RedHat: RHSA-2021-1972:01 Moderate: pandoc security update | LinuxS...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: pandoc security update
Advisory ID:       RHSA-2021:1972-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1972
Issue date:        2021-05-18
CVE Names:         CVE-2020-5238 
=====================================================================

1. Summary:

An update for pandoc is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Pandoc is a Haskell library for converting from one markup format to
another, and a command-line tool that uses this library.

Security Fix(es):

* cmark-gfm: Exponential time to parse certain inputs could lead to DoS
(CVE-2020-5238)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1854328 - CVE-2020-5238 cmark-gfm: Exponential time to parse certain inputs could lead to DoS

6. Package List:

Red Hat CodeReady Linux Builder (v. 8):

Source:
pandoc-2.0.6-5.el8.src.rpm

aarch64:
pandoc-2.0.6-5.el8.aarch64.rpm

noarch:
pandoc-common-2.0.6-5.el8.noarch.rpm

ppc64le:
pandoc-2.0.6-5.el8.ppc64le.rpm

s390x:
pandoc-2.0.6-5.el8.s390x.rpm

x86_64:
pandoc-2.0.6-5.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-5238
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYKPyntzjgjWX9erEAQgUJQ//Q4mDa5rZZ/6u0FWtwm2+jtKp3ekNEcST
5t35QWmk9sv0pWutvrexYx6UtfuWbaGHJIkUKz/33i51HnDsOtbi0AopyWKGf9JP
3I/SCLEPzuU3IYGqTBFufPYyHH/VqlnfCG9vOHUpuQfPgwvnM1Xd4yjjjpgRKSNP
fJixLaAc+WdPDHgzm2FjWwnOziyPC2jBUZO5PR0uMbabTr24MZmjGgg1Y0stlTAr
fiCjKuCPSzK6pkxKsyMRULLBkLsts2GPe9wymry67PPahqb0Gt2Ja1lEw55p1p52
vGF97Z8/Sp70r5HS+kXPCWTYdD0GH8m28HwtivhfYhrjBII9629KNAgM/hB0hzq/
xx9D5ebmgTaQfPcWNycUaea+NpX+CKb/e3QC2iz+ZdZhUe2JmJroWCbz4naQvm2c
pLNuZcAFosQtV7spmEefoED2t6GX5UU3W8BL94aFh0Pg5gouoIMz3vfQMZyR7bpn
pT7uJ8coLMtvbR2nlz0O0oVwlnqwWIlfknr/Jj/aqAmwixErGomNX0t56Kse8cHv
a5vXpPUn4X05Jb3lOksOM6GK+qZH2b3gXjAzKlaQz+RIILPCqK4XGW0uxER35mn2
PadoVgUfe+v0vbtWF4hXMc/kBi3bUWKchSjoMI7WHuownVTuHUwQljj7q3ssiBjG
eCZA+OYifqE=
=bGm4
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-1972:01 Moderate: pandoc security update

An update for pandoc is now available for Red Hat Enterprise Linux 8

Summary

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library.
Security Fix(es):
* cmark-gfm: Exponential time to parse certain inputs could lead to DoS (CVE-2020-5238)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-5238 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

Package List

Red Hat CodeReady Linux Builder (v. 8):
Source: pandoc-2.0.6-5.el8.src.rpm
aarch64: pandoc-2.0.6-5.el8.aarch64.rpm
noarch: pandoc-common-2.0.6-5.el8.noarch.rpm
ppc64le: pandoc-2.0.6-5.el8.ppc64le.rpm
s390x: pandoc-2.0.6-5.el8.s390x.rpm
x86_64: pandoc-2.0.6-5.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2021:1972-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1972
Issued Date: : 2021-05-18
CVE Names: CVE-2020-5238

Topic

An update for pandoc is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1854328 - CVE-2020-5238 cmark-gfm: Exponential time to parse certain inputs could lead to DoS

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.