Debian LTS: DLA-1881-1: evince security update

    Date13 Aug 2019
    CategoryDebian LTS
    192
    Posted ByLinuxSecurity Advisories
    A few issues were found in the Evince document viewer. CVE-2017-1000159
    
    Package        : evince
    Version        : 3.14.1-2+deb8u3
    CVE ID         : CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006
    
    A few issues were found in the Evince document viewer.
    
    CVE-2017-1000159
    
        When printing from DVI to PDF, the dvipdfm tool was called without
        properly sanitizing the filename, which could lead to a command
        injection attack via the filename.
    
    CVE-2019-11459
    
        The tiff_document_render() and tiff_document_get_thumbnail() did
        not check the status of TIFFReadRGBAImageOriented(), leading to
        uninitialized memory access if that funcion fails.
    
    CVE-2019-1010006
    
        Some buffer overflow checks were not properly done, leading to
        application crash or possibly arbitrary code execution when
        opening maliciously crafted files.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    3.14.1-2+deb8u3.
    
    We recommend that you upgrade your evince packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.