[SECURITY] [DLA 3548-1] qpdf security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3548-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
August 29, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : qpdf
Version : 8.4.0-2+deb10u1
CVE ID : CVE-2018-18020 CVE-2021-25786 CVE-2021-36978
Several issues have been found in qpdf, a package with tools for
transforming and inspecting PDF files.
Crafted files may enable remote attackers to execute arbitrary code or
create recursive calls for a long time, which causes a denial of service.
Further a heap-based buffer overflow might occur when a certain downstream
write fails.
For Debian 10 buster, these problems have been fixed in version
8.4.0-2+deb10u1.
We recommend that you upgrade your qpdf packages.
For the detailed security status of qpdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qpdf
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmTuXcZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfdNw/+IPtc+zufCXNipcVcKALqGl2ZaRYbffBfrUhL+DAa/x7T2oXwZJiHROHp
kR6XpyK2DzvntIjpAWpYCtnCjYmTEZoH1iRdVcwhCz9Excis0vKEVnNNHA/ssPCw
NVmQ/AEwPNsVtwNZBhCLkBzeupSk7r5Lte9aBk4vlJPKfsreGrTfrLTvfGcKQSQ+
aw6u27/g7A3C4NER1/5fb0oVbHnqbIr9W93w50Pyns7xDqg90nX5BsidLlxZXvnj
JFhXunrIjgXNG4Xr+4MtgIU3lbp1NF2hhCxw79geqmsv29moxSsQG2R2Q5q9Oh5E
IXctlDlSOUCR+Ei/Qe0E637LnQ+nDyT3bIWRI1Kx3ud40bDzEMOwaatYnyiuKX67
XAQsOQg2pEpe21/tciVwL1cxlJlW8bx3NWdtqoAqo4KWtUshBjCbLvU2pJff0G5/
JbIPzPfAw5uyXahn/ISWhRn05O4jDUnIQVlWoteQA0l9xQBxL/Ycn0lv1DsPytBm
hpEYhla9VCnLNvXdAvU+7RBRMi6YjCqaABCj4aAl6m6GDMScJ/M+CxHTKfhh4Rtq
j2mg7ReyULXOFYEMfAeeKsC7L9zmLKQK22bY8rixLDNd3QMN4EsZjAmEuhvZBENW
kJx5/335gwKbvo9lOtft9L/oMEt8CD3XlhsZtnxZJ7JzQSEGHtQ=
=XF8F
-----END PGP SIGNATURE-----
Reply to: