1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4152-1] mupdf security update

    From Luciano Bello@1:229/2 to All on Tue Mar 27 20:00:02 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4152-1 [email protected] https://www.debian.org/security/ Luciano Bello
    March 27, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : mupdf
    CVE ID : CVE-2018-6544 CVE-2018-1000051
    Debian Bug : 891245

    Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book
    viewer, which may result in denial of service or remote code execution.
    An attacker can craft a PDF document which, when opened in the victim
    host, might consume vast amounts of memory, crash the program, or, in
    some cases, execute code in the context in which the application is
    running.

    For the oldstable distribution (jessie), these problems have been fixed
    in version 1.5-1+deb8u4.

    For the stable distribution (stretch), these problems have been fixed in version 1.9a+ds1-4+deb9u3.

    We recommend that you upgrade your mupdf packages.

    For the detailed security status of mupdf please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/mupdf

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlq6g4QACgkQbsLe9o/+ N3Susg/9G1OrrHcEbHNoaio0T0Wuf/v0ppoC3Lup+I4DR5zMeRTZJaqvyZlyBpWb P6EWGS35/+r3kL/+IY5FQUrB+UoYyM85DNHG+5/5/pmbO1SrQuBECs+btgEgAtWL A9cTnT7sFAGSUWIuGxu07WZdzxlPTb7ZQLoWvekYU+AObNdWCaJuON6qepKwFsUM 8Cqmx2M1G0kPVzRIrivoNuQV2gwSG2l26pMNAJqPwZzY0fYCizZsIyDy+AA1Yiuc H7Nwb5xtl2QOLP4MtyQ9Oy3skOA2DGvKGkSxTBAYhOMl43814W3TpXeHz4ZJlTIa TTMHbXOQuFOnIxe4s2dXwCXKOhwdswmUoLSuyvVcsWFdN3tZfQzC254L/oS7lBZN RRxqXQNHZ0Vzr4Sgp1dKA9y1+IFgWuqdCW6h3LATROq0Kd9OZ2UlL9q9PJvXsJ9p DI5DDH8WAMcgukUkbRGM/JapGcdtFVmQTdulnJ5qs9swJfajWhlCgrueWlsfvfjm BYJI7JyWgs1wh0hmCwxK13JbSEAIxB0jJ6fLWioAuHGfOMZppxG0FN30fJpOWEEd xiF8r8T6+hLXl7ynDH/3D29kNIv/qKskvrPw7VFYUjPA+EIo4kNx/3RnoBA8P9Jd FQjaz/m64uT6WFvu1Gr3Qex9meUb7M32XdbDQ2bR3vT70p+T5Eo=
    =GrpD
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)