Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Atril
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Atril
ID: USN-7274-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS
Datum: Di, 18. Februar 2025, 22:35
Referenzen: https://www.cve.org/CVERecord?id=CVE-2019-1010006
https://www.cve.org/CVERecord?id=CVE-2023-51698
https://www.cve.org/CVERecord?id=CVE-2019-11459
Applikationen: Mate

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4717109544398122959==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------ohw2wcffmOj0JLfSZv6V6nTX"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------ohw2wcffmOj0JLfSZv6V6nTX
Content-Type: multipart/mixed;
 boundary="------------kBc8pLOnQexiqVqjpGy0Gkig";
 protected-headers="v1"
From: Allen Huang <allen.huang@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <f5b0bf4b-9230-4c71-a90b-e43e058271e5@canonical.com>
Subject: [USN-7274-1] Atril vulnerabilities

--------------kBc8pLOnQexiqVqjpGy0Gkig
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7274-1
February 18, 2025

atril vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Atril could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- atril: Official Document Viewer of the MATE Desktop Environment

Details:

It was discovered that Atril incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service
or to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2019-1010006)

Andy Nguyen discovered that Atril incorrectly handled certain images. An
attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 16.04 LTS. (CVE-2019-11459)

Febin Mon Saji discovered that Atril incorrectly handled certain
compressed files. A remote attacker could possibly use this issue to
cause a denial of service or to execute arbitrary code. (CVE-2023-51698)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   atril                           1.26.0-1ubuntu1.2
   atril-common                    1.26.0-1ubuntu1.2
   libatrildocument3               1.26.0-1ubuntu1.2

Ubuntu 20.04 LTS
   atril                           1.24.0-1ubuntu0.2
   atril-common                    1.24.0-1ubuntu0.2
   libatrildocument3               1.24.0-1ubuntu0.2

Ubuntu 18.04 LTS
   atril                           1.20.1-2ubuntu2+esm2
                                   Available with Ubuntu Pro
   atril-common                    1.20.1-2ubuntu2+esm2
                                   Available with Ubuntu Pro
   libatrildocument3               1.20.1-2ubuntu2+esm2
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7274-1
   CVE-2019-1010006, CVE-2019-11459, CVE-2023-51698

Package Information:
   https://launchpad.net/ubuntu/+source/atril/1.26.0-1ubuntu1.2
   https://launchpad.net/ubuntu/+source/atril/1.24.0-1ubuntu0.2

--------------kBc8pLOnQexiqVqjpGy0Gkig--

--------------ohw2wcffmOj0JLfSZv6V6nTX
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEhC9y9XdAFQPCvYXchGmXSGiknnUFAme09Q8FAwAAAAAACgkQhGmXSGiknnWU
BQ//TiiETAlyLQ9E/VFhq/atckFL+kr510b6skvQuyUKXQ7tjsAYcIit170q8RWOk5mdF5Efth0J
3PSOfKcKoQoiLovUgCUCcnowjMhZhN3xyhk6bAs4gxUHW4HqEiri7AGuPGdSd7qy1hOmVKRUDYn1
r4CS06k609bxJ7Pg4POo/Z8aEgHJT4vV3+sGzrmLw6SHquW2PXwxM6d1NDXRaw6tdHeG7XhX6wuZ
ikN7tQc+x+USfIZFjjG4YkcxJJjoivKbZctcmduAd/9/UHqi3lLV/WL1/z5xh8pCapAFferxWEVa
xJpvb37n+pwGEhiiCBHUX2jLyFEFBHSxxRK0VWgbyvhZ2anor2F6DehuZNVJs08dnAgmJRcnhT2O
MGHUVxjnIKSvZGLJCFLAF+Rea2yCbnND7jQJu94RY7y2jRy7DtjJIz/ClhhwEvY1GIXMS7uEnkgP
WBuBFaARblhuUiGnRQ4HVGX4UwxdF6N3dR9VY2Tw0FAa7XqOHy1Kq0470Bw+Jq2K103QxUwgQLB4
q5/rTRKKNIsl9moGuWTttr8ghDStmq23mIhNUVZqNzg9fQvo0E3pwFfex8SbdBHpemlbDRnsP3+i
w17rjN62RE56EYQ+bx1Dqa8YPJQkm62cUnb6zzM3lwdcf4+mpZEWpVLO7mG2KI4YVfJDwQgfKG+4
0ys=
=CxUe
-----END PGP SIGNATURE-----

--------------ohw2wcffmOj0JLfSZv6V6nTX--


--===============4717109544398122959==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============4717109544398122959==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung