Advisories ยป MGASA-2017-0244

Updated evince packages fix security vulnerability

Publication date: 05 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-1000083

Description

Felix Wilhelm discovered that Evince did not safely invoke tar when handling
tar comic book (cbt) files. An attacker could use this to construct a malicious
cbt comic book format file that, when opened in Evince, executes arbitrary
code. Please note that this update disables support for cbt files in Evince
(CVE-2017-1000083).
                

References

SRPMS

5/core

6/core