Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in evince
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in evince
ID: USN-1347-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04
Datum: Mi, 25. Januar 2012, 23:04
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433
Applikationen: evince

Originalnachricht


--===============2759733552460138861==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-h/PBXggTaFoVjiepWjc4"


--=-h/PBXggTaFoVjiepWjc4
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1347-1
January 25, 2012

evince vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

Evince could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- evince: Document viewer

Details:

It was discovered that Evince did not properly parse AFM font files when
processing DVI files. If a user were tricked into opening a specially
crafted DVI file, an attacker could cause Evince to crash or potentially
execute arbitrary code with the privileges of the user invoking the
program.

In the default installation, attackers would be isolated by the Evince
AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
libevdocument3 2.32.0-0ubuntu12.4

Ubuntu 10.10:
libevdocument3 2.32.0-0ubuntu1.2

Ubuntu 10.04 LTS:
libevdocument2 2.30.3-0ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1347-1
CVE-2011-0433

Package Information:
https://launchpad.net/ubuntu/+source/evince/2.32.0-0ubuntu12.4
https://launchpad.net/ubuntu/+source/evince/2.32.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/evince/2.30.3-0ubuntu1.3



--Ñ/PBXggTaFoVjiepWjc4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPIGQsAAoJEFHb3FjMVZVzX5QP/3EDF7AskFKi0k/ouSTIXDMr
0R2Cd7ls8E6jq8oklBFxAl3ojW0rl6/pPFQji35aEU4pMdfzAwmM9FdY4yWZSk54
XmGxwKGphchz2qwwM92WoLfhNY0Z22zA/1cBSRpz5BJVpA51bcnS4Wymv+w44Yxp
IvPw+oNE8DfVhrHbA89YPHF8YJs2mUS1/j4af9NOhcyCUXk63rX3Jnyfkr5ZMBoK
bEAtC77KE+BYDN+LwtI5Y1w9iiII+stU8+fPXPltTzfKWXIg33cJswtH8KZCpWKY
7c3gv1LG8sE7fJKmopffwgPSI7oEgH38rY/Du5LL1Khd3xvvu/SnbB+Fd07uPDZf
V6oIOveB1luDl8zpXt5Fr9m2maqIF1QSeiSu6yxaKGKyrPksoj//09jdU9t/mZL5
tMoD9YCm8fsanKqn2NwQHvQyRIDnbP752wkWnVgQG2HRqQBDcaXa24DivSsaBT60
wybcG4+pcsL6UNfSql9wNIz2F5Lm/d0iqJyp3B79qMFbOGPazmelRCmtMhx0JqO9
nj4BMXmeZ2P/TuGgU1cPmMm562jbfK4ns2YGsREC5sR6AAytmLXbe8Y0s/5lnK7l
LA3jvnVOZyiVon8AcSdp6c4Cz3/ZJ2p0vH3JFtPCKSgZ3c0aCaPmdc1H0Zqzq8yT
uooD14mFS47/5HCCRlMw
=b+Rx
-----END PGP SIGNATURE-----

--=-h/PBXggTaFoVjiepWjc4--



--===============2759733552460138861==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2759733552460138861==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung