Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9: MGASA-2024-0224 Critical: Atril Path Traversal Issue

mageia
Calendar Grey June 15, 2024
Dist Mageia Esm H88
Atril Document Viewer on Mageia receives crucial updates addressing a file write vulnerability that could potentially allow for Remote Code Execution.
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux

Summary

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. (CVE-2023-52076)

References

- https://bugs.mageia.org/show_bug.cgi?id=33282

- https://ubuntu.com/security/notices/USN-6808-1

- https://www.cve.org/CVERecord?id=CVE-2023-52076

Topics%20covered

Topics Covered

security advisory remote command execution path traversal document viewer arbitrary file write mageia atril

Resolution

SRPMS

- 9/core/atril-1.26.1-1.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 15 Jun 2024
URL: https://advisories.mageia.org/MGASA-2024-0224.html
Type: security
CVE: CVE-2023-52076

Topics%20covered

Topics Covered

security advisory remote command execution path traversal document viewer arbitrary file write mageia atril

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here