Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu 23.10 USN-6808-1 Moderate: Atril Path Traversal Issue

ubuntu
Calendar Grey June 5, 2024
Dist Ubuntu Esm H88
A critical flaw in Atril on Ubuntu enables unauthorized file generation through malicious EPUB files. Ensure you upgrade your packages promptly to safeguard your system.
Atril could be made to create arbitrary files when opening a specially crafted EPUB file.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Atril could be made to create arbitrary files when opening a specially crafted EPUB file. Software Description: - atril: Official Document Viewer of the MATE Desktop Environment Details: It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this vulnerability to create arbitrary files on the host filesystem with user privileges.

Topics%20covered

Topics Covered

security advisory Ubuntu user privileges path traversal arbitrary file creation atril

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10    atril                           1.26.0-2ubuntu0.1    atril-common                    1.26.0-2ubuntu0.1    libatrildocument3               1.26.0-2ubuntu0.1 Ubuntu 22.04 LTS    atril                           1.26.0-1ubuntu1.1    atril-common                    1.26.0-1ubuntu1.1    libatrildocument3               1.26.0-1ubuntu1.1 Ubuntu 20.04 LTS    atril                           1.24.0-1ubuntu0.1    atril-common                    1.24.0-1ubuntu0.1    libatrildocument3               1.24.0-1ubuntu0.1 Ubuntu 18.04 LTS    atril                           1.20.1-2ubuntu2+esm1                                    Available with Ubuntu Pro    atril-common                    1.20.1-2ubuntu2+esm1                                    Available with Ubuntu Pro    libatrildocument3               1.20.1-2ubuntu2+esm1                                    Available with Ubuntu Pro Ubuntu 16.04 LTS    atril                           1.12.2-1ubuntu0.3+esm1                                    Available with Ubuntu Pro    atril-common                    1.12.2-1ubuntu0.3+esm1                                    Available with Ubuntu Pro    libatrildocument3               1.12.2-1ubuntu0.3+esm1                                    Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

   https://ubuntu.com/security/notices/USN-6808-1

   CVE-2023-52076

Ubuntu Security Notice USN-6808-1

Topics%20covered

Topics Covered

security advisory Ubuntu user privileges path traversal arbitrary file creation atril

Package Information

   https://launchpad.net/ubuntu/+source/atril/1.26.0-2ubuntu0.1    https://launchpad.net/ubuntu/+source/atril/1.26.0-1ubuntu1.1    https://launchpad.net/ubuntu/+source/atril/1.24.0-1ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here