1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5688-1] atril security update

    From Moritz Muehlenhoff@21:1/5 to All on Sun May 12 15:30:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5688-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
    May 12, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : atril
    CVE ID : CVE-2023-52076

    It was discovered that missing input sanitising in the Atril document
    viewer could result in writing arbitrary files in the users home directory
    if a malformed epub document is opened.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 1.24.0-1+deb11u1. This update also disables support for
    comic book archives, mitigating CVE-2023-51698.

    For the stable distribution (bookworm), this problem has been fixed in
    version 1.26.0-2+deb12u3.

    We recommend that you upgrade your atril packages.

    For the detailed security status of atril please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/atril

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZAwWEACgkQEMKTtsN8 TjYqAw/+OF7wq08UNm4f0fbj/1xH8rFftCj/pnB1XGjkPiOPQA7cYDHUM0kRjEQt 4MDCxzQXs5gWOR20XhZUUij95xj2d29t99N9xRWdhoC49pWOfAUKRNojrt+aa/LX SzEd2tQTWD+RuFd0ODUVJ8EYwwTH+U+NA2qVRnrXVS2PT3rUIotdXjIUPPe+LII+ UX/wx3c8AKBk8UH+2bJJnLpZ26KqzcoQR4Qx4hClx0mvDFtmbKPANBeiiJSmy3er Y9VG7PSDqI0m+N67Sa5mOqOr9rVFNpqXJegSm/RIEvN/K3J+HKtxpkDyWIsG8tro ZxA53WanVGLjWVU9HnE+XtwMvEQcjlg2r/vaN/oisbdFzybbBFrvoITVBQTeKnMP GVI3IIPGRBlHYGFJpvhc25xZfVphYlqB9gVwDIlkIIPCa23fr4KilCK/k7fDTrF/ 3ae91LnzyLMIxBIIDmtEbdWxKxCnizZtTpZf0Tdy1srueqdW5FdqT0fl/SZqtWhJ 2g/uAROk4lOvs8H609it8UCK4X9PPZwYci7gzKHBpzQ5vuI+oAjL9EN41R4sahq6 Wl0Z7n5gFcsfpfKSkdFosLMylsfQ3h2Wfdw/obiXr9VYjIUQHBdQ6zUgOnwdhNp8 hvwY2WNDWrpwg2mu0cp8zRcCFLeHtfYcza9VWtiJcEa+6WAAemQ=
    =6TWQ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)