Atril could be made to create arbitrary files when opening a specially
crafted EPUB file.
Software Description:
- atril: Official Document Viewer of the MATE Desktop Environment
Details:
It was discovered that Atril was vulnerable to a path traversal attack.
An attacker could possibly use this vulnerability to create arbitrary
files on the host filesystem with user privileges.
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 atril 1.26.0-2ubuntu0.1 atril-common 1.26.0-2ubuntu0.1 libatrildocument3 1.26.0-2ubuntu0.1 Ubuntu 22.04 LTS atril 1.26.0-1ubuntu1.1 atril-common 1.26.0-1ubuntu1.1 libatrildocument3 1.26.0-1ubuntu1.1 Ubuntu 20.04 LTS atril 1.24.0-1ubuntu0.1 atril-common 1.24.0-1ubuntu0.1 libatrildocument3 1.24.0-1ubuntu0.1 Ubuntu 18.04 LTS atril 1.20.1-2ubuntu2+esm1 Available with Ubuntu Pro atril-common 1.20.1-2ubuntu2+esm1 Available with Ubuntu Pro libatrildocument3 1.20.1-2ubuntu2+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS atril 1.12.2-1ubuntu0.3+esm1 Available with Ubuntu Pro atril-common 1.12.2-1ubuntu0.3+esm1 Available with Ubuntu Pro libatrildocument3 1.12.2-1ubuntu0.3+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6808-1
CVE-2023-52076
Get the latest Linux and open source security news straight to your inbox.