Description:
Pandoc is a markdown/markup conversion tool. The version of pandoc in AlmaLinux 8 CRB uses cmark-gfm (GitHub's extended version of the C reference implementation of CommonMark) for parts of its conversion. The update, fixes CVE-2022-24724: an integer overflow in cmark-gfm's table row parsing which may lead to heap memory corruption when parsing tables with more than UINT16_MAX columns.
Security Fix(es):
* cmark-gfm: possible RCE due to integer overflow (CVE-2022-24724)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture |
Package |
Checksum |
aarch64 |
pandoc-2.0.6-6.el8_6.aarch64.rpm |
6c5790242c3966687a1a16651f7db0c7c501ce4ca529e611362aceacbbe1a629 |
noarch |
pandoc-common-2.0.6-6.el8_6.noarch.rpm |
a3fb4e68ad8d9bdef8259adffa7bf07b188e8b789da3e57bab0dfaed7ceb583d |
ppc64le |
pandoc-2.0.6-6.el8_6.ppc64le.rpm |
edd955de3c33648b0f46ae9ae476080a25497dfd7131fa819c31040c840c8d93 |
x86_64 |
pandoc-2.0.6-6.el8_6.x86_64.rpm |
6287e245278932cfa8cddc5f5fdb0b842ed66c771ae438fab9267eccf78e9808 |