openSUSE-SU-2018:2733-2

Опубликовано: 15 сент. 2018

Источник: suse-cvrf

Описание

Security update for okular

This update for okular fixes the following security issue:

CVE-2018-1000801: Prevent directory traversal vulnerability in function unpackDocumentArchive could have resulted in arbitrary file creation via a specially crafted Okular archive (bsc#1107591).

Список пакетов

SUSE Package Hub for SUSE Linux Enterprise 12 SP3

okular-17.12.3-bp150.3.3.1

okular-devel-17.12.3-bp150.3.3.1

okular-lang-17.12.3-bp150.3.3.1

SUSE Package Hub for SUSE Linux Enterprise 15

okular-17.12.3-bp150.3.3.1

okular-devel-17.12.3-bp150.3.3.1

okular-lang-17.12.3-bp150.3.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00052.html
E-Mail link for openSUSE-SU-2018:2733-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

Затронутые продукты

SUSE Package Hub for SUSE Linux Enterprise 12 SP3:okular-17.12.3-bp150.3.3.1

SUSE Package Hub for SUSE Linux Enterprise 12 SP3:okular-devel-17.12.3-bp150.3.3.1

SUSE Package Hub for SUSE Linux Enterprise 12 SP3:okular-lang-17.12.3-bp150.3.3.1

SUSE Package Hub for SUSE Linux Enterprise 15:okular-17.12.3-bp150.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000801.html
CVE-2018-1000801
https://bugzilla.suse.com/1107591
SUSE Bug 1107591

openSUSE-SU-2018:2733-2

Описание

Список пакетов

SUSE Package Hub for SUSE Linux Enterprise 12 SP3

SUSE Package Hub for SUSE Linux Enterprise 15

Ссылки

Уязвимость: CVE-2018-1000801

Описание

Затронутые продукты

Ссылки