Gentoo alert 202405-18 (Xpdf)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202405-18 ] Xpdf: Multiple Vulnerabilities | |
| Date: | Tue, 07 May 2024 04:36:08 -0000 | |
| Message-ID: | <171505656922.8.475172300408322989@987c7955d8b1> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf: Multiple Vulnerabilities Date: May 07, 2024 Bugs: #755938, #840873 ID: 202405-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution. Background ========== Xpdf is an X viewer for PDF files. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ app-text/xpdf < 4.04 >= 4.04 Description =========== Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/xpdf-4.04" References ========== [ 1 ] CVE-2020-25725 https://nvd.nist.gov/vuln/detail/CVE-2020-25725 [ 2 ] CVE-2020-35376 https://nvd.nist.gov/vuln/detail/CVE-2020-35376 [ 3 ] CVE-2021-27548 https://nvd.nist.gov/vuln/detail/CVE-2021-27548 [ 4 ] CVE-2022-24106 https://nvd.nist.gov/vuln/detail/CVE-2022-24106 [ 5 ] CVE-2022-24107 https://nvd.nist.gov/vuln/detail/CVE-2022-24107 [ 6 ] CVE-2022-27135 https://nvd.nist.gov/vuln/detail/CVE-2022-27135 [ 7 ] CVE-2022-38171 https://nvd.nist.gov/vuln/detail/CVE-2022-38171 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202405-18 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmY5r7kACgkQFMQkOaVy +9mQ3hAAxQP//MBPwt+RrVpcZdklEWmtCdU0fV1ywIsqwIrzA5slkLbEFFVRxUO/ bN4tzHma/e40hdoskFGZbM5g8t8HTDvx2q0Eg2A9L4CjtpsRCmS1H890tst68E4W DvFGIZn4MVIh+aZ8qkwvkmyIzyhUC18/quqrO8D5RvU5uDtzkAN7iV+1P0QxT6nJ fClIulsjPH5BUGJfqSwgfnDPH5Z4w2q18Vb++CsbGbFTGEZQriwueSQJ6JrzCeVb 9bSgbT1nkfVR0pPirB7ttCcIX33VKgDrRzvXqiVUDkE7STkhlBT6WLzCF12nFyAZ IZmFYcFCiQ0VAUsTM0wyOKG3OPyPjjCSNkeSXCcQ/fMLL0CJsN8lsQwx6d+gupID OFvZk7H+2P/Pbx20z4Nya2RCwJLzKyx38Bv8dtxbhvmW4DBV7NBuu2WwLNLrL6Ja ArwRr+jcBbDBJ7sTaXCgiCnActVo+TdMz/cWldMLgbsCDgWiTX/dYgMFdQYKnY73 vYtw2uc+/JzSF5ZTdGTfQ1HMd9mWGyLjBYIZ/TKF+yuDpXnqLc4XllLs4348ZsaQ +ThK53HqdBdrWpBuelC8pMR0bDXkxGnSggKXD257mGpNblcnfSiYSNHh2V626JJZ eYW40jWWJZ0tvBr5yXyE0fNhKXEleu7zkKZn0lU2IYhIpYFsNtY= =0UsF -----END PGP SIGNATURE-----