drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in evince
| Name: |
Ausführen beliebiger Kommandos in evince |
|
| ID: |
USN-1347-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
| Datum: |
Mi, 25. Januar 2012, 23:04 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433 |
|
| Applikationen: |
evince |
|
Originalnachricht |
--===============2759733552460138861==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-h/PBXggTaFoVjiepWjc4"
--=-h/PBXggTaFoVjiepWjc4
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1347-1
January 25, 2012
evince vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Evince could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- evince: Document viewer
Details:
It was discovered that Evince did not properly parse AFM font files when
processing DVI files. If a user were tricked into opening a specially
crafted DVI file, an attacker could cause Evince to crash or potentially
execute arbitrary code with the privileges of the user invoking the
program.
In the default installation, attackers would be isolated by the Evince
AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
libevdocument3 2.32.0-0ubuntu12.4
Ubuntu 10.10:
libevdocument3 2.32.0-0ubuntu1.2
Ubuntu 10.04 LTS:
libevdocument2 2.30.3-0ubuntu1.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1347-1
CVE-2011-0433
Package Information:
https://launchpad.net/ubuntu/+source/evince/2.32.0-0ubuntu12.4
https://launchpad.net/ubuntu/+source/evince/2.32.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/evince/2.30.3-0ubuntu1.3
--Ñ/PBXggTaFoVjiepWjc4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPIGQsAAoJEFHb3FjMVZVzX5QP/3EDF7AskFKi0k/ouSTIXDMr
0R2Cd7ls8E6jq8oklBFxAl3ojW0rl6/pPFQji35aEU4pMdfzAwmM9FdY4yWZSk54
XmGxwKGphchz2qwwM92WoLfhNY0Z22zA/1cBSRpz5BJVpA51bcnS4Wymv+w44Yxp
IvPw+oNE8DfVhrHbA89YPHF8YJs2mUS1/j4af9NOhcyCUXk63rX3Jnyfkr5ZMBoK
bEAtC77KE+BYDN+LwtI5Y1w9iiII+stU8+fPXPltTzfKWXIg33cJswtH8KZCpWKY
7c3gv1LG8sE7fJKmopffwgPSI7oEgH38rY/Du5LL1Khd3xvvu/SnbB+Fd07uPDZf
V6oIOveB1luDl8zpXt5Fr9m2maqIF1QSeiSu6yxaKGKyrPksoj//09jdU9t/mZL5
tMoD9YCm8fsanKqn2NwQHvQyRIDnbP752wkWnVgQG2HRqQBDcaXa24DivSsaBT60
wybcG4+pcsL6UNfSql9wNIz2F5Lm/d0iqJyp3B79qMFbOGPazmelRCmtMhx0JqO9
nj4BMXmeZ2P/TuGgU1cPmMm562jbfK4ns2YGsREC5sR6AAytmLXbe8Y0s/5lnK7l
LA3jvnVOZyiVon8AcSdp6c4Cz3/ZJ2p0vH3JFtPCKSgZ3c0aCaPmdc1H0Zqzq8yT
uooD14mFS47/5HCCRlMw
=b+Rx
-----END PGP SIGNATURE-----
--=-h/PBXggTaFoVjiepWjc4--
--===============2759733552460138861==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2759733552460138861==--
|
|
|
|
