2017-07-28
ALT-BU-2017-3263-1
Branch sisyphus update bulletin.
Closed bugs
Просьба обновить до 6.3
Closed vulnerabilities
Published: 2017-07-13
BDU:2018-00111
Уязвимость программного средства просмотра документов Evince, связанная с непринятием мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольные команды
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2017-09-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://seclists.org/oss-sec/2017/q3/128
- http://seclists.org/oss-sec/2017/q3/128
- DSA-3911
- DSA-3911
- 99597
- 99597
- RHSA-2017:2388
- RHSA-2017:2388
- https://bugzilla.gnome.org/show_bug.cgi?id=784630
- https://bugzilla.gnome.org/show_bug.cgi?id=784630
- https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee
- https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee
- 45824
- 45824
- 46341
- 46341
Package alterator-x11 updated to version 1.98.13-alt1 for branch sisyphus in task 185910.
Closed bugs
Не создаёт временный xorg.conf