Advisories » MGASA-2018-0389

Updated okular packages fix security vulnerability

Publication date: 21 Sep 2018
Modification date: 21 Sep 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000801

Description

okular version 18.08 and earlier contains a Directory Traversal
vulnerability in function "unpackDocumentArchive(...)" in
"core/document.cpp" that can result in Arbitrary file creation on the user
workstation. This attack appear to be exploitable via he victim must open
a specially crafted Okular archive (CVE-2018-1000801).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23562
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YYAUHZUZOJFM57K33S2TT4PJT33WY7W3/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000801

SRPMS

6/core

• okular-17.12.2-1.1.mga6