Ubuntu Security Notice USN-6713-1 ≈ Packet Storm

Roger Wilco Alertes 25 mars 2024 Affichages : 39

Home ^[1] Files ^[2] News ^[3] &[SERVICES_TAB] Contact ^[4] Add New ^[5]

Ubuntu Security Notice USN-6713-1^[6]: Authored by Ubuntu ^[7] | Site security.ubuntu.com ^[8]; Ubuntu Security Notice 6713-1 - It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked into processing a specially crafted JSON file, QPDF could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.; systems | linux ^[9], ubuntu ^[10]; advisories | CVE-2024-24246 ^[11]; SHA-256 | 8599d683e2b4517e16898898180dc7a0b2cdc7ba2174e82a8a13679c86f88304; Download ^[12] | Favorite ^[13] | View ^[14]

        ==========================================================================
Ubuntu Security Notice USN-6713-1
March 25, 2024
qpdf vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
QPDF could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- qpdf: tools for transforming and inspecting PDF files
Details:
It was discovered that QPDF incorrectly handled certain memory operations
when decoding JSON files. If a user or automated system were tricked into
processing a specially crafted JSON file, QPDF could be made to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
libqpdf29                       11.5.0-1ubuntu1.1
qpdf                            11.5.0-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6713-1
CVE-2024-24246
Package Information:
https://launchpad.net/ubuntu/+source/qpdf/11.5.0-1ubuntu1.1