okular-4.10.5-8.el7

エラータID: AXSA:2020-4545:01

Release date: 
Thursday, April 2, 2020 - 05:47
Subject: 
okular-4.10.5-8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Okular is a universal document viewer developed by KDE supporting different kinds of documents, like PDF, Postscript, DjVu, CHM, XPS, ePub and others.

Security Fix(es):

* okular: Directory traversal in function unpackDocumentArchive() in core/document.cpp (CVE-2018-1000801)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2018-1000801
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

Solution: 

Update packages.

CVEs: 
CVE-2018-1000801
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1
Additional Info: 

N/A

Download: 

SRPMS
  1. okular-4.10.5-8.el7.src.rpm
    MD5: 41cfb32f10f0c4ef06d92c1e401f4459
    SHA-256: 14cb218dd43ac2e3eb7f9f2d93218441a72f04d8ad937e5a4f91e60c129af1fa
    Size: 1.34 MB

Asianux Server 7 for x86_64
  1. okular-4.10.5-8.el7.x86_64.rpm
    MD5: 2d5c96256c89ec1a268a1082839ddf44
    SHA-256: 70b1ba7c4cb53ad54fd6f560116beb7dac7908fbbc47a622945c80b5e90860b9
    Size: 413.09 kB
  2. okular-devel-4.10.5-8.el7.x86_64.rpm
    MD5: deb2f3ba86938daa643699105194f891
    SHA-256: eec7c5dd7a7df9c47f5fea83816bb3eb70f7b80bf82ea5598f797fe0f70cc6f8
    Size: 48.12 kB
  3. okular-libs-4.10.5-8.el7.x86_64.rpm
    MD5: 415edbc3198a13bdaa10aa67db5927d4
    SHA-256: 49cd9e998c1b9d868c38ffeead62ddb5bf6c56dce4387c4ecb1cacd6c3266ee2
    Size: 228.44 kB
  4. okular-part-4.10.5-8.el7.x86_64.rpm
    MD5: 239115c023ac03ce6ad2711e7042a4bc
    SHA-256: 39f5174f5169ca8c5280003955b66ca377b97e7eab974548b810b310a9e83262
    Size: 838.79 kB
  5. okular-devel-4.10.5-8.el7.i686.rpm
    MD5: 8e5b8258ed4dbe4fc2170afb36978338
    SHA-256: 44b35166f4c2e2dbe9d07251cdb8621441ec9b20ec6a1d28871a5fc6f91b430d
    Size: 48.16 kB
  6. okular-libs-4.10.5-8.el7.i686.rpm
    MD5: 2fb9169cada4869b254367019b6ca2ad
    SHA-256: 7d0178320dd9f85a45110b62feb7126b8179a9b4b88550f2baa1233673e26c23
    Size: 237.28 kB