Bugzilla – Bug 1212065
VUL-0: CVE-2023-33733: python-reportlab: arbitrary code via supplying a crafted PDF file.
Last modified: 2023-08-02 18:08:02 UTC
CVE-2023-33733 Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33733 https://www.cve.org/CVERecord?id=CVE-2023-33733 https://cure53.de/ https://github.com/c53elyas/CVE-2023-33733 https://www.linkedin.com/in/elyas-damej-714b7269/
Upstream fix: https://hg.reportlab.com/hg-public/reportlab/rev/324a3d0392d5 Don't know if this commit is also necessary or not: https://hg.reportlab.com/hg-public/reportlab/rev/5b56ae4f05ee Affected: - SUSE:SLE-12:Update - SUSE:SLE-15:Update - openSUSE:Factory
SUSE-SU-2023:2561-1: An update that solves one vulnerability can now be installed. Category: security (critical) Bug References: 1212065 CVE References: CVE-2023-33733 Sources used: SUSE Package Hub 15 15-SP4 (src): python-reportlab-3.4.0-150000.3.9.1 SUSE Package Hub 15 15-SP5 (src): python-reportlab-3.4.0-150000.3.9.1 openSUSE Leap 15.4 (src): python-reportlab-3.4.0-150000.3.9.1 openSUSE Leap 15.5 (src): python-reportlab-3.4.0-150000.3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2688-1: An update that solves one vulnerability and has one fix can now be installed. Category: security (critical) Bug References: 1212065, 1212527 CVE References: CVE-2023-33733 Sources used: SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): python-reportlab-2.7-3.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done