Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 38: FEDORA-2024-6ad6b9f417 Critical: Pandoc File Overwrite

fedora
Calendar Grey March 31, 2024
Dist Fedora Esm H88
Fedora 39 releases a security patch for git, resolving significant weaknesses that could lead to command injection risks.
Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 base64 now packaged in Fedora

Summary

Pandoc is a Haskell library for converting from one markup format to another,

and a command-line tool that uses this library. The formats it can handle

include

- light markup formats (many variants of Markdown, reStructuredText, AsciiDoc,

Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook

formats (EPUB v2 and v3, FB2) - Documentation formats (GNU TexInfo, Haddock) -

Roff formats (man, ms) - TeX formats (LaTeX, ConTeXt) - XML formats (DocBook 4

and 5, JATS, TEI Simple, OpenDocument) - Outline formats (OPML) - Bibliography

formats (BibTeX, BibLaTeX, CSL JSON, CSL YAML, RIS) - Word processor formats

(Docx, RTF, ODT) - Interactive notebook formats (Jupyter notebook ipynb) - Page

layout formats (InDesign ICML) - Wiki markup formats (MediaWiki, DokuWiki,

TikiWiki, TWiki, Vimwiki, XWiki, ZimWiki, Jira wiki, Creole) - Slide show

formats (LaTeX Beamer, PowerPoint, Slidy, reveal.js, Slideous, S5, DZSlides) -

Data formats (CSV and TSV tables) - PDF (via external programs such as pdflatex

or wkhtmltopdf)

Pandoc can convert mathematical content in documents between TeX, MathML, Word

equations, roff eqn, and plain text. It includes a powerful system for

automatic citations and bibliographies, and it can be customized extensively

using templates, filters, and custom readers and writers written in Lua.

For pdf output please also install pandoc-pdf or weasyprint.

Update Information:

Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 base64 now packaged in Fedora

Topics%20covered

Topics Covered

security advisory fedora critical software update file overwrite pandoc

Change Log

* Thu Mar 21 2024 Jens Petersen - 2.19.2-22 - backport fixes for CVE-2023-35936 and CVE-2023-38745 - base64 is now packaged in fedora

References


[ 1 ] Bug #2163472 - Review Request: ghc-base64 - A modern RFC 4648-compliant Base64 library https://bugzilla.redhat.com/show_bug.cgi?id=2163472 [ 2 ] Bug #2220873 - TRIAGE pandoc: TRIAGE_CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2220873 [ 3 ] Bug #2227034 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2227034

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6ad6b9f417' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: pandoc
Product: Fedora 38
Version: 2.19.2
Release: 22.fc38
URL: https://hackage.haskell.org/package/pandoc
Summary: Conversion between markup formats

Topics%20covered

Topics Covered

security advisory fedora critical software update file overwrite pandoc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here