<patchinfo> <!-- generated from request(s) 330340, 343369, 343371, 337295, 333534, 336653, 343441, 333415 --> <issue tracker="bnc" id="1188902">[Build 20210728] qgis failed to build</issue> <issue tracker="bnc" id="1204822">VUL-0: CVE-2022-3725: wireshark: integer overflow in the OPUS dissector leads to stack buffer overflow</issue> <issue tracker="bnc" id="1209410">VUL-0: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output</issue> <issue tracker="bnc" id="1209411">VUL-0: CVE-2023-28100: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console</issue> <issue tracker="bnc" id="1212037">IceWM gnome-terminal delayed startup when xdg-portal-desktop-gnome and xdg-portal-desktop-gtk are installed</issue> <issue tracker="bnc" id="1212476">patch shebang line match the python version required in the package</issue> <issue tracker="bnc" id="1218219">VUL-0: CVE-2023-50980: libcryptopp: DoS via malformed DER public key file</issue> <issue tracker="bnc" id="1218222">VUL-0: CVE-2023-50981: libcryptopp: issue on ModularSquareRoot function leads to potential DoS</issue> <issue tracker="bnc" id="1220181">VUL-0: CVE-2024-24476: wireshark: Buffer Overflow via pan/addr_resolv.c and ws_manuf_lookup_str() results in Denial of Service</issue> <issue tracker="bnc" id="1220591">[SELinux] flatpak: "Warning: Failed to get revokefs-fuse socket from system-helper" with selinux in enforcing during install/update</issue> <issue tracker="bnc" id="1221662">VUL-0: flatpak: Flathub repository is enabled by default</issue> <issue tracker="bnc" id="1221687">GCC 14: ghostscript package fails</issue> <issue tracker="bnc" id="1222030">VUL-0: CVE-2024-2955: wireshark: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file</issue> <issue tracker="bnc" id="1223110">VUL-0: CVE-2024-32462: flatpak,xdg-desktop-portal: sandbox escape via RequestBackground portal</issue> <issue tracker="bnc" id="1223852">VUL-0: CVE-2023-52722: ghostscript: eexec seeds other than the Type 1 standard are allowed while using SAFER mode</issue> <issue tracker="bnc" id="1224259">VUL-0: CVE-2024-4853: wireshark: memory handling issue in editcap could cause denial of service via crafted capture file</issue> <issue tracker="bnc" id="1224274">VUL-0: CVE-2024-4854: wireshark: MONGO and ZigBee TLV dissector infinite loops via packet injection or crafted capture file</issue> <issue tracker="bnc" id="1224276">VUL-0: CVE-2024-4855: wireshark: use-after-free issue in editcap could cause denial of service via crafted capture file</issue> <issue tracker="bnc" id="1225491">VUL-0: CVE-2024-33871: ghostscript,ghostscript-library: ghostscript: OPVP device arbitrary code execution via custom Driver library</issue> <issue tracker="bnc" id="1226020">VUL-0: CVE-2024-5171: libaom: heap buffer overflow in img_alloc_helper() caused by integer overflow</issue> <issue tracker="bnc" id="1226916">VUL-0: CVE-2024-6239: poppler,poppler-qt: crash when using pdfinfo with -dests parameter on malformed input files</issue> <issue tracker="bnc" id="1226944">VUL-0: CVE-2024-33870: ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths</issue> <issue tracker="bnc" id="1226945">VUL-0: CVE-2024-29510: ghostscript,ghostscript-library: format string injection leads to shell command execution (SAFER bypass)</issue> <issue tracker="bnc" id="1226946">VUL-0: CVE-2024-33869: ghostscript: path traversal and command execution due to path reduction</issue> <issue tracker="bnc" id="1229157">VUL-0: CVE-2024-42472: flatpak: access to files outside sandbox for apps using persistent= (--persist)</issue> <issue tracker="bnc" id="1229907">VUL-0: CVE-2024-8250: wireshark: NTLMSSP dissector crash</issue> <issue tracker="cve" id="2022-3725"/> <issue tracker="cve" id="2023-28100"/> <issue tracker="cve" id="2023-28101"/> <issue tracker="cve" id="2023-50980"/> <issue tracker="cve" id="2023-50981"/> <issue tracker="cve" id="2023-52722"/> <issue tracker="cve" id="2024-2955"/> <issue tracker="cve" id="2024-4853"/> <issue tracker="cve" id="2024-4854"/> <issue tracker="cve" id="2024-4855"/> <issue tracker="cve" id="2024-5171"/> <issue tracker="cve" id="2024-6239"/> <issue tracker="cve" id="2024-8250"/> <issue tracker="cve" id="2024-24476"/> <issue tracker="cve" id="2024-29510"/> <issue tracker="cve" id="2024-32462"/> <issue tracker="cve" id="2024-33869"/> <issue tracker="cve" id="2024-33870"/> <issue tracker="cve" id="2024-33871"/> <issue tracker="cve" id="2024-42472"/> <issue tracker="jsc" id="PED-8517"/> <packager>pgajdos</packager> <rating>critical</rating> <category>security</category> <summary>Security update for ghostscript, bubblewrap, libaom, poppler, libcryptopp, xdg-desktop-portal, wireshark, flatpak</summary> <description>This update for ghostscript, bubblewrap, libaom, poppler, libcryptopp, xdg-desktop-portal, wireshark, flatpak fixes the following issues: bubblewrap: - Update to version v0.10.0: flatpak: - Update to version 1.15.10: ghostscript: - Version upgrade to 10.03.1: libaom: fix CVE-2024-5171 [bsc#1226020], heap buffer overflow in img_alloc_helper() caused by integer overflow libcryptopp: fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file fix CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS poppler: fix CVE-2024-6239 [bsc#1226916], crash when using pdfinfo with -dests parameter on malformed input files wireshark: - Wireshark 4.2.7: xdg-desktop-portal: - update to 1.18.4: </description> <package>bubblewrap</package> <package>flatpak</package> <package>ghostscript</package> <package>libaom</package> <package>libaom:doc</package> <package>libcryptopp</package> <package>poppler</package> <package>poppler:qt5</package> <package>poppler:qt6</package> <package>wireshark</package> <package>xdg-desktop-portal</package> <seperate_build_arch/> </patchinfo>