SUSE-SU-2023:3998-1

Опубликовано: 06 окт. 2023

Источник: suse-cvrf

Описание

Security update for poppler

This update for poppler fixes the following issues:

CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422).
CVE-2020-36024: Fixed NULL Pointer Deference in FoFiType1C:convertToType1 (bsc#1214257).
CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622).
CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621).
CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618).

Список пакетов

SUSE Enterprise Storage 7.1

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

SUSE Linux Enterprise Module for Basesystem 15 SP4

libpoppler89-0.79.0-150200.3.21.2

SUSE Linux Enterprise Module for Basesystem 15 SP5

libpoppler89-0.79.0-150200.3.21.2

SUSE Linux Enterprise Server 15 SP2-LTSS

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

SUSE Linux Enterprise Server 15 SP3-LTSS

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

SUSE Manager Proxy 4.2

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

SUSE Manager Server 4.2

libpoppler-cpp0-0.79.0-150200.3.21.2

libpoppler-devel-0.79.0-150200.3.21.2

libpoppler-glib-devel-0.79.0-150200.3.21.2

libpoppler-glib8-0.79.0-150200.3.21.2

libpoppler89-0.79.0-150200.3.21.2

poppler-tools-0.79.0-150200.3.21.2

typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2

openSUSE Leap 15.4

libpoppler89-0.79.0-150200.3.21.2

libpoppler89-32bit-0.79.0-150200.3.21.2

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233998-1/
Link for SUSE-SU-2023:3998-1
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016563.html
E-Mail link for SUSE-SU-2023:3998-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1214257
SUSE Bug 1214257
https://bugzilla.suse.com/1214618
SUSE Bug 1214618
https://bugzilla.suse.com/1214621
SUSE Bug 1214621
https://bugzilla.suse.com/1214622
SUSE Bug 1214622
https://bugzilla.suse.com/1215422
SUSE Bug 1215422
https://www.suse.com/security/cve/CVE-2020-23804/
SUSE CVE CVE-2020-23804 page
https://www.suse.com/security/cve/CVE-2020-36024/
SUSE CVE CVE-2020-36024 page
https://www.suse.com/security/cve/CVE-2022-37050/
SUSE CVE CVE-2022-37050 page
https://www.suse.com/security/cve/CVE-2022-37051/
SUSE CVE CVE-2022-37051 page
https://www.suse.com/security/cve/CVE-2022-38349/
SUSE CVE CVE-2022-38349 page

Описание

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

Затронутые продукты

SUSE Enterprise Storage 7.1:libpoppler-cpp0-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib8-0.79.0-150200.3.21.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-23804.html
CVE-2020-23804
https://bugzilla.suse.com/1215422
SUSE Bug 1215422
https://bugzilla.suse.com/1217562
SUSE Bug 1217562
https://bugzilla.suse.com/1225040
SUSE Bug 1225040

Описание

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

Затронутые продукты

SUSE Enterprise Storage 7.1:libpoppler-cpp0-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib8-0.79.0-150200.3.21.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-36024.html
CVE-2020-36024
https://bugzilla.suse.com/1214257
SUSE Bug 1214257
https://bugzilla.suse.com/1225040
SUSE Bug 1225040

Описание

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.

Затронутые продукты

SUSE Enterprise Storage 7.1:libpoppler-cpp0-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib8-0.79.0-150200.3.21.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-37050.html
CVE-2022-37050
https://bugzilla.suse.com/1214622
SUSE Bug 1214622
https://bugzilla.suse.com/1225040
SUSE Bug 1225040

Описание

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

Затронутые продукты

SUSE Enterprise Storage 7.1:libpoppler-cpp0-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib8-0.79.0-150200.3.21.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-37051.html
CVE-2022-37051
https://bugzilla.suse.com/1214621
SUSE Bug 1214621
https://bugzilla.suse.com/1225040
SUSE Bug 1225040

Описание

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

Затронутые продукты

SUSE Enterprise Storage 7.1:libpoppler-cpp0-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib-devel-0.79.0-150200.3.21.2

SUSE Enterprise Storage 7.1:libpoppler-glib8-0.79.0-150200.3.21.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-38349.html
CVE-2022-38349
https://bugzilla.suse.com/1214618
SUSE Bug 1214618
https://bugzilla.suse.com/1225040
SUSE Bug 1225040

SUSE-SU-2023:3998-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Manager Proxy 4.2

SUSE Manager Server 4.2

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2020-23804

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-36024

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-37050

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-37051

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-38349

Описание

Затронутые продукты

Ссылки