libxreaderdocument3-4.0.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13632-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libxreaderdocument3-4.0.2-1.1 on GA media These are all security issues fixed in the libxreaderdocument3-4.0.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13632 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-44451/ SUSE CVE CVE-2023-44451 page https://www.suse.com/security/cve/CVE-2023-44452/ SUSE CVE CVE-2023-44452 page openSUSE Tumbleweed libxreaderdocument3-4.0.2-1.1 libxreaderview3-4.0.2-1.1 typelib-1_0-XreaderDocument-1_5-4.0.2-1.1 typelib-1_0-XreaderView-1_5-4.0.2-1.1 xreader-4.0.2-1.1 xreader-devel-4.0.2-1.1 xreader-lang-4.0.2-1.1 xreader-plugin-comicsdocument-4.0.2-1.1 xreader-plugin-djvudocument-4.0.2-1.1 xreader-plugin-dvidocument-4.0.2-1.1 xreader-plugin-epubdocument-4.0.2-1.1 xreader-plugin-pdfdocument-4.0.2-1.1 xreader-plugin-pixbufdocument-4.0.2-1.1 xreader-plugin-psdocument-4.0.2-1.1 xreader-plugin-tiffdocument-4.0.2-1.1 xreader-plugin-xpsdocument-4.0.2-1.1 libxreaderdocument3-4.0.2-1.1 as a component of openSUSE Tumbleweed libxreaderview3-4.0.2-1.1 as a component of openSUSE Tumbleweed typelib-1_0-XreaderDocument-1_5-4.0.2-1.1 as a component of openSUSE Tumbleweed typelib-1_0-XreaderView-1_5-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-devel-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-lang-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-plugin-comicsdocument-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-plugin-djvudocument-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-plugin-dvidocument-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-plugin-epubdocument-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-plugin-pdfdocument-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-plugin-pixbufdocument-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-plugin-psdocument-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-plugin-tiffdocument-4.0.2-1.1 as a component of openSUSE Tumbleweed xreader-plugin-xpsdocument-4.0.2-1.1 as a component of openSUSE Tumbleweed Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EPUB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21897. CVE-2023-44451 openSUSE Tumbleweed:libxreaderdocument3-4.0.2-1.1 openSUSE Tumbleweed:libxreaderview3-4.0.2-1.1 openSUSE Tumbleweed:typelib-1_0-XreaderDocument-1_5-4.0.2-1.1 openSUSE Tumbleweed:typelib-1_0-XreaderView-1_5-4.0.2-1.1 openSUSE Tumbleweed:xreader-4.0.2-1.1 openSUSE Tumbleweed:xreader-devel-4.0.2-1.1 openSUSE Tumbleweed:xreader-lang-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-comicsdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-djvudocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-dvidocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-epubdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-pdfdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-pixbufdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-psdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-tiffdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-xpsdocument-4.0.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-44451.html CVE-2023-44451 https://bugzilla.suse.com/1218298 SUSE Bug 1218298 Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CBT files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22132. CVE-2023-44452 openSUSE Tumbleweed:libxreaderdocument3-4.0.2-1.1 openSUSE Tumbleweed:libxreaderview3-4.0.2-1.1 openSUSE Tumbleweed:typelib-1_0-XreaderDocument-1_5-4.0.2-1.1 openSUSE Tumbleweed:typelib-1_0-XreaderView-1_5-4.0.2-1.1 openSUSE Tumbleweed:xreader-4.0.2-1.1 openSUSE Tumbleweed:xreader-devel-4.0.2-1.1 openSUSE Tumbleweed:xreader-lang-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-comicsdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-djvudocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-dvidocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-epubdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-pdfdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-pixbufdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-psdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-tiffdocument-4.0.2-1.1 openSUSE Tumbleweed:xreader-plugin-xpsdocument-4.0.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-44452.html CVE-2023-44452 https://bugzilla.suse.com/1218299 SUSE Bug 1218299