Stay Vigilant with Timely Linux Security Advisories

security advisorydebianimportant

Debian Evince Important Command Injection Risk DLA-4596-1 CVE-2026-46529

It was discovered that evince, a simple multi-page document viewer, is prone to a command injection vulnerability if a specially crafted PDF file is opened. For Debian 11 bullseye, this problem has been fixed in version 3.38.2-1+deb11u1.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4596-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andreas Henriksson May 22, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : evince Version : 3.38.2-1+deb11u1 CVE ID : CVE-2026-46529 It was discovered that evince, a simple multi-page document viewer, is prone to a command injection vulnerability if a specially crafted PDF file is opened. For Debian 11 bullseye, this problem has been fixed in version 3.38.2-1+deb11u1. We recommend that you upgrade your evince packages. For the detailed security status of evince please refer to its security tracker page at: https://security-tracker.debian.org/tracker/evince Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Evince on Debian LTS fixed command injection risk. Upgrade to 3.38.2-1+deb11u1 to secure PDF handling.. Debian LTS security, evince command injection, document viewer security, software update. . Severity: Important. LinuxSecurity.com Team

May 22, 2026 •Important Debian LTS

security advisoryremote command executionpath traversal

Mageia 9: MGASA-2024-0224 Critical: Atril Path Traversal Issue

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The . MGASA-2024-0224 - Updated atril packages fix security vulnerability Publication date: 15 Jun 2024 URL: https://advisories.mageia.org/MGASA-2024-0224.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-52076 Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. (CVE-2023-52076) References: - https://bugs.mageia.org/show_bug.cgi?id=33282 - https://ubuntu.com/security/notices/USN-6808-1 - https://www.cve.org/CVERecord?id=CVE-2023-52076 SRPMS: - 9/core/atril-1.26.1-1.1.mga9 . Atril Document Viewer on Mageia receives crucial updates addressing a file write vulnerability that could potentially allow for Remote Code Execution.. Atril Document Viewer,Mageia Security,Path Traversal Fix,Remote Command Execution,Document Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Jun 15, 2024 •Critical Mageia

Banner 2 1028x280 1708121730 1 1771599631

security advisorysecurity updatedebian

Debian DSA-5688-1: Atril Security Update for Document Viewer

It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5688-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : atril CVE ID : CVE-2023-52076 It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened. For the oldstable distribution (bullseye), this problem has been fixed in version 1.24.0-1+deb11u1. This update also disables support for comic book archives, mitigating CVE-2023-51698. For the stable distribution (bookworm), this problem has been fixed in version 1.26.0-2+deb12u3. We recommend that you upgrade your atril packages. For the detailed security status of atril please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/atril Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Atril document viewer has released a new patch that resolves vulnerabilities related to input sanitization, enhancing the security of user files against corrupted document formats.. Atril Security Advisory, Debian Security Update, Document Viewer Issue, File Management, Input Handling. . Severity: Critical. LinuxSecurity.com Team

May 12, 2024 •Critical Debian

security advisorysecurity updatecode execution

Debian 9: DLA-2856-1 Moderate: Okular Code Execution Issue Fix

Code execution via an action link in a PDF document was fixed in the KDE document viewer Okular. For Debian 9 stretch, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2856-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk December 27, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : okular Version : 4:16.08.2-1+deb9u2 CVE ID : CVE-2020-9359 Debian Bug : 954891 Code execution via an action link in a PDF document was fixed in the KDE document viewer Okular. For Debian 9 stretch, this problem has been fixed in version 4:16.08.2-1+deb9u2. We recommend that you upgrade your okular packages. For the detailed security status of okular please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/okular Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS DLA-2858-1 addresses vulnerability in Krita image editor. Users should update for enhanced protection.. Okular Update, Debian Security, Document Viewer, Code Execution, DLA-2856-1. . LinuxSecurity.com Team

Dec 27, 2021 Debian LTS

security advisoryRed Hat Enterprise Linuxlow severity

Red Hat: RHSA-2020-3977-01 Low: Evince And Poppler Security Update

An update for evince and poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: evince and poppler security and bug fix update Advisory ID: RHSA-2020:3977-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3977 Issue date: 2020-09-29 CVE Names: CVE-2019-14494 ==================================================================== 1. Summary: An update for evince and poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: divide-by-zero in functionSplashOutputDev::tilingPatternFill in SplashOutputDev.cc (CVE-2019-14494) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1610436 - Gtk-CRITICALs when scrolling in thumbnails bar in large file 1797453 - CVE-2019-14494 poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: evince-3.28.2-10.el7.src.rpm poppler-0.26.5-43.el7.src.rpm x86_64: evince-3.28.2-10.el7.x86_64.rpm evince-debuginfo-3.28.2-10.el7.i686.rpm evince-debuginfo-3.28.2-10.el7.x86_64.rpm evince-dvi-3.28.2-10.el7.x86_64.rpm evince-libs-3.28.2-10.el7.i686.rpm evince-libs-3.28.2-10.el7.x86_64.rpm evince-nautilus-3.28.2-10.el7.x86_64.rpm poppler-0.26.5-43.el7.i686.rpm poppler-0.26.5-43.el7.x86_64.rpm poppler-debuginfo-0.26.5-43.el7.i686.rpm poppler-debuginfo-0.26.5-43.el7.x86_64.rpm poppler-glib-0.26.5-43.el7.i686.rpm poppler-glib-0.26.5-43.el7.x86_64.rpm poppler-qt-0.26.5-43.el7.i686.rpm poppler-qt-0.26.5-43.el7.x86_64.rpm poppler-utils-0.26.5-43.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v.7): x86_64: evince-browser-plugin-3.28.2-10.el7.x86_64.rpm evince-debuginfo-3.28.2-10.el7.i686.rpm evince-debuginfo-3.28.2-10.el7.x86_64.rpm evince-devel-3.28.2-10.el7.i686.rpm evince-devel-3.28.2-10.el7.x86_64.rpm poppler-cpp-0.26.5-43.el7.i686.rpm poppler-cpp-0.26.5-43.el7.x86_64.rpm poppler-cpp-devel-0.26.5-43.el7.i686.rpm poppler-cpp-devel-0.26.5-43.el7.x86_64.rpm poppler-debuginfo-0.26.5-43.el7.i686.rpm poppler-debuginfo-0.26.5-43.el7.x86_64.rpm poppler-demos-0.26.5-43.el7.x86_64.rpm poppler-devel-0.26.5-43.el7.i686.rpm poppler-devel-0.26.5-43.el7.x86_64.rpm poppler-glib-devel-0.26.5-43.el7.i686.rpm poppler-glib-devel-0.26.5-43.el7.x86_64.rpm poppler-qt-devel-0.26.5-43.el7.i686.rpm poppler-qt-devel-0.26.5-43.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: poppler-0.26.5-43.el7.src.rpm x86_64: poppler-0.26.5-43.el7.i686.rpm poppler-0.26.5-43.el7.x86_64.rpm poppler-debuginfo-0.26.5-43.el7.i686.rpm poppler-debuginfo-0.26.5-43.el7.x86_64.rpm poppler-qt-0.26.5-43.el7.i686.rpm poppler-qt-0.26.5-43.el7.x86_64.rpm poppler-utils-0.26.5-43.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: poppler-cpp-0.26.5-43.el7.i686.rpm poppler-cpp-0.26.5-43.el7.x86_64.rpm poppler-cpp-devel-0.26.5-43.el7.i686.rpm poppler-cpp-devel-0.26.5-43.el7.x86_64.rpm poppler-debuginfo-0.26.5-43.el7.i686.rpm poppler-debuginfo-0.26.5-43.el7.x86_64.rpm poppler-demos-0.26.5-43.el7.x86_64.rpm poppler-devel-0.26.5-43.el7.i686.rpm poppler-devel-0.26.5-43.el7.x86_64.rpm poppler-glib-0.26.5-43.el7.i686.rpm poppler-glib-0.26.5-43.el7.x86_64.rpm poppler-glib-devel-0.26.5-43.el7.i686.rpm poppler-glib-devel-0.26.5-43.el7.x86_64.rpm poppler-qt-devel-0.26.5-43.el7.i686.rpm poppler-qt-devel-0.26.5-43.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: evince-3.28.2-10.el7.src.rpm poppler-0.26.5-43.el7.src.rpm ppc64: evince-3.28.2-10.el7.ppc64.rpm evince-debuginfo-3.28.2-10.el7.ppc.rpm evince-debuginfo-3.28.2-10.el7.ppc64.rpm evince-dvi-3.28.2-10.el7.ppc64.rpm evince-libs-3.28.2-10.el7.ppc.rpm evince-libs-3.28.2-10.el7.ppc64.rpm evince-nautilus-3.28.2-10.el7.ppc64.rpm poppler-0.26.5-43.el7.ppc.rpm poppler-0.26.5-43.el7.ppc64.rpm poppler-debuginfo-0.26.5-43.el7.ppc.rpm poppler-debuginfo-0.26.5-43.el7.ppc64.rpm poppler-glib-0.26.5-43.el7.ppc.rpm poppler-glib-0.26.5-43.el7.ppc64.rpm poppler-utils-0.26.5-43.el7.ppc64.rpm ppc64le: evince-3.28.2-10.el7.ppc64le.rpm evince-debuginfo-3.28.2-10.el7.ppc64le.rpm evince-dvi-3.28.2-10.el7.ppc64le.rpm evince-libs-3.28.2-10.el7.ppc64le.rpm evince-nautilus-3.28.2-10.el7.ppc64le.rpm poppler-0.26.5-43.el7.ppc64le.rpm poppler-debuginfo-0.26.5-43.el7.ppc64le.rpm poppler-glib-0.26.5-43.el7.ppc64le.rpm poppler-qt-0.26.5-43.el7.ppc64le.rpm poppler-utils-0.26.5-43.el7.ppc64le.rpm s390x: evince-3.28.2-10.el7.s390x.rpm evince-debuginfo-3.28.2-10.el7.s390.rpm evince-debuginfo-3.28.2-10.el7.s390x.rpm evince-dvi-3.28.2-10.el7.s390x.rpm evince-libs-3.28.2-10.el7.s390.rpm evince-libs-3.28.2-10.el7.s390x.rpm evince-nautilus-3.28.2-10.el7.s390x.rpm poppler-0.26.5-43.el7.s390.rpm poppler-0.26.5-43.el7.s390x.rpm poppler-debuginfo-0.26.5-43.el7.s390.rpm poppler-debuginfo-0.26.5-43.el7.s390x.rpm poppler-glib-0.26.5-43.el7.s390.rpm poppler-glib-0.26.5-43.el7.s390x.rpm poppler-utils-0.26.5-43.el7.s390x.rpm x86_64: evince-3.28.2-10.el7.x86_64.rpm evince-debuginfo-3.28.2-10.el7.i686.rpm evince-debuginfo-3.28.2-10.el7.x86_64.rpm evince-dvi-3.28.2-10.el7.x86_64.rpm evince-libs-3.28.2-10.el7.i686.rpm evince-libs-3.28.2-10.el7.x86_64.rpm evince-nautilus-3.28.2-10.el7.x86_64.rpm poppler-0.26.5-43.el7.i686.rpm poppler-0.26.5-43.el7.x86_64.rpm poppler-debuginfo-0.26.5-43.el7.i686.rpm poppler-debuginfo-0.26.5-43.el7.x86_64.rpm poppler-glib-0.26.5-43.el7.i686.rpm poppler-glib-0.26.5-43.el7.x86_64.rpm poppler-qt-0.26.5-43.el7.i686.rpm poppler-qt-0.26.5-43.el7.x86_64.rpm poppler-utils-0.26.5-43.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: evince-browser-plugin-3.28.2-10.el7.ppc64.rpm evince-debuginfo-3.28.2-10.el7.ppc.rpm evince-debuginfo-3.28.2-10.el7.ppc64.rpm evince-devel-3.28.2-10.el7.ppc.rpm evince-devel-3.28.2-10.el7.ppc64.rpm poppler-cpp-0.26.5-43.el7.ppc.rpm poppler-cpp-0.26.5-43.el7.ppc64.rpm poppler-cpp-devel-0.26.5-43.el7.ppc.rpm poppler-cpp-devel-0.26.5-43.el7.ppc64.rpm poppler-debuginfo-0.26.5-43.el7.ppc.rpm poppler-debuginfo-0.26.5-43.el7.ppc64.rpm poppler-demos-0.26.5-43.el7.ppc64.rpm poppler-devel-0.26.5-43.el7.ppc.rpm poppler-devel-0.26.5-43.el7.ppc64.rpm poppler-glib-devel-0.26.5-43.el7.ppc.rpm poppler-glib-devel-0.26.5-43.el7.ppc64.rpm poppler-qt-0.26.5-43.el7.ppc.rpm poppler-qt-0.26.5-43.el7.ppc64.rpm poppler-qt-devel-0.26.5-43.el7.ppc.rpm poppler-qt-devel-0.26.5-43.el7.ppc64.rpm ppc64le: evince-browser-plugin-3.28.2-10.el7.ppc64le.rpm evince-debuginfo-3.28.2-10.el7.ppc64le.rpm evince-devel-3.28.2-10.el7.ppc64le.rpm poppler-cpp-0.26.5-43.el7.ppc64le.rpm poppler-cpp-devel-0.26.5-43.el7.ppc64le.rpm poppler-debuginfo-0.26.5-43.el7.ppc64le.rpm poppler-demos-0.26.5-43.el7.ppc64le.rpm poppler-devel-0.26.5-43.el7.ppc64le.rpm poppler-glib-devel-0.26.5-43.el7.ppc64le.rpm poppler-qt-devel-0.26.5-43.el7.ppc64le.rpm s390x: evince-browser-plugin-3.28.2-10.el7.s390x.rpm evince-debuginfo-3.28.2-10.el7.s390.rpm evince-debuginfo-3.28.2-10.el7.s390x.rpm evince-devel-3.28.2-10.el7.s390.rpm evince-devel-3.28.2-10.el7.s390x.rpm poppler-cpp-0.26.5-43.el7.s390.rpm poppler-cpp-0.26.5-43.el7.s390x.rpm poppler-cpp-devel-0.26.5-43.el7.s390.rpm poppler-cpp-devel-0.26.5-43.el7.s390x.rpm poppler-debuginfo-0.26.5-43.el7.s390.rpm poppler-debuginfo-0.26.5-43.el7.s390x.rpm poppler-demos-0.26.5-43.el7.s390x.rpm poppler-devel-0.26.5-43.el7.s390.rpm poppler-devel-0.26.5-43.el7.s390x.rpm poppler-glib-devel-0.26.5-43.el7.s390.rpm poppler-glib-devel-0.26.5-43.el7.s390x.rpm poppler-qt-0.26.5-43.el7.s390.rpm poppler-qt-0.26.5-43.el7.s390x.rpm poppler-qt-devel-0.26.5-43.el7.s390.rpm poppler-qt-devel-0.26.5-43.el7.s390x.rpm x86_64: evince-browser-plugin-3.28.2-10.el7.x86_64.rpm evince-debuginfo-3.28.2-10.el7.i686.rpm evince-debuginfo-3.28.2-10.el7.x86_64.rpm evince-devel-3.28.2-10.el7.i686.rpm evince-devel-3.28.2-10.el7.x86_64.rpm poppler-cpp-0.26.5-43.el7.i686.rpm poppler-cpp-0.26.5-43.el7.x86_64.rpm poppler-cpp-devel-0.26.5-43.el7.i686.rpm poppler-cpp-devel-0.26.5-43.el7.x86_64.rpm poppler-debuginfo-0.26.5-43.el7.i686.rpm poppler-debuginfo-0.26.5-43.el7.x86_64.rpm poppler-demos-0.26.5-43.el7.x86_64.rpm poppler-devel-0.26.5-43.el7.i686.rpm poppler-devel-0.26.5-43.el7.x86_64.rpm poppler-glib-devel-0.26.5-43.el7.i686.rpm poppler-glib-devel-0.26.5-43.el7.x86_64.rpm poppler-qt-devel-0.26.5-43.el7.i686.rpm poppler-qt-devel-0.26.5-43.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: evince-3.28.2-10.el7.src.rpm poppler-0.26.5-43.el7.src.rpm x86_64: evince-3.28.2-10.el7.x86_64.rpm evince-debuginfo-3.28.2-10.el7.i686.rpm evince-debuginfo-3.28.2-10.el7.x86_64.rpm evince-dvi-3.28.2-10.el7.x86_64.rpm evince-libs-3.28.2-10.el7.i686.rpm evince-libs-3.28.2-10.el7.x86_64.rpm evince-nautilus-3.28.2-10.el7.x86_64.rpm poppler-0.26.5-43.el7.i686.rpm poppler-0.26.5-43.el7.x86_64.rpm poppler-debuginfo-0.26.5-43.el7.i686.rpm poppler-debuginfo-0.26.5-43.el7.x86_64.rpm poppler-glib-0.26.5-43.el7.i686.rpm poppler-glib-0.26.5-43.el7.x86_64.rpm poppler-qt-0.26.5-43.el7.i686.rpm poppler-qt-0.26.5-43.el7.x86_64.rpm poppler-utils-0.26.5-43.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): x86_64: evince-browser-plugin-3.28.2-10.el7.x86_64.rpm evince-debuginfo-3.28.2-10.el7.i686.rpm evince-debuginfo-3.28.2-10.el7.x86_64.rpm evince-devel-3.28.2-10.el7.i686.rpm evince-devel-3.28.2-10.el7.x86_64.rpm poppler-cpp-0.26.5-43.el7.i686.rpm poppler-cpp-0.26.5-43.el7.x86_64.rpm poppler-cpp-devel-0.26.5-43.el7.i686.rpm poppler-cpp-devel-0.26.5-43.el7.x86_64.rpm poppler-debuginfo-0.26.5-43.el7.i686.rpm poppler-debuginfo-0.26.5-43.el7.x86_64.rpm poppler-demos-0.26.5-43.el7.x86_64.rpm poppler-devel-0.26.5-43.el7.i686.rpm poppler-devel-0.26.5-43.el7.x86_64.rpm poppler-glib-devel-0.26.5-43.el7.i686.rpm poppler-glib-devel-0.26.5-43.el7.x86_64.rpm poppler-qt-devel-0.26.5-43.el7.i686.rpm poppler-qt-devel-0.26.5-43.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14494 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX3OjytzjgjWX9erEAQg+WA//S9AxwyBHWq+hF+Bc8D7jLcma3rKBIJFY apkbmTL5CwKLV9DbFlryslfveYDMimhBEcHvGLqr+BjVUT2UamHv0vw1Fly7agJl ZnY4TS2Rc2/JJonqT61zH4NoCHrsMs47nnRXF6wAGVbNiG7GSdDYT8hcGKP8PAPo pW2S8BS+WEx99TmGZ4IMaf5NMEb9nVg8tKKpdcSLDaoxYYzTuY5dhnvxcDkAMDd4 eaN+9rpBBggtJsNCwq4QexVwwx2Ocl9KSPZyE6xpnpZkbDss8LerhvLr3HKKzJbM rwxWM87pfm/rVOuxXSLcOr9bNl+rv8eOeyx5tvClndcn41FayBlDGgrPw05GU+uP I6do8v7s+5dWNOYyIvxUb/qbB1/Sq3yHX17iQ7XmglQ1P7qqhhxQaFG26/tNhCnP UfkwK0EATl1EAMVQvyKVxQ5jiLS/i92YA/X4lHZHmgGLPbjYUKvxg3Enn5tZ1iP1 acSl6/tMfKdipWALKB62rSFjW3+ZFsWLeDlSA+BahPZVPJcvnuNU09JyUVwOrj/x dS9IAElPF1h/fQ1WnhIAf7Assh9sNJv4Ps4hd0cRWi1YfS8tkb55niLQk1fEfmFW WesSFDbLpqx/O5nfZQiyfgzrgSh/kH+0ekkQTFBA4hdMXiqBtdnEbgVbPV+wAnJA nIByLudtUGk=bPOk -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . New security patch released for Evince and Poppler in Red Hat. Minor risk mitigated from vulnerabilities. Urgent response recommended.. Evince Update, Poppler Security, Red Hat Enterprise, Linux Update, Security Fix. . Severity: Low. LinuxSecurity.com Team

Sep 29, 2020 •Low Red Hat

security advisorymoderatesecurity update

Red Hat Enterprise Linux 7: RHSA-2020:1173-01 Moderate: Okular Security Fix

An update for okular is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: okular security update Advisory ID: RHSA-2020:1173-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1173 Issue date: 2020-03-31 CVE Names: CVE-2018-1000801 ==================================================================== 1. Summary: An update for okular is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Okular is a universal document viewer developed by KDE supporting different kinds of documents, like PDF, Postscript, DjVu, CHM, XPS, ePub and others. Security Fix(es): * okular: Directory traversal in function unpackDocumentArchive() in core/document.cpp (CVE-2018-1000801) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the Referencessection. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1626265 - CVE-2018-1000801 okular: Directory traversal in function unpackDocumentArchive() in core/document.cpp 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: okular-4.10.5-8.el7.src.rpm x86_64: okular-4.10.5-8.el7.x86_64.rpm okular-debuginfo-4.10.5-8.el7.i686.rpm okular-debuginfo-4.10.5-8.el7.x86_64.rpm okular-libs-4.10.5-8.el7.i686.rpm okular-libs-4.10.5-8.el7.x86_64.rpm okular-part-4.10.5-8.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: okular-debuginfo-4.10.5-8.el7.i686.rpm okular-debuginfo-4.10.5-8.el7.x86_64.rpm okular-devel-4.10.5-8.el7.i686.rpm okular-devel-4.10.5-8.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: okular-4.10.5-8.el7.src.rpm ppc64le: okular-4.10.5-8.el7.ppc64le.rpm okular-debuginfo-4.10.5-8.el7.ppc64le.rpm okular-devel-4.10.5-8.el7.ppc64le.rpm okular-libs-4.10.5-8.el7.ppc64le.rpm okular-part-4.10.5-8.el7.ppc64le.rpm x86_64: okular-4.10.5-8.el7.x86_64.rpm okular-debuginfo-4.10.5-8.el7.i686.rpm okular-debuginfo-4.10.5-8.el7.x86_64.rpm okular-devel-4.10.5-8.el7.i686.rpm okular-devel-4.10.5-8.el7.x86_64.rpm okular-libs-4.10.5-8.el7.i686.rpm okular-libs-4.10.5-8.el7.x86_64.rpm okular-part-4.10.5-8.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: okular-4.10.5-8.el7.src.rpm x86_64: okular-4.10.5-8.el7.x86_64.rpm okular-debuginfo-4.10.5-8.el7.i686.rpm okular-debuginfo-4.10.5-8.el7.x86_64.rpm okular-devel-4.10.5-8.el7.i686.rpm okular-devel-4.10.5-8.el7.x86_64.rpm okular-libs-4.10.5-8.el7.i686.rpm okular-libs-4.10.5-8.el7.x86_64.rpm okular-part-4.10.5-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2018-1000801 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOcgNzjgjWX9erEAQjoAQ//du1ZkuKyr3fPdqg1TevacRXEcfdXEQ5T Z3wm+blxkNcDb1+jZ7xIXASwMwWZm7rtXGI01YVuTZObzRYc9zCHFytG7Ij/F7C4 M/K4EwDCvoPFxQVuoRzuRB5rwJ+nYwiM2UAFfEd0/jYE44iWadaOn4zYToiH9PqW /JgS2tQZl8ssBP/sG7E4pcmmFOK3084HMerb3bFr5SsqrfnYlXgCdKDecozBpP7S dOqGPC0wthQk/j0cY5+WJOWiwIpBozQt9pZStvl912ZU3Uq4Md464P80IHHP42uh pF4/M6C7wegAJ9ipncnZfAdGC/Jn0vE2X8SlpisyjjVvzLugq9tJBt2yiuFq36eK YEhBT+qSMahs+IZg5GNF+qe1J3C+nuwQVZciIX2E/5QTE+bCN6Y9uFqoZ2X+7WkN dzu8Qm5tSmPuEzo2czGfNhSgX3tudjcW8sQkXTGiGGQHTOmBPy/3G7CCVSkbM7hu ERbHxkA8LYbt8z/sTYkqAKBi5gjfKCmSdQUQ/u/IdDQI69Ij7e+rB5sX7ZKMtVYR U+5QfR0GyBsNSYCdbJ5hd2+1f9OYzdR5BcvMd97Lh61VGu1pL9md70umowYnBUTY IEwJqIBpCen5sL3y17ascfXq/ViahZsaOknai2N4WZfnL8h5aNgK8YtRVv3z5+z2 XskXuDj8u+k=69H3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://access.redhat.com/security/updates/advisory . Red Hat Security Advisory has issued a significant patch for Okular on RHEL 7, targeting vulnerabilities in the document viewer that could compromise system integrity.. Red Hat Enterprise Linux, Okular Security Update, Moderate Update, Document Viewer Security. . LinuxSecurity.com Team

Mar 31, 2020 Red Hat

security advisorycriticalFedora

Fedora 33: FEDORA-2021-dfca489e79 Major: GIMP Remote Flaw

Security fix for CVE-2020-9359. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-dcde488e68 2020-03-31 00:15:07.171312 --------------------------------------------------------------------------------Name : okular Product : Fedora 32 Version : 19.12.3 Release : 2.fc32 URL : https://apps.kde.org//graphics/okular/ Summary : A document viewer Description : A document viewer. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2020-9359 --------------------------------------------------------------------------------ChangeLog: * Sun Mar 22 2020 Rex Dieter - 19.12.3-2 - Security fix for CVE-2020-9359 (#1815651,1815652) * Fri Mar 6 2020 Rex Dieter - 19.12.3-1 - 19.12.3 * Tue Feb 4 2020 Rex Dieter - 19.12.2-1 - 19.12.2 --------------------------------------------------------------------------------References: [ 1 ] Bug #1815651 - CVE-2020-9359 okular: local binary execution via specially crafted PDF files https://bugzilla.redhat.com/show_bug.cgi?id=1815651 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-dcde488e68' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 32 update for okular addresses local code execution flaws arising from maliciously crafted PDF documents.. Fedora Security, Okular Update, PDF Security Issue. . Severity: Important. LinuxSecurity.com Team

Mar 30, 2020 •Important Fedora

security advisorybuffer overflowDebian

Debian: DLA-1881-1 Critical Evince Security Issues and Fixes

A few issues were found in the Evince document viewer. CVE-2017-1000159 . Package : evince Version : 3.14.1-2+deb8u3 CVE ID : CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006 A few issues were found in the Evince document viewer. CVE-2017-1000159 When printing from DVI to PDF, the dvipdfm tool was called without properly sanitizing the filename, which could lead to a command injection attack via the filename. CVE-2019-11459 The tiff_document_render() and tiff_document_get_thumbnail() did not check the status of TIFFReadRGBAImageOriented(), leading to uninitialized memory access if that funcion fails. CVE-2019-1010006 Some buffer overflow checks were not properly done, leading to application crash or possibly arbitrary code execution when opening maliciously crafted files. For Debian 8 "Jessie", these problems have been fixed in version 3.14.1-2+deb8u3. We recommend that you upgrade your evince packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian has released an important security update for Evince to fix critical vulnerabilities like command injection and buffer overflow, enhancing PDF viewer safety. Evince Security Update, Debian LTS, Command Injection Fix, Buffer Overflow Update. . Severity: Critical. LinuxSecurity.com Team

Aug 13, 2019 •Critical Debian LTS

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Debian Evince Important Command Injection Risk DLA-4596-1 CVE-2026-46529

Mageia 9: MGASA-2024-0224 Critical: Atril Path Traversal Issue

Debian DSA-5688-1: Atril Security Update for Document Viewer

Debian 9: DLA-2856-1 Moderate: Okular Code Execution Issue Fix

Red Hat: RHSA-2020-3977-01 Low: Evince And Poppler Security Update

Red Hat Enterprise Linux 7: RHSA-2020:1173-01 Moderate: Okular Security Fix

Fedora 33: FEDORA-2021-dfca489e79 Major: GIMP Remote Flaw

Debian: DLA-1881-1 Critical Evince Security Issues and Fixes

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!