[SECURITY] [DLA 3548-1] qpdf security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3548-1] qpdf security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 29 Aug 2023 21:06:14 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2308292102050.13615@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3548-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
August 29, 2023                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : qpdf
Version        : 8.4.0-2+deb10u1
CVE ID         : CVE-2018-18020 CVE-2021-25786 CVE-2021-36978

Several issues have been found in qpdf, a package with tools fortransforming and inspecting PDF files.Crafted files may enable remote attackers to execute arbitrary code orcreate recursive calls for a long time, which causes a denial of service.Further a heap-based buffer overflow might occur when a certain downstreamwrite fails.



For Debian 10 buster, these problems have been fixed in version
8.4.0-2+deb10u1.

We recommend that you upgrade your qpdf packages.

For the detailed security status of qpdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qpdf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmTuXcZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfdNw/+IPtc+zufCXNipcVcKALqGl2ZaRYbffBfrUhL+DAa/x7T2oXwZJiHROHp
kR6XpyK2DzvntIjpAWpYCtnCjYmTEZoH1iRdVcwhCz9Excis0vKEVnNNHA/ssPCw
NVmQ/AEwPNsVtwNZBhCLkBzeupSk7r5Lte9aBk4vlJPKfsreGrTfrLTvfGcKQSQ+
aw6u27/g7A3C4NER1/5fb0oVbHnqbIr9W93w50Pyns7xDqg90nX5BsidLlxZXvnj
JFhXunrIjgXNG4Xr+4MtgIU3lbp1NF2hhCxw79geqmsv29moxSsQG2R2Q5q9Oh5E
IXctlDlSOUCR+Ei/Qe0E637LnQ+nDyT3bIWRI1Kx3ud40bDzEMOwaatYnyiuKX67
XAQsOQg2pEpe21/tciVwL1cxlJlW8bx3NWdtqoAqo4KWtUshBjCbLvU2pJff0G5/
JbIPzPfAw5uyXahn/ISWhRn05O4jDUnIQVlWoteQA0l9xQBxL/Ycn0lv1DsPytBm
hpEYhla9VCnLNvXdAvU+7RBRMi6YjCqaABCj4aAl6m6GDMScJ/M+CxHTKfhh4Rtq
j2mg7ReyULXOFYEMfAeeKsC7L9zmLKQK22bY8rixLDNd3QMN4EsZjAmEuhvZBENW
kJx5/335gwKbvo9lOtft9L/oMEt8CD3XlhsZtnxZJ7JzQSEGHtQ=
=XF8F
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3547-1] tryton-server security update
Next by Date: [SECURITY] [DLA 3549-1] ring security update
Previous by thread: [SECURITY] [DLA 3547-1] tryton-server security update
Next by thread: [SECURITY] [DLA 3549-1] ring security update
Index(es):
- Date
- Thread