Advisories » MGASA-2017-0244

Updated evince packages fix security vulnerability

Publication date: 05 Aug 2017
Modification date: 05 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-1000083

Description

Felix Wilhelm discovered that Evince did not safely invoke tar when handling
tar comic book (cbt) files. An attacker could use this to construct a malicious
cbt comic book format file that, when opened in Evince, executes arbitrary
code. Please note that this update disables support for cbt files in Evince
(CVE-2017-1000083).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21239
• https://usn.ubuntu.com/usn/usn-3351-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000083

SRPMS

5/core

• evince-3.14.2-1.1.mga5

6/core

• evince-3.24.1-1.mga6