Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726).
- CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc (bsc#1213888).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
libpoppler-cpp0-22.01.0-150400.3.16.1
libpoppler-devel-22.01.0-150400.3.16.1
libpoppler-glib-devel-22.01.0-150400.3.16.1
libpoppler-glib8-22.01.0-150400.3.16.1
libpoppler117-22.01.0-150400.3.16.1
poppler-tools-22.01.0-150400.3.16.1
typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
libpoppler-cpp0-22.01.0-150400.3.16.1
libpoppler-devel-22.01.0-150400.3.16.1
libpoppler-glib8-32bit-22.01.0-150400.3.16.1
libpoppler-qt5-1-22.01.0-150400.3.16.1
libpoppler-qt5-devel-22.01.0-150400.3.16.1
libpoppler117-32bit-22.01.0-150400.3.16.1
SUSE Linux Enterprise Workstation Extension 15 SP5
libpoppler117-22.01.0-150400.3.16.1
openSUSE Leap 15.4
libpoppler-cpp0-22.01.0-150400.3.16.1
libpoppler-cpp0-32bit-22.01.0-150400.3.16.1
libpoppler-devel-22.01.0-150400.3.16.1
libpoppler-glib-devel-22.01.0-150400.3.16.1
libpoppler-glib8-22.01.0-150400.3.16.1
libpoppler-glib8-32bit-22.01.0-150400.3.16.1
libpoppler-qt5-1-22.01.0-150400.3.16.1
libpoppler-qt5-1-32bit-22.01.0-150400.3.16.1
libpoppler-qt5-devel-22.01.0-150400.3.16.1
libpoppler-qt6-3-22.01.0-150400.3.16.1
libpoppler-qt6-devel-22.01.0-150400.3.16.1
libpoppler117-22.01.0-150400.3.16.1
libpoppler117-32bit-22.01.0-150400.3.16.1
poppler-tools-22.01.0-150400.3.16.1
typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1
Ссылки
- Link for SUSE-SU-2023:4363-1
- E-Mail link for SUSE-SU-2023:4363-1
- SUSE Security Ratings
- SUSE Bug 1213888
- SUSE Bug 1214726
- SUSE CVE CVE-2022-37052 page
- SUSE CVE CVE-2023-34872 page
Описание
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-cpp0-22.01.0-150400.3.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-devel-22.01.0-150400.3.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib-devel-22.01.0-150400.3.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib8-22.01.0-150400.3.16.1
Ссылки
- CVE-2022-37052
- SUSE Bug 1214726
Описание
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-cpp0-22.01.0-150400.3.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-devel-22.01.0-150400.3.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib-devel-22.01.0-150400.3.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib8-22.01.0-150400.3.16.1
Ссылки
- CVE-2023-34872
- SUSE Bug 1213888