Branch sisyphus update bulletin.

Package keepalived updated to version 2.0.11-alt1 for branch sisyphus in task 219656.

segfaults when reading config (and is a core dump bomb)

Package qpdf updated to version 8.3.0-alt1 for branch sisyphus in task 219654.

Published: 2018-10-06
Modified: 2024-11-21

CVE-2018-18020

In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.

Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

https://github.com/qpdf/qpdf/issues/243
https://github.com/qpdf/qpdf/issues/243
[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update
[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update

Version: 2.1.0

Branch sisyphus update on 2019-01-20

ALT-BU-2019-3446-1

ALT-PU-2019-1082-1

Closed bugs

Bug #33349

ALT-PU-2019-1083-1

Closed vulnerabilities

CVE-2018-18020