Advisories » MGASA-2023-0181

Updated cmark packages fix security vulnerability

Publication date: 21 May 2023
Modification date: 21 May 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-22484 , CVE-2023-22486

Description

cmark incorrectly handled certain inputs. Fixes quadratic complexity in
handle_close_bracket "![[]()" which may lead to a denial of service
(CVE-2023-22486).
Noting that this also fixes a quadratic parsing issue with repeated comment
tags that was not in a released product but which was assigned a CVE
(CVE-2023-22484).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31885
• https://lists.suse.com/pipermail/sle-security-updates/2023-May/014722.html
• https://github.com/commonmark/cmark/releases/tag/0.30.3
• https://www.cve.org/CVERecord?id=CVE-2023-22484
• https://www.cve.org/CVERecord?id=CVE-2023-22486

SRPMS

8/core

• cmark-0.30.3-1.mga8