Описание
Security update for perl-Spreadsheet-ParseXLSX
This update for perl-Spreadsheet-ParseXLSX fixes the following issues:
Updated to 0.29:
see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes
0.29:
- Fix for 'Argument '' isn't numeric in addition (+) at /usr/local/shar…
- Incorrect cell values due to phonetic data doy#72
- Fix die message in parse()
- Cannot open password protected SHA1 encrypted files. doy#68
- use date format detection based on Spreadsheet::XLSX
- Add rudimentary support for hyperlinks in cells
0.28:
-
CVE-2024-22368: out-of-memory condition during parsing of a crafted XLSX document (boo#1218651)
-
Fix possible memory bomb as reported in https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
-
Updated Dist::Zilla configuration fixing deprecation warnings
Список пакетов
SUSE Package Hub 15 SP5
perl-Spreadsheet-ParseXLSX-0.290.0-bp155.2.3.1
openSUSE Leap 15.5
perl-Spreadsheet-ParseXLSX-0.290.0-bp155.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2024:0021-1
- SUSE Security Ratings
- SUSE Bug 1218651
- SUSE CVE CVE-2024-22368 page
Описание
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.
Затронутые продукты
SUSE Package Hub 15 SP5:perl-Spreadsheet-ParseXLSX-0.290.0-bp155.2.3.1
openSUSE Leap 15.5:perl-Spreadsheet-ParseXLSX-0.290.0-bp155.2.3.1
Ссылки
- CVE-2024-22368
- SUSE Bug 1218651