Bug 22586 - qpdf new security issues fixed upstream in 7.0.0
Summary: qpdf new security issues fixed upstream in 7.0.0
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 22648
  Show dependency treegraph
 
Reported: 2018-02-14 02:54 CET by David Walser
Modified: 2018-06-08 22:20 CEST (History)
6 users (show)

See Also:
Source RPM: qpdf-6.0.0-2.20170730.1.mga7.src.rpm
CVE:
Status comment: Fixed upstream in 7.0.0


Attachments
POC tests and quick tests of qpdf (6.29 KB, text/plain)
2018-02-20 18:59 CET, Len Lawrence
Details

Description David Walser 2018-02-14 02:54:09 CET
Multiple security issues fixed upstream in qpdf have been announced:
http://openwall.com/lists/oss-security/2018/02/13/2

It looks like all but the first linked from the message above were fixed after the last snapshot that we updated to.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-02-14 02:54:35 CET

CC: (none) => rverschelde
Whiteboard: (none) => MGA6TOO
Assignee: bugsquad => pkg-bugs
Status comment: (none) => Fixed upstream in 7.0.0

Comment 1 Stig-Ørjan Smelror 2018-02-19 13:36:38 CET
qpdf 7.1.1 pushed to Cauldron.

Cheers,
Stig

Version: Cauldron => 6
CC: (none) => smelror
Whiteboard: MGA6TOO => (none)

Comment 2 Stig-Ørjan Smelror 2018-02-20 12:07:02 CET
Advisory
========

Qpdf has been updated to the latest version to fix several security issues.

- Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
- Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
- Stack out of bounds read in iterate_rc4()
- heap out of bounds read (large) in Pl_Buffer::write
- Hang due to a pdf xref loop:


References
==========
http://openwall.com/lists/oss-security/2018/02/13/2

Files
=====

The following files have been uploaded to core/updates_testing

qpdf-7.1.1-1.mga6
qpdf-doc-7.1.1-1.mga6
lib64qpdf18-7.1.1-1.mga6
lib64qpdf-devel-7.1.1-1.mga6

from qpdf-7.1.1-1.mga6.src.rpm
Stig-Ørjan Smelror 2018-02-20 12:07:12 CET

Assignee: pkg-bugs => qa-bugs

Comment 3 Stig-Ørjan Smelror 2018-02-20 17:14:52 CET
Advisory
========

Qpdf has been updated to the latest version to fix several security issues.

- Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
- Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
- Stack out of bounds read in iterate_rc4()
- heap out of bounds read (large) in Pl_Buffer::write
- Hang due to a pdf xref loop

Also, the cups-filters package has been rebuilt for the new qpdf.


References
==========
http://openwall.com/lists/oss-security/2018/02/13/2

Files
=====

The following files have been uploaded to core/updates_testing

qpdf-7.1.1-1.mga6
qpdf-doc-7.1.1-1.mga6
lib64qpdf18-7.1.1-1.mga6
lib64qpdf-devel-7.1.1-1.mga6

from qpdf-7.1.1-1.mga6.src.rpm

cups-filters-1.13.4-2.2.mga6
lib64cups-filters-devel-1.13.4-2.2.mga6
lib64cups-filters1-1.13.4-2.2.mga6

from cups-filters-1.13.4-2.2.mga6.src.rpm
Comment 4 Len Lawrence 2018-02-20 18:57:43 CET
Mageia 6 :: x86_64

This report was a bit lengthy so I have attached it.
The upshot is that qpdf looks good for 64 bits.

CC: (none) => tarazed25

Len Lawrence 2018-02-20 18:58:11 CET

Whiteboard: (none) => MGA6-64-OK

Comment 5 Len Lawrence 2018-02-20 18:59:41 CET
Created attachment 9997 [details]
POC tests and quick tests of qpdf
Len Lawrence 2018-02-22 01:35:06 CET

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Dave Hodgins 2018-02-22 19:54:36 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Thomas Backlund 2018-02-22 21:09:45 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0131.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
CC: (none) => tmb

Comment 7 Mageia Robot 2018-02-23 18:15:27 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0131.html
David Walser 2018-02-24 18:42:50 CET

Blocks: (none) => 22648


Note You need to log in before you can comment on or make changes to this bug.