Amazon Linux 2023 Security Advisory: ALAS-2023-371
Advisory Release Date: 2023-09-27 21:06 Pacific
Advisory Updated Date: 2024-07-17 23:43 Pacific
Severity:
Medium
Issue Overview:
2024-07-17: CVE-2022-27337 was added to this advisory.
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337)
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. (CVE-2023-34872)
Affected Packages:
poppler
Issue Correction:
Run dnf update poppler --releasever 2023.2.20231002 to update your system.
New Packages:
aarch64:
poppler-glib-debuginfo-22.08.0-3.amzn2023.0.4.aarch64
poppler-debuginfo-22.08.0-3.amzn2023.0.4.aarch64
poppler-utils-22.08.0-3.amzn2023.0.4.aarch64
poppler-cpp-22.08.0-3.amzn2023.0.4.aarch64
poppler-devel-22.08.0-3.amzn2023.0.4.aarch64
poppler-glib-22.08.0-3.amzn2023.0.4.aarch64
poppler-cpp-debuginfo-22.08.0-3.amzn2023.0.4.aarch64
poppler-22.08.0-3.amzn2023.0.4.aarch64
poppler-utils-debuginfo-22.08.0-3.amzn2023.0.4.aarch64
poppler-glib-devel-22.08.0-3.amzn2023.0.4.aarch64
poppler-cpp-devel-22.08.0-3.amzn2023.0.4.aarch64
poppler-debugsource-22.08.0-3.amzn2023.0.4.aarch64
noarch:
poppler-glib-doc-22.08.0-3.amzn2023.0.4.noarch
src:
poppler-22.08.0-3.amzn2023.0.4.src
x86_64:
poppler-debuginfo-22.08.0-3.amzn2023.0.4.x86_64
poppler-glib-devel-22.08.0-3.amzn2023.0.4.x86_64
poppler-cpp-22.08.0-3.amzn2023.0.4.x86_64
poppler-devel-22.08.0-3.amzn2023.0.4.x86_64
poppler-cpp-devel-22.08.0-3.amzn2023.0.4.x86_64
poppler-utils-debuginfo-22.08.0-3.amzn2023.0.4.x86_64
poppler-cpp-debuginfo-22.08.0-3.amzn2023.0.4.x86_64
poppler-glib-22.08.0-3.amzn2023.0.4.x86_64
poppler-22.08.0-3.amzn2023.0.4.x86_64
poppler-glib-debuginfo-22.08.0-3.amzn2023.0.4.x86_64
poppler-utils-22.08.0-3.amzn2023.0.4.x86_64
poppler-debugsource-22.08.0-3.amzn2023.0.4.x86_64