You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa Okular

Sigurnosni nedostatak programskog paketa Okular

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201811-08
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: Okular: Directory traversal
Date: November 10, 2018
Bugs: #665662
ID: 201811-08

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Okular is vulnerable to a directory traversal attack.

Background
==========

Okular is a universal document viewer based on KPDF for KDE 4.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 kde-apps/okular < 18.04.3-r1 >= 18.04.3-r1

Description
===========

It was discovered that Okular contains a Directory Traversal
vulnerability in function unpackDocumentArchive() in core/document.cpp.

Impact
======

A remote attacker could entice a user to open a specially crafted
Okular archive, possibly allowing the writing of arbitrary files with
the privileges of the process.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Okular users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=kde-apps/okular-18.04.3-r1”

References
==========

[ 1 ] CVE-2018-1000801
https://nvd.nist.gov/vuln/detail/CVE-2018-1000801

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201811-08

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–

iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAlvmJJRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz
MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2
BVmKbggApPJJnJgqBLu+mbWdLkINKIC5cQCuEgbslenc+KgolQVdwDmi7D2b9LJZ
7Kol2qQNkOgfLWcW7/sr22X7UkRcrKwWnfgxAp1QENGn7i/jA/I65iz8XKLg+eks
PTmDhGpjfIVfheMmOb2RVng5R4x7d4QgGUdXzpzHukt0O8HI8rcQan/bBC13l21k
ANFgn+wqj20VE/XgEQsGxDnT/eyQ5S2PmPH0KjJk4Lo7Pq0/5L6LwA/YlFsRmWtd
D1L36I9KjbNdvlg85r4oBQWbRswdobLUHbe8Ii/q61QHNY7CBR7GbNtSBTlA075s
MuoAc+qohLkW6w1Ud6+SlxNaqDztDg==
=amz7
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libarchive

Otkriveni su sigurnosni nedostaci programske biblioteke libarchive za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili...

Close