Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:3066-1

Опубликовано: 08 окт. 2018
Источник: suse-cvrf

Описание

Security update for qpdf

This update for qpdf fixes the following issues:

qpdf was updated to 7.1.1.

Security issues fixed:

  • CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577).

  • CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579).

  • CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578).

  • CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581).

  • CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960).

  • CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312).

  • CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313).

  • CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311).

Список пакетов

SUSE Enterprise Storage 4
cups-filters-1.0.58-15.2.1
cups-filters-cups-browsed-1.0.58-15.2.1
cups-filters-foomatic-rip-1.0.58-15.2.1
cups-filters-ghostscript-1.0.58-15.2.1
libqpdf18-7.1.1-3.3.4
qpdf-7.1.1-3.3.4
SUSE Linux Enterprise Desktop 12 SP3
cups-filters-1.0.58-19.2.3
cups-filters-cups-browsed-1.0.58-19.2.3
cups-filters-foomatic-rip-1.0.58-19.2.3
cups-filters-ghostscript-1.0.58-19.2.3
libqpdf18-7.1.1-3.3.4
SUSE Linux Enterprise Server 12 SP1-LTSS
cups-filters-1.0.58-15.2.1
cups-filters-cups-browsed-1.0.58-15.2.1
cups-filters-foomatic-rip-1.0.58-15.2.1
cups-filters-ghostscript-1.0.58-15.2.1
libqpdf18-7.1.1-3.3.4
qpdf-7.1.1-3.3.4
SUSE Linux Enterprise Server 12 SP2-LTSS
cups-filters-1.0.58-15.2.1
cups-filters-cups-browsed-1.0.58-15.2.1
cups-filters-foomatic-rip-1.0.58-15.2.1
cups-filters-ghostscript-1.0.58-15.2.1
libqpdf18-7.1.1-3.3.4
qpdf-7.1.1-3.3.4
SUSE Linux Enterprise Server 12 SP3
cups-filters-1.0.58-19.2.3
cups-filters-cups-browsed-1.0.58-19.2.3
cups-filters-foomatic-rip-1.0.58-19.2.3
cups-filters-ghostscript-1.0.58-19.2.3
libqpdf18-7.1.1-3.3.4
qpdf-7.1.1-3.3.4
SUSE Linux Enterprise Server 12-LTSS
cups-filters-1.0.58-15.2.1
cups-filters-cups-browsed-1.0.58-15.2.1
cups-filters-foomatic-rip-1.0.58-15.2.1
cups-filters-ghostscript-1.0.58-15.2.1
libqpdf18-7.1.1-3.3.4
qpdf-7.1.1-3.3.4
SUSE Linux Enterprise Server for SAP Applications 12 SP1
cups-filters-1.0.58-15.2.1
cups-filters-cups-browsed-1.0.58-15.2.1
cups-filters-foomatic-rip-1.0.58-15.2.1
cups-filters-ghostscript-1.0.58-15.2.1
libqpdf18-7.1.1-3.3.4
qpdf-7.1.1-3.3.4
SUSE Linux Enterprise Server for SAP Applications 12 SP2
cups-filters-1.0.58-15.2.1
cups-filters-cups-browsed-1.0.58-15.2.1
cups-filters-foomatic-rip-1.0.58-15.2.1
cups-filters-ghostscript-1.0.58-15.2.1
libqpdf18-7.1.1-3.3.4
qpdf-7.1.1-3.3.4
SUSE Linux Enterprise Server for SAP Applications 12 SP3
cups-filters-1.0.58-19.2.3
cups-filters-cups-browsed-1.0.58-19.2.3
cups-filters-foomatic-rip-1.0.58-19.2.3
cups-filters-ghostscript-1.0.58-19.2.3
libqpdf18-7.1.1-3.3.4
qpdf-7.1.1-3.3.4
SUSE Linux Enterprise Software Development Kit 12 SP3
qpdf-devel-7.1.1-3.3.4
SUSE OpenStack Cloud 7
cups-filters-1.0.58-15.2.1
cups-filters-cups-browsed-1.0.58-15.2.1
cups-filters-foomatic-rip-1.0.58-15.2.1
cups-filters-ghostscript-1.0.58-15.2.1
libqpdf18-7.1.1-3.3.4
qpdf-7.1.1-3.3.4

Ссылки

Описание

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."

Затронутые продукты
SUSE Enterprise Storage 4:cups-filters-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-cups-browsed-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-foomatic-rip-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-ghostscript-1.0.58-15.2.1
Ссылки

Описание

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."

Затронутые продукты
SUSE Enterprise Storage 4:cups-filters-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-cups-browsed-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-foomatic-rip-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-ghostscript-1.0.58-15.2.1
Ссылки

Описание

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."

Затронутые продукты
SUSE Enterprise Storage 4:cups-filters-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-cups-browsed-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-foomatic-rip-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-ghostscript-1.0.58-15.2.1
Ссылки

Описание

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

Затронутые продукты
SUSE Enterprise Storage 4:cups-filters-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-cups-browsed-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-foomatic-rip-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-ghostscript-1.0.58-15.2.1
Ссылки

Описание

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.

Затронутые продукты
SUSE Enterprise Storage 4:cups-filters-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-cups-browsed-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-foomatic-rip-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-ghostscript-1.0.58-15.2.1
Ссылки

Описание

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

Затронутые продукты
SUSE Enterprise Storage 4:cups-filters-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-cups-browsed-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-foomatic-rip-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-ghostscript-1.0.58-15.2.1
Ссылки

Описание

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.

Затронутые продукты
SUSE Enterprise Storage 4:cups-filters-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-cups-browsed-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-foomatic-rip-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-ghostscript-1.0.58-15.2.1
Ссылки

Описание

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.

Затронутые продукты
SUSE Enterprise Storage 4:cups-filters-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-cups-browsed-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-foomatic-rip-1.0.58-15.2.1
SUSE Enterprise Storage 4:cups-filters-ghostscript-1.0.58-15.2.1
Ссылки
Уязвимость SUSE-SU-2018:3066-1