Updated calibre packages fix security vulnerability
Publication date: 19 Oct 2018Modification date: 20 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-7889
Description
Updated calibre package fixes security vulnerability: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call (CVE-2018-7889). The python-html5-parser package is a new dependency for the updated calibre package and has been included with this update.
References
SRPMS
6/core
- calibre-3.27.1-2.mga6
- python-html5-parser-0.4.4-1.1.mga6
- python-lxml-3.8.0-1.1.mga6