- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202405-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: PoDoFo: Multiple Vulnerabilities
     Date: May 12, 2024
     Bugs: #906105
       ID: 202405-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in PoDoFo, the worst of
which could lead to code execution.

Background
==========

PoDoFo is a free portable C++ library to work with the PDF file format.

Affected packages
=================

Package          Vulnerable    Unaffected
---------------  ------------  ------------
app-text/podofo  < 0.10.1      >= 0.10.1

Description
===========

Please review the referenced CVE identifiers for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All PoDoFo users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-text/podofo-0.10.1"

References
==========

[ 1 ] CVE-2023-31566
      https://nvd.nist.gov/vuln/detail/CVE-2023-31566
[ 2 ] CVE-2023-31567
      https://nvd.nist.gov/vuln/detail/CVE-2023-31567

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-33

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-202405-33: PoDoFo: Security Advisory Updates

Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution.

Summary

Please review the referenced CVE identifiers for details.

Resolution

All PoDoFo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/podofo-0.10.1"

References

[ 1 ] CVE-2023-31566 https://nvd.nist.gov/vuln/detail/CVE-2023-31566 [ 2 ] CVE-2023-31567 https://nvd.nist.gov/vuln/detail/CVE-2023-31567

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-33

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: High
Title: PoDoFo: Multiple Vulnerabilities
Date: May 12, 2024
Bugs: #906105
ID: 202405-33

Synopsis

Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution.

Background

PoDoFo is a free portable C++ library to work with the PDF file format.

Affected Packages

Package Vulnerable Unaffected --------------- ------------ ------------ app-text/podofo < 0.10.1 >= 0.10.1

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Related News

8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
Canonical has made headlines with its groundbreaking long-term support (LTS) service offering to extend far beyond Ubuntu deb packages, promising 12
14.Lock Code WorldMap Esm H170
2 - 4 min read
Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled " Exploring Memory
11.Locks IsometricPattern Esm H170
2 - 3 min read
Cybersecurity threats continue to emerge regularly, and Promon's security team recently identified one such novel threat, Snowblind. This malware
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
2 - 4 min read
The recent discovery of a backdoor in Linux's xz compression tool has shed light on cybercriminals' ingenious methods of gaining entry and remaining
19.Laptop Bed Esm H170
2 - 4 min read
Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved