openSUSE Security Update : mupdf (openSUSE-2017-196)
High Nessus Plugin ID 96999
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for mupdf to version 1.10a fixes the following issues :
These security issues were fixed :
- CVE-2016-10132: NULL pointer dereference in regexp because of a missing check after allocating memory allowing for DoS (bsc#1019877).
- CVE-2016-10133: Heap buffer overflow write in js_stackoverflow allowing for DoS or possible code execution (bsc#1019877).
- CVE-2016-10141: An integer overflow vulnerability triggered by a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition (bsc#1019877).
These non-security issues were fixed :
- A bug with mutool and saving PDF files using the 'ascii' option has been fixed.
- Stop defining OPJ_STATIC
SolutionUpdate the affected mupdf packages.