Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in QPDF
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in QPDF
ID: USN-6713-1
Distribution: Ubuntu
Plattformen: Ubuntu 23.10
Datum: Mo, 25. März 2024, 18:21
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24246
Applikationen: qpdf

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7672245985258735096==
Content-Language: en-CA
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------OdBAPbcaINL9Wfvwfmj9WKKK"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------OdBAPbcaINL9Wfvwfmj9WKKK
Content-Type: multipart/mixed;
boundary="------------vZQ8gG7wbqVAw9fmaxiDoL5M";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <82d4f204-37a4-4075-a192-701dc58f6774@canonical.com>
Subject: [USN-6713-1] QPDF vulnerability

--------------vZQ8gG7wbqVAw9fmaxiDoL5M
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-6713-1
March 25, 2024

qpdf vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10

Summary:

QPDF could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- qpdf: tools for transforming and inspecting PDF files

Details:

It was discovered that QPDF incorrectly handled certain memory operations
when decoding JSON files. If a user or automated system were tricked into
processing a specially crafted JSON file, QPDF could be made to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
libqpdf29 11.5.0-1ubuntu1.1
qpdf 11.5.0-1ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6713-1
CVE-2024-24246

Package Information:
https://launchpad.net/ubuntu/+source/qpdf/11.5.0-1ubuntu1.1

--------------vZQ8gG7wbqVAw9fmaxiDoL5M--

--------------OdBAPbcaINL9Wfvwfmj9WKKK
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmYBd1UACgkQZWnYVadE
vpNqRg/+PRn3lhUE2c7cTUYDetBMoB4S3huB+CuF8by95FspcSrXBqzdzxqu3rYU
LYOdqplA4FpVSX7Tk4UGx03AaCFT4B776BwT1wpQuYl2I8oUXPUnKi6YkY9Dv7+H
cDp4Bs022LCVLzMwzLgMdV9b2hP2NNPX/GoGVaM7lMlHTOndq6qHi2JtVcAU9QWq
8PE+YhrR2v04cV6wHkOzwYpofgE2XO1a2Kj8tzdvVuR1MRRE/oHM7Mtt2tV6iKnb
GdYucAkTcGtgncxYa3hTgQ6/r6IqW0Zdv8RlZsVnj3NAEabb/ZYLbWPl3FC1fR2H
pNxMAUx5Knh4WEVVSEPbJ59v2VE5E3Cef9G3+YrtVTowmuLlSIEq7t2o+mFeL5Te
wlRYZPFAj77u0uAg7R5XCV9uEmj3fENJW6s2kecxuQLdGJyb7mhW86TKCkgG/Jw2
RDTxbYa/NaLuXMc2iojFex22n6AXDl9XWLj+D/q7BXxb5UcXzVFRhzrAF5Tzihw8
Q+CAjikwbFIXSnX3+bI1G6WfifqN6pyJ/KcdqXkEgMGYhNed1qOEtjw8AeLy6KbQ
50izfJ3yU8JzPVW56OLMVDhZr1sEN8jesfjPVRwEy4A+giMDOCpDpg/7FSnqwS7+
StdDRg7B0Qy+RuoQij4ehFyVRO5xwe5R2M1XF+/FSCT76jV4kfc=
=xVCl
-----END PGP SIGNATURE-----

--------------OdBAPbcaINL9Wfvwfmj9WKKK--


--===============7672245985258735096==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============7672245985258735096==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung