RHSA-2017:2388-01 -- Redhat evinceID: oval:org.secpod.oval:def:502075 | Date: (C)2017-08-04 (M)2023-12-20 |
Class: PATCH | Family: unix |
The evince packages provide a simple multi-page document viewer for Portable Document Format , PostScript , Encapsulated PostScript files, and, with additional back-ends, also the Device Independent File format files. Security Fix: * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. Red Hat would like to thank Felix Wilhelm for reporting this issue.
Platform: |
Red Hat Enterprise Linux 7 |