drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in evince
Name: |
Ausführen beliebiger Kommandos in evince |
|
ID: |
USN-1347-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Mi, 25. Januar 2012, 23:04 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433 |
|
Applikationen: |
evince |
|
Originalnachricht |
--===============2759733552460138861== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-h/PBXggTaFoVjiepWjc4"
--=-h/PBXggTaFoVjiepWjc4 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1347-1 January 25, 2012
evince vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
Evince could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - evince: Document viewer
Details:
It was discovered that Evince did not properly parse AFM font files when processing DVI files. If a user were tricked into opening a specially crafted DVI file, an attacker could cause Evince to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
In the default installation, attackers would be isolated by the Evince AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: libevdocument3 2.32.0-0ubuntu12.4
Ubuntu 10.10: libevdocument3 2.32.0-0ubuntu1.2
Ubuntu 10.04 LTS: libevdocument2 2.30.3-0ubuntu1.3
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1347-1 CVE-2011-0433
Package Information: https://launchpad.net/ubuntu/+source/evince/2.32.0-0ubuntu12.4 https://launchpad.net/ubuntu/+source/evince/2.32.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/evince/2.30.3-0ubuntu1.3
--Ñ/PBXggTaFoVjiepWjc4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPIGQsAAoJEFHb3FjMVZVzX5QP/3EDF7AskFKi0k/ouSTIXDMr 0R2Cd7ls8E6jq8oklBFxAl3ojW0rl6/pPFQji35aEU4pMdfzAwmM9FdY4yWZSk54 XmGxwKGphchz2qwwM92WoLfhNY0Z22zA/1cBSRpz5BJVpA51bcnS4Wymv+w44Yxp IvPw+oNE8DfVhrHbA89YPHF8YJs2mUS1/j4af9NOhcyCUXk63rX3Jnyfkr5ZMBoK bEAtC77KE+BYDN+LwtI5Y1w9iiII+stU8+fPXPltTzfKWXIg33cJswtH8KZCpWKY 7c3gv1LG8sE7fJKmopffwgPSI7oEgH38rY/Du5LL1Khd3xvvu/SnbB+Fd07uPDZf V6oIOveB1luDl8zpXt5Fr9m2maqIF1QSeiSu6yxaKGKyrPksoj//09jdU9t/mZL5 tMoD9YCm8fsanKqn2NwQHvQyRIDnbP752wkWnVgQG2HRqQBDcaXa24DivSsaBT60 wybcG4+pcsL6UNfSql9wNIz2F5Lm/d0iqJyp3B79qMFbOGPazmelRCmtMhx0JqO9 nj4BMXmeZ2P/TuGgU1cPmMm562jbfK4ns2YGsREC5sR6AAytmLXbe8Y0s/5lnK7l LA3jvnVOZyiVon8AcSdp6c4Cz3/ZJ2p0vH3JFtPCKSgZ3c0aCaPmdc1H0Zqzq8yT uooD14mFS47/5HCCRlMw =b+Rx -----END PGP SIGNATURE-----
--=-h/PBXggTaFoVjiepWjc4--
--===============2759733552460138861== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2759733552460138861==--
|
|
|
|