Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-2388

Опубликовано: 09 авг. 2017
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2017-2388: evince security update (IMPORTANT)

[3.22.1-5.2]

  • Related: #1469528 ensure .desktop file is still valid

[3.22.1-5.1]

  • Fix arbitrary code execution via filename in tar-compressed comics archive
  • Resolves: #1469528

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

evince

3.22.1-5.2.el7_4

evince-browser-plugin

3.22.1-5.2.el7_4

evince-devel

3.22.1-5.2.el7_4

evince-dvi

3.22.1-5.2.el7_4

evince-libs

3.22.1-5.2.el7_4

evince-nautilus

3.22.1-5.2.el7_4

Oracle Linux x86_64

evince

3.22.1-5.2.el7_4

evince-browser-plugin

3.22.1-5.2.el7_4

evince-devel

3.22.1-5.2.el7_4

evince-dvi

3.22.1-5.2.el7_4

evince-libs

3.22.1-5.2.el7_4

evince-nautilus

3.22.1-5.2.el7_4

Связанные CVE

CVE-2017-1000083

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2017-1000083

CVSS3: 7.8
ubuntu
больше 8 лет назад

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

redhat логотип

CVE-2017-1000083

CVSS3: 7.1
redhat
больше 8 лет назад

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

nvd логотип

CVE-2017-1000083

CVSS3: 7.8
nvd
больше 8 лет назад

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

debian логотип

CVE-2017-1000083

CVSS3: 7.8
debian
больше 8 лет назад

backend/comics/comics-document.c (aka the comic book backend) in GNOME ...

suse-cvrf логотип

openSUSE-SU-2017:3431-1

suse-cvrf
около 8 лет назад

Security update for evince