Advisories » MGASA-2017-0450

Updated evince packages fix security vulnerability

Publication date: 16 Dec 2017
Modification date: 16 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-1000159

Description

It was discovered that Evince incorrectly handled printing certain DVI
files. If a user were tricked into opening and printing a specially-named
DVI file, an attacker could use this issue to execute arbitrary code
(CVE-2017-1000159)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22131
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000159
• https://usn.ubuntu.com/usn/usn-3503-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000159

SRPMS

6/core

• evince-3.24.1-2.mga6

5/core

• evince-3.14.2-2.1.mga5