OPENSUSE-SU-2024:13056-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ghc-pandoc-3.1.3-2.1 on GA media
Notes
Title of the patch
ghc-pandoc-3.1.3-2.1 on GA media
Description of the patch
These are all security issues fixed in the ghc-pandoc-3.1.3-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13056
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ghc-pandoc-3.1.3-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ghc-pandoc-3.1.3-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13056",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13056-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35936 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35936/"
}
],
"title": "ghc-pandoc-3.1.3-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13056-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ghc-pandoc-3.1.3-2.1.aarch64",
"product": {
"name": "ghc-pandoc-3.1.3-2.1.aarch64",
"product_id": "ghc-pandoc-3.1.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-devel-3.1.3-2.1.aarch64",
"product": {
"name": "ghc-pandoc-devel-3.1.3-2.1.aarch64",
"product_id": "ghc-pandoc-devel-3.1.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-doc-3.1.3-2.1.aarch64",
"product": {
"name": "ghc-pandoc-doc-3.1.3-2.1.aarch64",
"product_id": "ghc-pandoc-doc-3.1.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-prof-3.1.3-2.1.aarch64",
"product": {
"name": "ghc-pandoc-prof-3.1.3-2.1.aarch64",
"product_id": "ghc-pandoc-prof-3.1.3-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ghc-pandoc-3.1.3-2.1.ppc64le",
"product": {
"name": "ghc-pandoc-3.1.3-2.1.ppc64le",
"product_id": "ghc-pandoc-3.1.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-devel-3.1.3-2.1.ppc64le",
"product": {
"name": "ghc-pandoc-devel-3.1.3-2.1.ppc64le",
"product_id": "ghc-pandoc-devel-3.1.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-doc-3.1.3-2.1.ppc64le",
"product": {
"name": "ghc-pandoc-doc-3.1.3-2.1.ppc64le",
"product_id": "ghc-pandoc-doc-3.1.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-prof-3.1.3-2.1.ppc64le",
"product": {
"name": "ghc-pandoc-prof-3.1.3-2.1.ppc64le",
"product_id": "ghc-pandoc-prof-3.1.3-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ghc-pandoc-3.1.3-2.1.s390x",
"product": {
"name": "ghc-pandoc-3.1.3-2.1.s390x",
"product_id": "ghc-pandoc-3.1.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-devel-3.1.3-2.1.s390x",
"product": {
"name": "ghc-pandoc-devel-3.1.3-2.1.s390x",
"product_id": "ghc-pandoc-devel-3.1.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-doc-3.1.3-2.1.s390x",
"product": {
"name": "ghc-pandoc-doc-3.1.3-2.1.s390x",
"product_id": "ghc-pandoc-doc-3.1.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-prof-3.1.3-2.1.s390x",
"product": {
"name": "ghc-pandoc-prof-3.1.3-2.1.s390x",
"product_id": "ghc-pandoc-prof-3.1.3-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ghc-pandoc-3.1.3-2.1.x86_64",
"product": {
"name": "ghc-pandoc-3.1.3-2.1.x86_64",
"product_id": "ghc-pandoc-3.1.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-devel-3.1.3-2.1.x86_64",
"product": {
"name": "ghc-pandoc-devel-3.1.3-2.1.x86_64",
"product_id": "ghc-pandoc-devel-3.1.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-doc-3.1.3-2.1.x86_64",
"product": {
"name": "ghc-pandoc-doc-3.1.3-2.1.x86_64",
"product_id": "ghc-pandoc-doc-3.1.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "ghc-pandoc-prof-3.1.3-2.1.x86_64",
"product": {
"name": "ghc-pandoc-prof-3.1.3-2.1.x86_64",
"product_id": "ghc-pandoc-prof-3.1.3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-3.1.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.aarch64"
},
"product_reference": "ghc-pandoc-3.1.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-3.1.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.ppc64le"
},
"product_reference": "ghc-pandoc-3.1.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-3.1.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.s390x"
},
"product_reference": "ghc-pandoc-3.1.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-3.1.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.x86_64"
},
"product_reference": "ghc-pandoc-3.1.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-devel-3.1.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.aarch64"
},
"product_reference": "ghc-pandoc-devel-3.1.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-devel-3.1.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.ppc64le"
},
"product_reference": "ghc-pandoc-devel-3.1.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-devel-3.1.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.s390x"
},
"product_reference": "ghc-pandoc-devel-3.1.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-devel-3.1.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.x86_64"
},
"product_reference": "ghc-pandoc-devel-3.1.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-doc-3.1.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.aarch64"
},
"product_reference": "ghc-pandoc-doc-3.1.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-doc-3.1.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.ppc64le"
},
"product_reference": "ghc-pandoc-doc-3.1.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-doc-3.1.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.s390x"
},
"product_reference": "ghc-pandoc-doc-3.1.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-doc-3.1.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.x86_64"
},
"product_reference": "ghc-pandoc-doc-3.1.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-prof-3.1.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.aarch64"
},
"product_reference": "ghc-pandoc-prof-3.1.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-prof-3.1.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.ppc64le"
},
"product_reference": "ghc-pandoc-prof-3.1.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-prof-3.1.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.s390x"
},
"product_reference": "ghc-pandoc-prof-3.1.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghc-pandoc-prof-3.1.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.x86_64"
},
"product_reference": "ghc-pandoc-prof-3.1.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-35936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35936"
}
],
"notes": [
{
"category": "general",
"text": "Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option.\n\nThe fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `--sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `--extract-media` option.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.x86_64",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.x86_64",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.x86_64",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35936",
"url": "https://www.suse.com/security/cve/CVE-2023-35936"
},
{
"category": "external",
"summary": "SUSE Bug 1213066 for CVE-2023-35936",
"url": "https://bugzilla.suse.com/1213066"
},
{
"category": "external",
"summary": "SUSE Bug 1213622 for CVE-2023-35936",
"url": "https://bugzilla.suse.com/1213622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.x86_64",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.x86_64",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.x86_64",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-3.1.3-2.1.x86_64",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-devel-3.1.3-2.1.x86_64",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-doc-3.1.3-2.1.x86_64",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.aarch64",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.ppc64le",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.s390x",
"openSUSE Tumbleweed:ghc-pandoc-prof-3.1.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-35936"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…