-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEhC9y9XdAFQPCvYXchGmXSGiknnUFAme09Q8FAwAAAAAACgkQhGmXSGiknnWU
BQ//TiiETAlyLQ9E/VFhq/atckFL+kr510b6skvQuyUKXQ7tjsAYcIit170q8RWOk5mdF5Efth0J
3PSOfKcKoQoiLovUgCUCcnowjMhZhN3xyhk6bAs4gxUHW4HqEiri7AGuPGdSd7qy1hOmVKRUDYn1
r4CS06k609bxJ7Pg4POo/Z8aEgHJT4vV3+sGzrmLw6SHquW2PXwxM6d1NDXRaw6tdHeG7XhX6wuZ
ikN7tQc+x+USfIZFjjG4YkcxJJjoivKbZctcmduAd/9/UHqi3lLV/WL1/z5xh8pCapAFferxWEVa
xJpvb37n+pwGEhiiCBHUX2jLyFEFBHSxxRK0VWgbyvhZ2anor2F6DehuZNVJs08dnAgmJRcnhT2O
MGHUVxjnIKSvZGLJCFLAF+Rea2yCbnND7jQJu94RY7y2jRy7DtjJIz/ClhhwEvY1GIXMS7uEnkgP
WBuBFaARblhuUiGnRQ4HVGX4UwxdF6N3dR9VY2Tw0FAa7XqOHy1Kq0470Bw+Jq2K103QxUwgQLB4
q5/rTRKKNIsl9moGuWTttr8ghDStmq23mIhNUVZqNzg9fQvo0E3pwFfex8SbdBHpemlbDRnsP3+i
w17rjN62RE56EYQ+bx1Dqa8YPJQkm62cUnb6zzM3lwdcf4+mpZEWpVLO7mG2KI4YVfJDwQgfKG+4
0ys=
=CxUe
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7274-1
February 18, 2025
atril vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Atril could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- atril: Official Document Viewer of the MATE Desktop Environment
Details:
It was discovered that Atril incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service
or to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2019-1010006)
Andy Nguyen discovered that Atril incorrectly handled certain images. An
attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 16.04 LTS. (CVE-2019-11459)
Febin Mon Saji discovered that Atril incorrectly handled certain
compressed files. A remote attacker could possibly use this issue to
cause a denial of service or to execute arbitrary code. (CVE-2023-51698)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
atril 1.26.0-1ubuntu1.2
atril-common 1.26.0-1ubuntu1.2
libatrildocument3 1.26.0-1ubuntu1.2
Ubuntu 20.04 LTS
atril 1.24.0-1ubuntu0.2
atril-common 1.24.0-1ubuntu0.2
libatrildocument3 1.24.0-1ubuntu0.2
Ubuntu 18.04 LTS
atril 1.20.1-2ubuntu2+esm2
Available with Ubuntu Pro
atril-common 1.20.1-2ubuntu2+esm2
Available with Ubuntu Pro
libatrildocument3 1.20.1-2ubuntu2+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7274-1
CVE-2019-1010006, CVE-2019-11459, CVE-2023-51698
Package Information:
https://launchpad.net/ubuntu/+source/atril/1.26.0-1ubuntu1.2
https://launchpad.net/ubuntu/+source/atril/1.24.0-1ubuntu0.2
No comments:
Post a Comment