Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 23.10 USN-6808-1 Moderate: Atril Path Traversal Issue

ubuntu
Calendar Grey June 5, 2024
Dist Ubuntu Esm H88
A critical flaw in Atril on Ubuntu enables unauthorized file generation through malicious EPUB files. Ensure you upgrade your packages promptly to safeguard your system.
Atril could be made to create arbitrary files when opening a specially crafted EPUB file.

Summary

Atril could be made to create arbitrary files when opening a specially

crafted EPUB file.

Software Description:

- atril: Official Document Viewer of the MATE Desktop Environment

Details:

It was discovered that Atril was vulnerable to a path traversal attack.

An attacker could possibly use this vulnerability to create arbitrary

files on the host filesystem with user privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
    atril                           1.26.0-2ubuntu0.1
    atril-common                    1.26.0-2ubuntu0.1
    libatrildocument3               1.26.0-2ubuntu0.1

Ubuntu 22.04 LTS
    atril                           1.26.0-1ubuntu1.1
    atril-common                    1.26.0-1ubuntu1.1
    libatrildocument3               1.26.0-1ubuntu1.1

Ubuntu 20.04 LTS
    atril                           1.24.0-1ubuntu0.1
    atril-common                    1.24.0-1ubuntu0.1
    libatrildocument3               1.24.0-1ubuntu0.1

Ubuntu 18.04 LTS
    atril                           1.20.1-2ubuntu2+esm1
                                    Available with Ubuntu Pro
    atril-common                    1.20.1-2ubuntu2+esm1
                                    Available with Ubuntu Pro
    libatrildocument3               1.20.1-2ubuntu2+esm1
                                    Available with Ubuntu Pro

Ubuntu 16.04 LTS
    atril                           1.12.2-1ubuntu0.3+esm1
                                    Available with Ubuntu Pro
    atril-common                    1.12.2-1ubuntu0.3+esm1
                                    Available with Ubuntu Pro
    libatrildocument3               1.12.2-1ubuntu0.3+esm1
                                    Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

   https://ubuntu.com/security/notices/USN-6808-1

   CVE-2023-52076

Ubuntu Security Notice USN-6808-1

Package Information

   https://launchpad.net/ubuntu/+source/atril/1.26.0-2ubuntu0.1
   https://launchpad.net/ubuntu/+source/atril/1.26.0-1ubuntu1.1
   https://launchpad.net/ubuntu/+source/atril/1.24.0-1ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here