1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202408-29 ] MuPDF: Multiple Vulnerabilities

    From glsamaker@gentoo.org@21:1/5 to All on Mon Aug 12 09:20:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202408-29
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: MuPDF: Multiple Vulnerabilities
    Date: August 12, 2024
    Bugs: #803305
    ID: 202408-29

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in MuPDF, the worst of
    which could lead to arbitrary code execution.

    Background
    ==========

    A lightweight PDF, XPS, and E-book viewer.

    Affected packages
    =================

    Package Vulnerable Unaffected
    -------------- ------------ ------------
    app-text/mupdf < 1.20.0 >= 1.20.0

    Description
    ===========

    Multiple vulnerabilities have been discovered in MuPDF. Please review
    the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All MuPDF users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.20.0"

    References
    ==========

    [ 1 ] CVE-2021-4216
    https://nvd.nist.gov/vuln/detail/CVE-2021-4216
    [ 2 ] CVE-2021-37220
    https://nvd.nist.gov/vuln/detail/CVE-2021-37220

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202408-29

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAma5tyMACgkQFMQkOaVy +9n6iA/9FeBQjDyDX2paxdkPReXW4LFVqkxgYbJvdSUKqDuBCZcHitmBExoS8mUS BGv8yresSvi5N5NwDFVc6LJbIK4DfHf/81YaSBhek9g8YsieD2JusMJAD+4bWIyw ilYl1ik0r/j+3mkD3zzEEv1lOT1cL/1+DdiW21Xg0r8Xcj+FUB06dAwXgf8J3qfj rBvgEQ5m5o+VyR2vyfzwY9RUV2xPNQmxokvZjXhVXaHZpus8eZ6M74ZiSkqf6UoJ jP5GC+Za5qCR+SI8aCFVZ+y/V87MuxAYuXbhdox9+H3dK9tZLRrHEdjv/JsbxJw2 3liHGFQ6cMopIh/9cp7e7ZpG7dMmOGgT94WbYmAJVIw5qGHEGP/yKenjvP0tvVjR AGxIFCQ3TP4IMYCYEjSNl1D6F+RsDb8UC40KKBNXwel23/VT0pfjyBU0RSGiQ6gj l6x3ivrTqfNVNUYRX0xsZILicYt6pxBuenCh5lhGeLINvY9CNzhkQ6Yj7gAXqU1F ekTlXU10zFQbywgP1o4jsbv5Le0iektR9wJ0x1KrIjknuBP7jcQOXoYCNZJKcIZT kZRJIOWy9IIWu3X2cb9c3GYJMeXc2a8nzzL3Qd7Xcq3AUyFCdwYFPOdypKBrkyT/ 4nyJDovso4JTdAf3aSaiikalUR4Wa7f0rqF3TSTrNwiJaQfrTH0=
    =tkdJ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)