Red Hat Security Advisory 2023-2259-01

Red Hat Security Advisory 2023-2259-01: Posted May 9, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2259-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. Issues addressed include an integer overflow vulnerability.; tags | advisory, overflow; systems | linux, redhat; advisories | CVE-2022-38784; SHA-256 | ee5484dc4d248c9ac2956f6329ac181de066b5c1c6628e8574cf5684c7a85d16; Download | Favorite | View

Red Hat Security Advisory 2023-2259-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: poppler security and bug fix update
Advisory ID:       RHSA-2023:2259-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2259
Issue date:        2023-05-09
CVE Names:         CVE-2022-38784
====================================================================
1. Summary:

An update for poppler is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.

Security Fix(es):

* poppler: integer overflow in JBIG2 decoder using malformed files
(CVE-2022-38784)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2124527 - CVE-2022-38784 poppler: integer overflow in JBIG2 decoder using malformed files
2144768 - Please add various devel packages to CRB 9 to build Scribus in EPEL

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
poppler-21.01.0-14.el9.src.rpm

aarch64:
poppler-21.01.0-14.el9.aarch64.rpm
poppler-cpp-21.01.0-14.el9.aarch64.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-debugsource-21.01.0-14.el9.aarch64.rpm
poppler-glib-21.01.0-14.el9.aarch64.rpm
poppler-glib-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-qt5-21.01.0-14.el9.aarch64.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-utils-21.01.0-14.el9.aarch64.rpm
poppler-utils-debuginfo-21.01.0-14.el9.aarch64.rpm

ppc64le:
poppler-21.01.0-14.el9.ppc64le.rpm
poppler-cpp-21.01.0-14.el9.ppc64le.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-debugsource-21.01.0-14.el9.ppc64le.rpm
poppler-glib-21.01.0-14.el9.ppc64le.rpm
poppler-glib-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-qt5-21.01.0-14.el9.ppc64le.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-utils-21.01.0-14.el9.ppc64le.rpm
poppler-utils-debuginfo-21.01.0-14.el9.ppc64le.rpm

s390x:
poppler-21.01.0-14.el9.s390x.rpm
poppler-cpp-21.01.0-14.el9.s390x.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-debugsource-21.01.0-14.el9.s390x.rpm
poppler-glib-21.01.0-14.el9.s390x.rpm
poppler-glib-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-qt5-21.01.0-14.el9.s390x.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-utils-21.01.0-14.el9.s390x.rpm
poppler-utils-debuginfo-21.01.0-14.el9.s390x.rpm

x86_64:
poppler-21.01.0-14.el9.i686.rpm
poppler-21.01.0-14.el9.x86_64.rpm
poppler-cpp-21.01.0-14.el9.i686.rpm
poppler-cpp-21.01.0-14.el9.x86_64.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.i686.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-debuginfo-21.01.0-14.el9.i686.rpm
poppler-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-debugsource-21.01.0-14.el9.i686.rpm
poppler-debugsource-21.01.0-14.el9.x86_64.rpm
poppler-glib-21.01.0-14.el9.i686.rpm
poppler-glib-21.01.0-14.el9.x86_64.rpm
poppler-glib-debuginfo-21.01.0-14.el9.i686.rpm
poppler-glib-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-qt5-21.01.0-14.el9.i686.rpm
poppler-qt5-21.01.0-14.el9.x86_64.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.i686.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-utils-21.01.0-14.el9.x86_64.rpm
poppler-utils-debuginfo-21.01.0-14.el9.i686.rpm
poppler-utils-debuginfo-21.01.0-14.el9.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:
poppler-cpp-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-cpp-devel-21.01.0-14.el9.aarch64.rpm
poppler-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-debugsource-21.01.0-14.el9.aarch64.rpm
poppler-devel-21.01.0-14.el9.aarch64.rpm
poppler-glib-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-glib-devel-21.01.0-14.el9.aarch64.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-qt5-devel-21.01.0-14.el9.aarch64.rpm
poppler-utils-debuginfo-21.01.0-14.el9.aarch64.rpm

ppc64le:
poppler-cpp-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-cpp-devel-21.01.0-14.el9.ppc64le.rpm
poppler-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-debugsource-21.01.0-14.el9.ppc64le.rpm
poppler-devel-21.01.0-14.el9.ppc64le.rpm
poppler-glib-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-glib-devel-21.01.0-14.el9.ppc64le.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-qt5-devel-21.01.0-14.el9.ppc64le.rpm
poppler-utils-debuginfo-21.01.0-14.el9.ppc64le.rpm

s390x:
poppler-cpp-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-cpp-devel-21.01.0-14.el9.s390x.rpm
poppler-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-debugsource-21.01.0-14.el9.s390x.rpm
poppler-devel-21.01.0-14.el9.s390x.rpm
poppler-glib-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-glib-devel-21.01.0-14.el9.s390x.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-qt5-devel-21.01.0-14.el9.s390x.rpm
poppler-utils-debuginfo-21.01.0-14.el9.s390x.rpm

x86_64:
poppler-cpp-debuginfo-21.01.0-14.el9.i686.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-cpp-devel-21.01.0-14.el9.i686.rpm
poppler-cpp-devel-21.01.0-14.el9.x86_64.rpm
poppler-debuginfo-21.01.0-14.el9.i686.rpm
poppler-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-debugsource-21.01.0-14.el9.i686.rpm
poppler-debugsource-21.01.0-14.el9.x86_64.rpm
poppler-devel-21.01.0-14.el9.i686.rpm
poppler-devel-21.01.0-14.el9.x86_64.rpm
poppler-glib-debuginfo-21.01.0-14.el9.i686.rpm
poppler-glib-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-glib-devel-21.01.0-14.el9.i686.rpm
poppler-glib-devel-21.01.0-14.el9.x86_64.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.i686.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-qt5-devel-21.01.0-14.el9.i686.rpm
poppler-qt5-devel-21.01.0-14.el9.x86_64.rpm
poppler-utils-debuginfo-21.01.0-14.el9.i686.rpm
poppler-utils-debuginfo-21.01.0-14.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38784
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZFo1C9zjgjWX9erEAQhAwQ//cfv5/zXlIjJrcAFRz+tzee74vEaDBPxp
UehYiSUH/JSa2UcKqV9rICA22UaefU8uCOVusmkzTxrwK2oDpeq+Zw/OHUhM1VYJ
l9jcMODBKUwqJov99AcJIKpCB8CU4CYmWoykc59RokgzHQdUorCDu4w4Es9GXuZo
9pZiT3iHFTngFuk4XKnIYe91npn2WJwYELxWyOM3UE1u7M66TCaeMLHDc6sCqwB2
wINr9CRarBc2cdQ7o+G4Y6VWAl3VGwEe582eTljEDYTxfLcE6CY588pjpzpfmt5j
kVuUdYYVaDAoNpqr5P6dzzdpAoQFY62MkXij5Mz9xV+ey0beP231cCBjwNdkfWE4
Uj7zMxzb6wpE9//bUIcRJkmjf+sO9Y1awffQAKX6sqmV6s/CdwgHNomxLPj+rgud
qN8gzP/b1Pr84DZo7VcBqdeySiqod9zFX95h5slmo+9m0h+BH3XGf5Va4HPfmkXu
6peoRfPnV0EHdkVxZ2zrIqs4dTpjF4qIhMe3fvrfoWppQas/HHEbD4M5x1YcD2MV
iIazPIWwLJSZcJv/8NP3HS0zltGjEDfd1UTjnXwAyEvQLfCwDGn9FNtY1eKxWhmZ
eRR4HwAnZfdg33DXinkn9ddwGTps6+y2dYYLx0mmSVWaYb1eiorGBFXJ5e4ALOA5
gT7mgghhSao=YdPw
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Red Hat Security Advisory 2023-2259-01

Red Hat Security Advisory 2023-2259-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-2259-01

Share This

Red Hat Security Advisory 2023-2259-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems