Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3446 mupdf security update 5 November 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mupdf Publisher: Debian Operating System: Debian GNU/Linux 9 Linux variants Windows Apple iOS Android Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-1000040 CVE-2018-1000037 CVE-2018-6192 CVE-2018-6187 CVE-2018-5686 CVE-2017-17866 Original Bulletin: http://www.debian.org/security/2018/dsa-4334 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running mupdf check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4334-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mupdf CVE ID : CVE-2017-17866 CVE-2018-5686 CVE-2018-6187 CVE-2018-6192 CVE-2018-1000037 CVE-2018-1000040 Multiple vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer which could result in denial of service or the execution of arbitrary code if malformed documents are opened. For the stable distribution (stretch), these problems have been fixed in version 1.9a+ds1-4+deb9u4. We recommend that you upgrade your mupdf packages. For the detailed security status of mupdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mupdf Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvfZTUACgkQEMKTtsN8 Tja0rw//RwBZDEq1mzdz/fkBd6bz/F7tgFD35FmFJLpBirVgsDCxGalBUVmcNA0z e26I/vohg6DgRNulBnZB+6OcCPkIdSRm7kiA+3rLLwjye+epnrE9JTix6WbjC4Ca GUgK0Smbu4mdCnLowzSucL6hLQkptx2NGsXLh+g8VgQ5Df6UI1zsNuxPif8U40nK zDtaKO1ex2b97W4u9burN1lsyxcnIjV4PDJVHy3NVEFhlz69hoHI2Z3u0tCNsNeK Ouyrjk7KgllWvYWCYzRpjKEzdtvOhuLfz9fdRW74uL+TXI4diOB4i3JZayzsd29F 2L+QzN3GqM8jmiHUmTqLvDoeJb3N9TIpE7JhSj9kIwEdpo7K4WR2rvjSTIEltKbY 6Smkp5wmWu0GV5Ogo6NNYEJOHCHDKRx7H4ngp1lA7D5zGe7AgxeRflRGxzrU/xo+ sc4eSpzFnF3Jz0LYJruZx2P37QXwG03HMNn5xNcwbWfB3cor1ehEup/hYZEpnmSo 1dphDlHYNnzDAeVQiCUK2TCkBnDSE5h1jZtprJom4S8T0gRnUQbogGF3IMResGU8 BrqwX+14VyZSe8Eib4Svphsd5ZjwsPOEKQyE4qhugF/ew7vUu8h8ItnBx35kjlFj uaIzmo5LwPFx5KKqSffBVlaD+zbG+Jgg3kUvLyzO6/l2Xq8mFDk= =Xd5e - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW9+J/GaOgq3Tt24GAQhnVRAAvERwxNSBJBXGvQXdMcOTUZT2tpcM6I5h L3SQE4Jxh/tKS2HJFlY7WpWSlXmPy3KlbV2h3FFZq0PF1uw73b2vXQb646QByvLd p2m2Z0k4xuRTowBf5JgdXeo/T/6SaK+7eVIKuccu1wsyO2Gl+nge6SJ9TGldF20/ RGh47MfChinkQYyeuw41N1mltv6MWwNzFCLtSoVCT/2F4gYuNLSOViQXDg4xJTgZ S3yJKJQv0UFksL6acZdOPc2VAsBB4kLDS3szMNVOvkGvhEaBavI5Qtx66xhLUDlL kUaDvmwDRiadacUgZdYcWkOm30/EfMs1him+WU37L73BbBRG1kxrKiOiIjHWm93r x0Oy6KWkYm3bxILeG6K3F2zdQhahPG7USw06McFATxp6weZyW+bbF2eSp1Y5J+cS ANRZDkQRaG30CKodQM2mQSOMDsGTbi+Fi81F2KF1lqnxs5Ba3lWQLcFE78eFHmrx PZkmqVn1AdxDM1tClmWnMKfvXOUof0EzjJWyg+sapYX8vetGB99apkLeGwtdPkLM XekfDcKkDh7V906E9KL9qN1BjtrHkgxbtQoe3UtqZLWqiB0MTuaVu3ILuA4aJxYT VESo9X+7pVQz3LnBcIXSUmKgSL+jDezN7oyvbLgi7hdItj/9zkv9f6p8uHICDh30 uxUn9EqzCyA= =es0E -----END PGP SIGNATURE-----