Headline
Debian Security Advisory 5688-1
Debian Linux Security Advisory 5688-1 - It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5688-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffMay 12, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : atrilCVE ID : CVE-2023-52076It was discovered that missing input sanitising in the Atril documentviewer could result in writing arbitrary files in the users home directoryif a malformed epub document is opened.For the oldstable distribution (bullseye), this problem has been fixedin version 1.24.0-1+deb11u1. This update also disables support forcomic book archives, mitigating CVE-2023-51698.For the stable distribution (bookworm), this problem has been fixed inversion 1.26.0-2+deb12u3.We recommend that you upgrade your atril packages.For the detailed security status of atril please refer toits security tracker page at:https://security-tracker.debian.org/tracker/atrilFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZAwWEACgkQEMKTtsN8TjYqAw/+OF7wq08UNm4f0fbj/1xH8rFftCj/pnB1XGjkPiOPQA7cYDHUM0kRjEQt4MDCxzQXs5gWOR20XhZUUij95xj2d29t99N9xRWdhoC49pWOfAUKRNojrt+aa/LXSzEd2tQTWD+RuFd0ODUVJ8EYwwTH+U+NA2qVRnrXVS2PT3rUIotdXjIUPPe+LII+UX/wx3c8AKBk8UH+2bJJnLpZ26KqzcoQR4Qx4hClx0mvDFtmbKPANBeiiJSmy3erY9VG7PSDqI0m+N67Sa5mOqOr9rVFNpqXJegSm/RIEvN/K3J+HKtxpkDyWIsG8troZxA53WanVGLjWVU9HnE+XtwMvEQcjlg2r/vaN/oisbdFzybbBFrvoITVBQTeKnMPGVI3IIPGRBlHYGFJpvhc25xZfVphYlqB9gVwDIlkIIPCa23fr4KilCK/k7fDTrF/3ae91LnzyLMIxBIIDmtEbdWxKxCnizZtTpZf0Tdy1srueqdW5FdqT0fl/SZqtWhJ2g/uAROk4lOvs8H609it8UCK4X9PPZwYci7gzKHBpzQ5vuI+oAjL9EN41R4sahq6Wl0Z7n5gFcsfpfKSkdFosLMylsfQ3h2Wfdw/obiXr9VYjIUQHBdQ6zUgOnwdhNp8hvwY2WNDWrpwg2mu0cp8zRcCFLeHtfYcza9VWtiJcEa+6WAAemQ==6TWQ-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice USN-6808-1
Ubuntu Security Notice 6808-1 - It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this vulnerability to create arbitrary files on the host filesystem with user privileges.