SUSE-SU-2023:0495-1

Опубликовано: 23 фев. 2023

Источник: suse-cvrf

Описание

Security update for poppler

This update for poppler fixes the following issues:

CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP4

libpoppler-cpp0-22.01.0-150400.3.3.1

libpoppler-devel-22.01.0-150400.3.3.1

libpoppler-glib-devel-22.01.0-150400.3.3.1

libpoppler-glib8-22.01.0-150400.3.3.1

libpoppler117-22.01.0-150400.3.3.1

poppler-tools-22.01.0-150400.3.3.1

typelib-1_0-Poppler-0_18-22.01.0-150400.3.3.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

libpoppler-cpp0-22.01.0-150400.3.3.1

libpoppler-devel-22.01.0-150400.3.3.1

libpoppler-qt5-1-22.01.0-150400.3.3.1

libpoppler-qt5-devel-22.01.0-150400.3.3.1

openSUSE Leap 15.4

libpoppler-cpp0-22.01.0-150400.3.3.1

libpoppler-cpp0-32bit-22.01.0-150400.3.3.1

libpoppler-devel-22.01.0-150400.3.3.1

libpoppler-glib-devel-22.01.0-150400.3.3.1

libpoppler-glib8-22.01.0-150400.3.3.1

libpoppler-glib8-32bit-22.01.0-150400.3.3.1

libpoppler-qt5-1-22.01.0-150400.3.3.1

libpoppler-qt5-1-32bit-22.01.0-150400.3.3.1

libpoppler-qt5-devel-22.01.0-150400.3.3.1

libpoppler-qt6-3-22.01.0-150400.3.3.1

libpoppler-qt6-devel-22.01.0-150400.3.3.1

libpoppler117-22.01.0-150400.3.3.1

libpoppler117-32bit-22.01.0-150400.3.3.1

poppler-tools-22.01.0-150400.3.3.1

typelib-1_0-Poppler-0_18-22.01.0-150400.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230495-1/
Link for SUSE-SU-2023:0495-1
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013872.html
E-Mail link for SUSE-SU-2023:0495-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1202692
SUSE Bug 1202692
https://www.suse.com/security/cve/CVE-2022-38784/
SUSE CVE CVE-2022-38784 page

Описание

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-cpp0-22.01.0-150400.3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-devel-22.01.0-150400.3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib-devel-22.01.0-150400.3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib8-22.01.0-150400.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-38784.html
CVE-2022-38784
https://bugzilla.suse.com/1202692
SUSE Bug 1202692
https://bugzilla.suse.com/1203392
SUSE Bug 1203392
https://bugzilla.suse.com/1225040
SUSE Bug 1225040

SUSE-SU-2023:0495-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Package Hub 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-38784

Описание

Затронутые продукты

Ссылки