Описание
Security update for qpdf
This update for qpdf fixes the following issues:
qpdf was updated to 7.1.1.
Security issues fixed:
-
CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577).
-
CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579).
-
CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578).
-
CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581).
-
CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960).
-
CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312).
-
CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313).
-
CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311).
- Check release notes for detailed bug fixes.
- http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
Ссылки
- Link for SUSE-SU-2018:3066-2
- E-Mail link for SUSE-SU-2018:3066-2
- SUSE Security Ratings
- SUSE Bug 1040311
- SUSE Bug 1040312
- SUSE Bug 1040313
- SUSE Bug 1050577
- SUSE Bug 1050578
- SUSE Bug 1050579
- SUSE Bug 1050581
- SUSE Bug 1055960
- SUSE CVE CVE-2017-11624 page
- SUSE CVE CVE-2017-11625 page
- SUSE CVE CVE-2017-11626 page
- SUSE CVE CVE-2017-11627 page
- SUSE CVE CVE-2017-12595 page
- SUSE CVE CVE-2017-9208 page
- SUSE CVE CVE-2017-9209 page
- SUSE CVE CVE-2017-9210 page
Описание
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
Затронутые продукты
Ссылки
- CVE-2017-11624
- SUSE Bug 1050581
Описание
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
Затронутые продукты
Ссылки
- CVE-2017-11625
- SUSE Bug 1050579
Описание
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
Затронутые продукты
Ссылки
- CVE-2017-11626
- SUSE Bug 1050578
Описание
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
Затронутые продукты
Ссылки
- CVE-2017-11627
- SUSE Bug 1050577
Описание
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
Затронутые продукты
Ссылки
- CVE-2017-12595
- SUSE Bug 1055960
Описание
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
Затронутые продукты
Ссылки
- CVE-2017-9208
- SUSE Bug 1040311
Описание
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
Затронутые продукты
Ссылки
- CVE-2017-9209
- SUSE Bug 1040312
Описание
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
Затронутые продукты
Ссылки
- CVE-2017-9210
- SUSE Bug 1040313