-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmYBd1UACgkQZWnYVadE
vpNqRg/+PRn3lhUE2c7cTUYDetBMoB4S3huB+CuF8by95FspcSrXBqzdzxqu3rYU
LYOdqplA4FpVSX7Tk4UGx03AaCFT4B776BwT1wpQuYl2I8oUXPUnKi6YkY9Dv7+H
cDp4Bs022LCVLzMwzLgMdV9b2hP2NNPX/GoGVaM7lMlHTOndq6qHi2JtVcAU9QWq
8PE+YhrR2v04cV6wHkOzwYpofgE2XO1a2Kj8tzdvVuR1MRRE/oHM7Mtt2tV6iKnb
GdYucAkTcGtgncxYa3hTgQ6/r6IqW0Zdv8RlZsVnj3NAEabb/ZYLbWPl3FC1fR2H
pNxMAUx5Knh4WEVVSEPbJ59v2VE5E3Cef9G3+YrtVTowmuLlSIEq7t2o+mFeL5Te
wlRYZPFAj77u0uAg7R5XCV9uEmj3fENJW6s2kecxuQLdGJyb7mhW86TKCkgG/Jw2
RDTxbYa/NaLuXMc2iojFex22n6AXDl9XWLj+D/q7BXxb5UcXzVFRhzrAF5Tzihw8
Q+CAjikwbFIXSnX3+bI1G6WfifqN6pyJ/KcdqXkEgMGYhNed1qOEtjw8AeLy6KbQ
50izfJ3yU8JzPVW56OLMVDhZr1sEN8jesfjPVRwEy4A+giMDOCpDpg/7FSnqwS7+
StdDRg7B0Qy+RuoQij4ehFyVRO5xwe5R2M1XF+/FSCT76jV4kfc=
=xVCl
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6713-1
March 25, 2024
qpdf vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
QPDF could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- qpdf: tools for transforming and inspecting PDF files
Details:
It was discovered that QPDF incorrectly handled certain memory operations
when decoding JSON files. If a user or automated system were tricked into
processing a specially crafted JSON file, QPDF could be made to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
libqpdf29 11.5.0-1ubuntu1.1
qpdf 11.5.0-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6713-1
CVE-2024-24246
Package Information:
https://launchpad.net/ubuntu/+source/qpdf/11.5.0-1ubuntu1.1
No comments:
Post a Comment