USN-3351-1: Evince vulnerability
USN-3351-1: Evince vulnerability Ubuntu Security Notice USN-3351-1 13th July, 2017 evince vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Evince could be made run programs as your login if it opened a specially crafted file. Software description evince – Document viewer Details Felix Wilhelm discovered that Evince did not safely invoke tar whenhandling tar comic book (cbt) files. An attacker could use this toconstruct a malicious cbt comic book format file that, when openedin Evince, executes arbitrary code. Please note that this updatedisables support for cbt files in Evince. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: evince 3.24.0-0ubuntu1.1 evince-common 3.24.0-0ubuntu1.1 Ubuntu 16.10: evince 3.22.0-0ubuntu1.1 evince-common 3.22.0-0ubuntu1.1 Ubuntu 16.04 LTS: evince 3.18.2-1ubuntu4.1 evince-common 3.18.2-1ubuntu4.1 Ubuntu [ more… ]