moderate: python-configobj/qpdf security update
moderate
An update for python-configobj/qpdf is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
python-configobj:
qpdf:
Security Fix(es):
python-configobj: A flaw was found in python-configobj via the Validator function at python-configobj/validate.py. This issue only occurs in the case of a developer putting the offending value in a server side configuration file, which could lead to a Regular Expression Denial of Service (ReDoS).(CVE-2023-26112)
python-configobj: bugfix
qpdf: A flaw was found in qpdf. Processing a specially crafted JSON file using the --json-input command line option may lead to a heap-based buffer over-read, resulting in an application crash.(CVE-2024-24246)
qpdf: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.