Security update for poppler SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4363-1 Final 1 1 2023-11-03T12:49:27Z current 2023-11-03T12:49:27Z 2023-11-03T12:49:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for poppler This update for poppler fixes the following issues: - CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). - CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc (bsc#1213888). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-4363,SUSE-SLE-Module-Basesystem-15-SP4-2023-4363,SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4363,SUSE-SLE-Product-WE-15-SP5-2023-4363,openSUSE-SLE-15.4-2023-4363 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234363-1/ Link for SUSE-SU-2023:4363-1 https://lists.suse.com/pipermail/sle-security-updates/2023-November/016987.html E-Mail link for SUSE-SU-2023:4363-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1213888 SUSE Bug 1213888 https://bugzilla.suse.com/1214726 SUSE Bug 1214726 https://www.suse.com/security/cve/CVE-2022-37052/ SUSE CVE CVE-2022-37052 page https://www.suse.com/security/cve/CVE-2023-34872/ SUSE CVE CVE-2023-34872 page SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Package Hub 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP5 openSUSE Leap 15.4 libpoppler-cpp0-22.01.0-150400.3.16.1 libpoppler-cpp0-32bit-22.01.0-150400.3.16.1 libpoppler-cpp0-64bit-22.01.0-150400.3.16.1 libpoppler-devel-22.01.0-150400.3.16.1 libpoppler-glib-devel-22.01.0-150400.3.16.1 libpoppler-glib8-22.01.0-150400.3.16.1 libpoppler-glib8-32bit-22.01.0-150400.3.16.1 libpoppler-glib8-64bit-22.01.0-150400.3.16.1 libpoppler-qt5-1-22.01.0-150400.3.16.1 libpoppler-qt5-1-32bit-22.01.0-150400.3.16.1 libpoppler-qt5-1-64bit-22.01.0-150400.3.16.1 libpoppler-qt5-devel-22.01.0-150400.3.16.1 libpoppler-qt6-3-22.01.0-150400.3.16.1 libpoppler-qt6-devel-22.01.0-150400.3.16.1 libpoppler117-22.01.0-150400.3.16.1 libpoppler117-32bit-22.01.0-150400.3.16.1 libpoppler117-64bit-22.01.0-150400.3.16.1 poppler-tools-22.01.0-150400.3.16.1 typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 libpoppler-cpp0-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libpoppler-devel-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libpoppler-glib-devel-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libpoppler-glib8-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libpoppler117-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 poppler-tools-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libpoppler-cpp0-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 libpoppler-devel-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 libpoppler-glib8-32bit-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 libpoppler-qt5-1-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 libpoppler-qt5-devel-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 libpoppler117-32bit-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 libpoppler117-22.01.0-150400.3.16.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 libpoppler-cpp0-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-cpp0-32bit-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-devel-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-glib-devel-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-glib8-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-glib8-32bit-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-qt5-1-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-qt5-1-32bit-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-qt5-devel-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-qt6-3-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler-qt6-devel-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler117-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 libpoppler117-32bit-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 poppler-tools-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 as a component of openSUSE Leap 15.4 A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. CVE-2022-37052 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-cpp0-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-devel-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib-devel-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib8-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler117-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:poppler-tools-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-cpp0-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-devel-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-glib8-32bit-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-qt5-1-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-qt5-devel-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler117-32bit-22.01.0-150400.3.16.1 SUSE Linux Enterprise Workstation Extension 15 SP5:libpoppler117-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-cpp0-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-cpp0-32bit-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-devel-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-glib-devel-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-glib8-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-glib8-32bit-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt5-1-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt5-1-32bit-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt5-devel-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt6-3-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt6-devel-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler117-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler117-32bit-22.01.0-150400.3.16.1 openSUSE Leap 15.4:poppler-tools-22.01.0-150400.3.16.1 openSUSE Leap 15.4:typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234363-1/ https://www.suse.com/security/cve/CVE-2022-37052.html CVE-2022-37052 https://bugzilla.suse.com/1214726 SUSE Bug 1214726 A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. CVE-2023-34872 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-cpp0-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-devel-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib-devel-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler-glib8-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler117-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:poppler-tools-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-cpp0-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-devel-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-glib8-32bit-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-qt5-1-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler-qt5-devel-22.01.0-150400.3.16.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:libpoppler117-32bit-22.01.0-150400.3.16.1 SUSE Linux Enterprise Workstation Extension 15 SP5:libpoppler117-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-cpp0-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-cpp0-32bit-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-devel-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-glib-devel-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-glib8-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-glib8-32bit-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt5-1-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt5-1-32bit-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt5-devel-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt6-3-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler-qt6-devel-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler117-22.01.0-150400.3.16.1 openSUSE Leap 15.4:libpoppler117-32bit-22.01.0-150400.3.16.1 openSUSE Leap 15.4:poppler-tools-22.01.0-150400.3.16.1 openSUSE Leap 15.4:typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234363-1/ https://www.suse.com/security/cve/CVE-2023-34872.html CVE-2023-34872 https://bugzilla.suse.com/1213888 SUSE Bug 1213888