-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: poppler security and bug fix update
Advisory ID:       RHSA-2023:2259-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2259
Issue date:        2023-05-09
CVE Names:         CVE-2022-38784 
====================================================================
1. Summary:

An update for poppler is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.

Security Fix(es):

* poppler: integer overflow in JBIG2 decoder using malformed files
(CVE-2022-38784)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2124527 - CVE-2022-38784 poppler: integer overflow in JBIG2 decoder using malformed files
2144768 - Please add various devel packages to CRB 9 to build Scribus in EPEL

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
poppler-21.01.0-14.el9.src.rpm

aarch64:
poppler-21.01.0-14.el9.aarch64.rpm
poppler-cpp-21.01.0-14.el9.aarch64.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-debugsource-21.01.0-14.el9.aarch64.rpm
poppler-glib-21.01.0-14.el9.aarch64.rpm
poppler-glib-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-qt5-21.01.0-14.el9.aarch64.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-utils-21.01.0-14.el9.aarch64.rpm
poppler-utils-debuginfo-21.01.0-14.el9.aarch64.rpm

ppc64le:
poppler-21.01.0-14.el9.ppc64le.rpm
poppler-cpp-21.01.0-14.el9.ppc64le.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-debugsource-21.01.0-14.el9.ppc64le.rpm
poppler-glib-21.01.0-14.el9.ppc64le.rpm
poppler-glib-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-qt5-21.01.0-14.el9.ppc64le.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-utils-21.01.0-14.el9.ppc64le.rpm
poppler-utils-debuginfo-21.01.0-14.el9.ppc64le.rpm

s390x:
poppler-21.01.0-14.el9.s390x.rpm
poppler-cpp-21.01.0-14.el9.s390x.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-debugsource-21.01.0-14.el9.s390x.rpm
poppler-glib-21.01.0-14.el9.s390x.rpm
poppler-glib-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-qt5-21.01.0-14.el9.s390x.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-utils-21.01.0-14.el9.s390x.rpm
poppler-utils-debuginfo-21.01.0-14.el9.s390x.rpm

x86_64:
poppler-21.01.0-14.el9.i686.rpm
poppler-21.01.0-14.el9.x86_64.rpm
poppler-cpp-21.01.0-14.el9.i686.rpm
poppler-cpp-21.01.0-14.el9.x86_64.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.i686.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-debuginfo-21.01.0-14.el9.i686.rpm
poppler-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-debugsource-21.01.0-14.el9.i686.rpm
poppler-debugsource-21.01.0-14.el9.x86_64.rpm
poppler-glib-21.01.0-14.el9.i686.rpm
poppler-glib-21.01.0-14.el9.x86_64.rpm
poppler-glib-debuginfo-21.01.0-14.el9.i686.rpm
poppler-glib-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-qt5-21.01.0-14.el9.i686.rpm
poppler-qt5-21.01.0-14.el9.x86_64.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.i686.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-utils-21.01.0-14.el9.x86_64.rpm
poppler-utils-debuginfo-21.01.0-14.el9.i686.rpm
poppler-utils-debuginfo-21.01.0-14.el9.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:
poppler-cpp-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-cpp-devel-21.01.0-14.el9.aarch64.rpm
poppler-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-debugsource-21.01.0-14.el9.aarch64.rpm
poppler-devel-21.01.0-14.el9.aarch64.rpm
poppler-glib-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-glib-devel-21.01.0-14.el9.aarch64.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.aarch64.rpm
poppler-qt5-devel-21.01.0-14.el9.aarch64.rpm
poppler-utils-debuginfo-21.01.0-14.el9.aarch64.rpm

ppc64le:
poppler-cpp-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-cpp-devel-21.01.0-14.el9.ppc64le.rpm
poppler-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-debugsource-21.01.0-14.el9.ppc64le.rpm
poppler-devel-21.01.0-14.el9.ppc64le.rpm
poppler-glib-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-glib-devel-21.01.0-14.el9.ppc64le.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.ppc64le.rpm
poppler-qt5-devel-21.01.0-14.el9.ppc64le.rpm
poppler-utils-debuginfo-21.01.0-14.el9.ppc64le.rpm

s390x:
poppler-cpp-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-cpp-devel-21.01.0-14.el9.s390x.rpm
poppler-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-debugsource-21.01.0-14.el9.s390x.rpm
poppler-devel-21.01.0-14.el9.s390x.rpm
poppler-glib-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-glib-devel-21.01.0-14.el9.s390x.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.s390x.rpm
poppler-qt5-devel-21.01.0-14.el9.s390x.rpm
poppler-utils-debuginfo-21.01.0-14.el9.s390x.rpm

x86_64:
poppler-cpp-debuginfo-21.01.0-14.el9.i686.rpm
poppler-cpp-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-cpp-devel-21.01.0-14.el9.i686.rpm
poppler-cpp-devel-21.01.0-14.el9.x86_64.rpm
poppler-debuginfo-21.01.0-14.el9.i686.rpm
poppler-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-debugsource-21.01.0-14.el9.i686.rpm
poppler-debugsource-21.01.0-14.el9.x86_64.rpm
poppler-devel-21.01.0-14.el9.i686.rpm
poppler-devel-21.01.0-14.el9.x86_64.rpm
poppler-glib-debuginfo-21.01.0-14.el9.i686.rpm
poppler-glib-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-glib-devel-21.01.0-14.el9.i686.rpm
poppler-glib-devel-21.01.0-14.el9.x86_64.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.i686.rpm
poppler-qt5-debuginfo-21.01.0-14.el9.x86_64.rpm
poppler-qt5-devel-21.01.0-14.el9.i686.rpm
poppler-qt5-devel-21.01.0-14.el9.x86_64.rpm
poppler-utils-debuginfo-21.01.0-14.el9.i686.rpm
poppler-utils-debuginfo-21.01.0-14.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38784
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZFo1C9zjgjWX9erEAQhAwQ//cfv5/zXlIjJrcAFRz+tzee74vEaDBPxp
UehYiSUH/JSa2UcKqV9rICA22UaefU8uCOVusmkzTxrwK2oDpeq+Zw/OHUhM1VYJ
l9jcMODBKUwqJov99AcJIKpCB8CU4CYmWoykc59RokgzHQdUorCDu4w4Es9GXuZo
9pZiT3iHFTngFuk4XKnIYe91npn2WJwYELxWyOM3UE1u7M66TCaeMLHDc6sCqwB2
wINr9CRarBc2cdQ7o+G4Y6VWAl3VGwEe582eTljEDYTxfLcE6CY588pjpzpfmt5j
kVuUdYYVaDAoNpqr5P6dzzdpAoQFY62MkXij5Mz9xV+ey0beP231cCBjwNdkfWE4
Uj7zMxzb6wpE9//bUIcRJkmjf+sO9Y1awffQAKX6sqmV6s/CdwgHNomxLPj+rgud
qN8gzP/b1Pr84DZo7VcBqdeySiqod9zFX95h5slmo+9m0h+BH3XGf5Va4HPfmkXu
6peoRfPnV0EHdkVxZ2zrIqs4dTpjF4qIhMe3fvrfoWppQas/HHEbD4M5x1YcD2MV
iIazPIWwLJSZcJv/8NP3HS0zltGjEDfd1UTjnXwAyEvQLfCwDGn9FNtY1eKxWhmZ
eRR4HwAnZfdg33DXinkn9ddwGTps6+y2dYYLx0mmSVWaYb1eiorGBFXJ5e4ALOA5
gT7mgghhSao=YdPw
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-2259:01 Moderate: poppler

An update for poppler is now available for Red Hat Enterprise Linux 9

Summary

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.
Security Fix(es):
* poppler: integer overflow in JBIG2 decoder using malformed files (CVE-2022-38784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Summary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-38784 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 9):
Source: poppler-21.01.0-14.el9.src.rpm
aarch64: poppler-21.01.0-14.el9.aarch64.rpm poppler-cpp-21.01.0-14.el9.aarch64.rpm poppler-cpp-debuginfo-21.01.0-14.el9.aarch64.rpm poppler-debuginfo-21.01.0-14.el9.aarch64.rpm poppler-debugsource-21.01.0-14.el9.aarch64.rpm poppler-glib-21.01.0-14.el9.aarch64.rpm poppler-glib-debuginfo-21.01.0-14.el9.aarch64.rpm poppler-qt5-21.01.0-14.el9.aarch64.rpm poppler-qt5-debuginfo-21.01.0-14.el9.aarch64.rpm poppler-utils-21.01.0-14.el9.aarch64.rpm poppler-utils-debuginfo-21.01.0-14.el9.aarch64.rpm
ppc64le: poppler-21.01.0-14.el9.ppc64le.rpm poppler-cpp-21.01.0-14.el9.ppc64le.rpm poppler-cpp-debuginfo-21.01.0-14.el9.ppc64le.rpm poppler-debuginfo-21.01.0-14.el9.ppc64le.rpm poppler-debugsource-21.01.0-14.el9.ppc64le.rpm poppler-glib-21.01.0-14.el9.ppc64le.rpm poppler-glib-debuginfo-21.01.0-14.el9.ppc64le.rpm poppler-qt5-21.01.0-14.el9.ppc64le.rpm poppler-qt5-debuginfo-21.01.0-14.el9.ppc64le.rpm poppler-utils-21.01.0-14.el9.ppc64le.rpm poppler-utils-debuginfo-21.01.0-14.el9.ppc64le.rpm
s390x: poppler-21.01.0-14.el9.s390x.rpm poppler-cpp-21.01.0-14.el9.s390x.rpm poppler-cpp-debuginfo-21.01.0-14.el9.s390x.rpm poppler-debuginfo-21.01.0-14.el9.s390x.rpm poppler-debugsource-21.01.0-14.el9.s390x.rpm poppler-glib-21.01.0-14.el9.s390x.rpm poppler-glib-debuginfo-21.01.0-14.el9.s390x.rpm poppler-qt5-21.01.0-14.el9.s390x.rpm poppler-qt5-debuginfo-21.01.0-14.el9.s390x.rpm poppler-utils-21.01.0-14.el9.s390x.rpm poppler-utils-debuginfo-21.01.0-14.el9.s390x.rpm
x86_64: poppler-21.01.0-14.el9.i686.rpm poppler-21.01.0-14.el9.x86_64.rpm poppler-cpp-21.01.0-14.el9.i686.rpm poppler-cpp-21.01.0-14.el9.x86_64.rpm poppler-cpp-debuginfo-21.01.0-14.el9.i686.rpm poppler-cpp-debuginfo-21.01.0-14.el9.x86_64.rpm poppler-debuginfo-21.01.0-14.el9.i686.rpm poppler-debuginfo-21.01.0-14.el9.x86_64.rpm poppler-debugsource-21.01.0-14.el9.i686.rpm poppler-debugsource-21.01.0-14.el9.x86_64.rpm poppler-glib-21.01.0-14.el9.i686.rpm poppler-glib-21.01.0-14.el9.x86_64.rpm poppler-glib-debuginfo-21.01.0-14.el9.i686.rpm poppler-glib-debuginfo-21.01.0-14.el9.x86_64.rpm poppler-qt5-21.01.0-14.el9.i686.rpm poppler-qt5-21.01.0-14.el9.x86_64.rpm poppler-qt5-debuginfo-21.01.0-14.el9.i686.rpm poppler-qt5-debuginfo-21.01.0-14.el9.x86_64.rpm poppler-utils-21.01.0-14.el9.x86_64.rpm poppler-utils-debuginfo-21.01.0-14.el9.i686.rpm poppler-utils-debuginfo-21.01.0-14.el9.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 9):
aarch64: poppler-cpp-debuginfo-21.01.0-14.el9.aarch64.rpm poppler-cpp-devel-21.01.0-14.el9.aarch64.rpm poppler-debuginfo-21.01.0-14.el9.aarch64.rpm poppler-debugsource-21.01.0-14.el9.aarch64.rpm poppler-devel-21.01.0-14.el9.aarch64.rpm poppler-glib-debuginfo-21.01.0-14.el9.aarch64.rpm poppler-glib-devel-21.01.0-14.el9.aarch64.rpm poppler-qt5-debuginfo-21.01.0-14.el9.aarch64.rpm poppler-qt5-devel-21.01.0-14.el9.aarch64.rpm poppler-utils-debuginfo-21.01.0-14.el9.aarch64.rpm
ppc64le: poppler-cpp-debuginfo-21.01.0-14.el9.ppc64le.rpm poppler-cpp-devel-21.01.0-14.el9.ppc64le.rpm poppler-debuginfo-21.01.0-14.el9.ppc64le.rpm poppler-debugsource-21.01.0-14.el9.ppc64le.rpm poppler-devel-21.01.0-14.el9.ppc64le.rpm poppler-glib-debuginfo-21.01.0-14.el9.ppc64le.rpm poppler-glib-devel-21.01.0-14.el9.ppc64le.rpm poppler-qt5-debuginfo-21.01.0-14.el9.ppc64le.rpm poppler-qt5-devel-21.01.0-14.el9.ppc64le.rpm poppler-utils-debuginfo-21.01.0-14.el9.ppc64le.rpm
s390x: poppler-cpp-debuginfo-21.01.0-14.el9.s390x.rpm poppler-cpp-devel-21.01.0-14.el9.s390x.rpm poppler-debuginfo-21.01.0-14.el9.s390x.rpm poppler-debugsource-21.01.0-14.el9.s390x.rpm poppler-devel-21.01.0-14.el9.s390x.rpm poppler-glib-debuginfo-21.01.0-14.el9.s390x.rpm poppler-glib-devel-21.01.0-14.el9.s390x.rpm poppler-qt5-debuginfo-21.01.0-14.el9.s390x.rpm poppler-qt5-devel-21.01.0-14.el9.s390x.rpm poppler-utils-debuginfo-21.01.0-14.el9.s390x.rpm
x86_64: poppler-cpp-debuginfo-21.01.0-14.el9.i686.rpm poppler-cpp-debuginfo-21.01.0-14.el9.x86_64.rpm poppler-cpp-devel-21.01.0-14.el9.i686.rpm poppler-cpp-devel-21.01.0-14.el9.x86_64.rpm poppler-debuginfo-21.01.0-14.el9.i686.rpm poppler-debuginfo-21.01.0-14.el9.x86_64.rpm poppler-debugsource-21.01.0-14.el9.i686.rpm poppler-debugsource-21.01.0-14.el9.x86_64.rpm poppler-devel-21.01.0-14.el9.i686.rpm poppler-devel-21.01.0-14.el9.x86_64.rpm poppler-glib-debuginfo-21.01.0-14.el9.i686.rpm poppler-glib-debuginfo-21.01.0-14.el9.x86_64.rpm poppler-glib-devel-21.01.0-14.el9.i686.rpm poppler-glib-devel-21.01.0-14.el9.x86_64.rpm poppler-qt5-debuginfo-21.01.0-14.el9.i686.rpm poppler-qt5-debuginfo-21.01.0-14.el9.x86_64.rpm poppler-qt5-devel-21.01.0-14.el9.i686.rpm poppler-qt5-devel-21.01.0-14.el9.x86_64.rpm poppler-utils-debuginfo-21.01.0-14.el9.i686.rpm poppler-utils-debuginfo-21.01.0-14.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity

Advisory ID: RHSA-2023:2259-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2023:2259

Issued Date: : 2023-05-09

CVE Names: CVE-2022-38784

Topic

An update for poppler is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.