Mageia Advisory: MGASA-2024-0224 - Updated atril packages fix security vulnerability

Updated atril packages fix security vulnerability

Publication date: 15 Jun 2024
Modification date: 15 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52076

Description

Atril Document Viewer is the default document reader of the MATE desktop
environment for Linux. A path traversal and arbitrary file write
vulnerability exists in versions of Atril prior to 1.26.2. This
vulnerability is capable of writing arbitrary files anywhere on the
filesystem to which the user opening a crafted document has access. The
only limitation is that this vulnerability cannot be exploited to
overwrite existing files, but that doesn't stop an attacker from
achieving Remote Command Execution on the target system.
(CVE-2023-52076)

References

https://bugs.mageia.org/show_bug.cgi?id=33282
https://ubuntu.com/security/notices/USN-6808-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52076

SRPMS

9/core

atril-1.26.1-1.1.mga9

Advisories » MGASA-2024-0224

Updated atril packages fix security vulnerability

Description

References

SRPMS

9/core