[ALSA-2022:5597] Important: pandoc security update
Type:
security
Severity:
important
Release date:
2022-07-20
Description:
Pandoc is a markdown/markup conversion tool. The version of pandoc in AlmaLinux 8 CRB uses cmark-gfm (GitHub's extended version of the C reference implementation of CommonMark) for parts of its conversion. The update, fixes CVE-2022-24724: an integer overflow in cmark-gfm's table row parsing which may lead to heap memory corruption when parsing tables with more than UINT16_MAX columns. Security Fix(es): * cmark-gfm: possible RCE due to integer overflow (CVE-2022-24724) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 pandoc-2.0.6-6.el8_6.aarch64.rpm 6c5790242c3966687a1a16651f7db0c7c501ce4ca529e611362aceacbbe1a629
noarch pandoc-common-2.0.6-6.el8_6.noarch.rpm a3fb4e68ad8d9bdef8259adffa7bf07b188e8b789da3e57bab0dfaed7ceb583d
ppc64le pandoc-2.0.6-6.el8_6.ppc64le.rpm edd955de3c33648b0f46ae9ae476080a25497dfd7131fa819c31040c840c8d93
x86_64 pandoc-2.0.6-6.el8_6.x86_64.rpm 6287e245278932cfa8cddc5f5fdb0b842ed66c771ae438fab9267eccf78e9808
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.