openSUSE-SU-2017:1933-1

Опубликовано: 24 июл. 2017

Источник: suse-cvrf

Описание

Security update for evince

This update for evince fixes the following issues:

CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

evince-3.20.1-2.3.1

evince-browser-plugin-3.20.1-2.3.1

evince-devel-3.20.1-2.3.1

evince-lang-3.20.1-2.3.1

evince-plugin-comicsdocument-3.20.1-2.3.1

evince-plugin-djvudocument-3.20.1-2.3.1

evince-plugin-dvidocument-3.20.1-2.3.1

evince-plugin-pdfdocument-3.20.1-2.3.1

evince-plugin-psdocument-3.20.1-2.3.1

evince-plugin-tiffdocument-3.20.1-2.3.1

evince-plugin-xpsdocument-3.20.1-2.3.1

libevdocument3-4-3.20.1-2.3.1

libevview3-3-3.20.1-2.3.1

nautilus-evince-3.20.1-2.3.1

typelib-1_0-EvinceDocument-3_0-3.20.1-2.3.1

typelib-1_0-EvinceView-3_0-3.20.1-2.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00045.html
E-Mail link for openSUSE-SU-2017:1933-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

Затронутые продукты

openSUSE Leap 42.2:evince-3.20.1-2.3.1

openSUSE Leap 42.2:evince-browser-plugin-3.20.1-2.3.1

openSUSE Leap 42.2:evince-devel-3.20.1-2.3.1

openSUSE Leap 42.2:evince-lang-3.20.1-2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-1000083.html
CVE-2017-1000083
https://bugzilla.suse.com/1046856
SUSE Bug 1046856

openSUSE-SU-2017:1933-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-1000083

Описание

Затронутые продукты

Ссылки