ALAS-2024-741

Amazon Linux 2023 Security Advisory: ALAS-2024-741
Advisory Release Date: 2024-10-24 22:53 Pacific
Advisory Updated Date: 2024-10-31 16:00 Pacific
Severity: Medium
Issue Overview:

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. (CVE-2024-6239)


Affected Packages:

poppler


Issue Correction:
Run dnf update poppler --releasever 2023.6.20241028 to update your system.

New Packages:
aarch64:
    poppler-debuginfo-22.08.0-3.amzn2023.0.5.aarch64
    poppler-cpp-devel-22.08.0-3.amzn2023.0.5.aarch64
    poppler-cpp-debuginfo-22.08.0-3.amzn2023.0.5.aarch64
    poppler-utils-debuginfo-22.08.0-3.amzn2023.0.5.aarch64
    poppler-glib-22.08.0-3.amzn2023.0.5.aarch64
    poppler-cpp-22.08.0-3.amzn2023.0.5.aarch64
    poppler-22.08.0-3.amzn2023.0.5.aarch64
    poppler-glib-debuginfo-22.08.0-3.amzn2023.0.5.aarch64
    poppler-devel-22.08.0-3.amzn2023.0.5.aarch64
    poppler-utils-22.08.0-3.amzn2023.0.5.aarch64
    poppler-glib-devel-22.08.0-3.amzn2023.0.5.aarch64
    poppler-debugsource-22.08.0-3.amzn2023.0.5.aarch64

noarch:
    poppler-glib-doc-22.08.0-3.amzn2023.0.5.noarch

src:
    poppler-22.08.0-3.amzn2023.0.5.src

x86_64:
    poppler-debuginfo-22.08.0-3.amzn2023.0.5.x86_64
    poppler-glib-debuginfo-22.08.0-3.amzn2023.0.5.x86_64
    poppler-cpp-22.08.0-3.amzn2023.0.5.x86_64
    poppler-devel-22.08.0-3.amzn2023.0.5.x86_64
    poppler-debugsource-22.08.0-3.amzn2023.0.5.x86_64
    poppler-cpp-debuginfo-22.08.0-3.amzn2023.0.5.x86_64
    poppler-utils-22.08.0-3.amzn2023.0.5.x86_64
    poppler-utils-debuginfo-22.08.0-3.amzn2023.0.5.x86_64
    poppler-glib-22.08.0-3.amzn2023.0.5.x86_64
    poppler-22.08.0-3.amzn2023.0.5.x86_64
    poppler-cpp-devel-22.08.0-3.amzn2023.0.5.x86_64
    poppler-glib-devel-22.08.0-3.amzn2023.0.5.x86_64

Additional References

Red Hat: CVE-2024-6239

Mitre: CVE-2024-6239