 PDFBox (FOP) Date: 2021-03-25 Severity: Medium</h4>
+    <p>Two security vulnerabilities were fixed that could lead to infinite 
loops
+    or OutOfMemory exceptions when processing crafted input. Update the
+    supplemental JARs (PDFBox and FontBox) in FOP to 2.0.23 if you have 
+    FOP installed.
+    <a href="consolidated.html#10.1-010">10.1-010</a></p>
+    
     <h3>QtWebEngine</h3>
 
     <a id="10.1-002">

Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html        Tue Mar 23 11:03:30 
2021        (r1750)
+++ html/trunk/blfs/advisories/consolidated.html        Wed Mar 24 21:45:39 
2021        (r1751)
@@ -80,6 +80,21 @@
     <p>There are currently no known security vulnerabilities for the latest
     releases of the books.</p>
     -->
+    <a id="10.1-010">
+    <h4>10.1 010 PDFBox (FOP) Date: 2021-03-25 Severity: Medium</h4>
+    <p>In Apache PDFBox-2.0.23, two security vulnerabilities were fixed. One of
+    the vulnerabilities could lead to infinite loops when loading input files,
+    and the other one may result in an OutOfMemory exception while loading an
+    input file. Both of these issues are classified as Denial-of-Service 
+    vulnerabilities.
+    These vulnerabilities have been assigned
+    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-27906";>CVE-2021-27906</a> and
+    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-27807";>CVE-2021-27807</a>.</p>
+    To fix these, update the supplemental JAR files in fop to 2.0.23 using the 
+    instructions in
+    <a href="../view/svn/pst/fop.html">fop (sysv)</a> or 
+    <a href="../view/systemd/pst/fop.html">fop (systemd)</a>.</p>
+
     <a id="10.1-009">
     <h4>10.1 009 JS78  Date: 2021-03-23  Severity: Medium</h4>
     <p>In the javascript code of firefox-78.9.0 there are hardening fixes
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to