Описание
Security update for evince
This update for evince fixes the following issues:
- CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
evince-3.20.1-6.14.1
evince-browser-plugin-3.20.1-6.14.1
evince-lang-3.20.1-6.14.1
evince-plugin-djvudocument-3.20.1-6.14.1
evince-plugin-dvidocument-3.20.1-6.14.1
evince-plugin-pdfdocument-3.20.1-6.14.1
evince-plugin-psdocument-3.20.1-6.14.1
evince-plugin-tiffdocument-3.20.1-6.14.1
evince-plugin-xpsdocument-3.20.1-6.14.1
libevdocument3-4-3.20.1-6.14.1
libevview3-3-3.20.1-6.14.1
nautilus-evince-3.20.1-6.14.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.14.1
typelib-1_0-EvinceView-3_0-3.20.1-6.14.1
SUSE Linux Enterprise Server 12 SP2
evince-3.20.1-6.14.1
evince-browser-plugin-3.20.1-6.14.1
evince-lang-3.20.1-6.14.1
evince-plugin-djvudocument-3.20.1-6.14.1
evince-plugin-dvidocument-3.20.1-6.14.1
evince-plugin-pdfdocument-3.20.1-6.14.1
evince-plugin-psdocument-3.20.1-6.14.1
evince-plugin-tiffdocument-3.20.1-6.14.1
evince-plugin-xpsdocument-3.20.1-6.14.1
libevdocument3-4-3.20.1-6.14.1
libevview3-3-3.20.1-6.14.1
nautilus-evince-3.20.1-6.14.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
evince-3.20.1-6.14.1
evince-browser-plugin-3.20.1-6.14.1
evince-lang-3.20.1-6.14.1
evince-plugin-djvudocument-3.20.1-6.14.1
evince-plugin-dvidocument-3.20.1-6.14.1
evince-plugin-pdfdocument-3.20.1-6.14.1
evince-plugin-psdocument-3.20.1-6.14.1
evince-plugin-tiffdocument-3.20.1-6.14.1
evince-plugin-xpsdocument-3.20.1-6.14.1
libevdocument3-4-3.20.1-6.14.1
libevview3-3-3.20.1-6.14.1
nautilus-evince-3.20.1-6.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
evince-3.20.1-6.14.1
evince-browser-plugin-3.20.1-6.14.1
evince-lang-3.20.1-6.14.1
evince-plugin-djvudocument-3.20.1-6.14.1
evince-plugin-dvidocument-3.20.1-6.14.1
evince-plugin-pdfdocument-3.20.1-6.14.1
evince-plugin-psdocument-3.20.1-6.14.1
evince-plugin-tiffdocument-3.20.1-6.14.1
evince-plugin-xpsdocument-3.20.1-6.14.1
libevdocument3-4-3.20.1-6.14.1
libevview3-3-3.20.1-6.14.1
nautilus-evince-3.20.1-6.14.1
SUSE Linux Enterprise Software Development Kit 12 SP2
evince-devel-3.20.1-6.14.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.14.1
typelib-1_0-EvinceView-3_0-3.20.1-6.14.1
SUSE Linux Enterprise Workstation Extension 12 SP2
typelib-1_0-EvinceDocument-3_0-3.20.1-6.14.1
typelib-1_0-EvinceView-3_0-3.20.1-6.14.1
Ссылки
- Link for SUSE-SU-2017:1893-1
- E-Mail link for SUSE-SU-2017:1893-1
- SUSE Security Ratings
- SUSE Bug 1046856
- SUSE CVE CVE-2017-1000083 page
Описание
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:evince-3.20.1-6.14.1
SUSE Linux Enterprise Desktop 12 SP2:evince-browser-plugin-3.20.1-6.14.1
SUSE Linux Enterprise Desktop 12 SP2:evince-lang-3.20.1-6.14.1
SUSE Linux Enterprise Desktop 12 SP2:evince-plugin-djvudocument-3.20.1-6.14.1
Ссылки
- CVE-2017-1000083
- SUSE Bug 1046856