Описание
Security update for cmark
This update for cmark fixes the following issues:
- CVE-2023-22486: Fixed quadratic complexity in handle_close_bracket may lead to a denial of service (bsc#1207674).
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP4
libcmark0_30_2-0.30.2-150400.3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
cmark-0.30.2-150400.3.3.1
openSUSE Leap 15.4
cmark-0.30.2-150400.3.3.1
cmark-devel-0.30.2-150400.3.3.1
libcmark0_30_2-0.30.2-150400.3.3.1
Ссылки
- Link for SUSE-SU-2023:1834-1
- E-Mail link for SUSE-SU-2023:1834-1
- SUSE Security Ratings
- SUSE Bug 1207674
- SUSE CVE CVE-2023-22486 page
Описание
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP4:libcmark0_30_2-0.30.2-150400.3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP4:cmark-0.30.2-150400.3.3.1
openSUSE Leap 15.4:cmark-0.30.2-150400.3.3.1
openSUSE Leap 15.4:cmark-devel-0.30.2-150400.3.3.1
Ссылки
- CVE-2023-22486
- SUSE Bug 1207674