evince-3.22.1-5.2.el7

エラータID: AXSA:2017-2116:01

Release date: 
Saturday, September 9, 2017 - 15:10
Subject: 
evince-3.22.1-5.2.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Evince is simple multi-page document viewer. It can display and print
Portable Document Format (PDF), PostScript (PS) and Encapsulated PostScript
(EPS) files. When supported by the document format, evince allows searching
for text, copying text to the clipboard, hypertext navigation,
table-of-contents bookmarks and editing of forms.

Support for other document formats such as DVI and DJVU can be added by
installing additional backends.

CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in
GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary
commands via a .cbt file that is a TAR archive containing a filename beginning
with a "--" command-line option substring, as demonstrated by
a --checkpoint-action=exec=bash at the beginning of the filename.

Solution: 

Update packages.

CVEs: 
CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
Additional Info: 

N/A

Download: 

SRPMS
  1. evince-3.22.1-5.2.el7.src.rpm
    MD5: aae4e8f784692dd0c167e84d094fe11f
    SHA-256: ffb0893bdf8451546ce1c493bcc52ecf4066ca45e1fe9253610cf57f8fe54535
    Size: 3.26 MB

Asianux Server 7 for x86_64
  1. evince-3.22.1-5.2.el7.x86_64.rpm
    MD5: a0644dedf52f68b50a03e51f49b96478
    SHA-256: fd1de8381792cf73650f5a726b695e1b8771f99832ecacc3d44aba54b0362326
    Size: 2.51 MB
  2. evince-dvi-3.22.1-5.2.el7.x86_64.rpm
    MD5: 0d6ec234ab37854a517cd5d0502a0973
    SHA-256: 1424fcb18367f57d999f2078cb76b89bfe53fd4ea4d75d826d2a9f3682fd2e3a
    Size: 93.86 kB
  3. evince-libs-3.22.1-5.2.el7.x86_64.rpm
    MD5: 543433908c616d21552ece8c2244acbb
    SHA-256: f5c2e2aa1e21a4e05ff1878928b19f8d60742ea7a38a9049b983b8392845c72e
    Size: 357.05 kB
  4. evince-nautilus-3.22.1-5.2.el7.x86_64.rpm
    MD5: 2000e4bb0fcbc5e774b979d71e05fbb4
    SHA-256: 7d139071e00cab0867d81ea7603952a3bcf5f81d43cf9f18860486819d1f8f90
    Size: 39.45 kB
  5. evince-libs-3.22.1-5.2.el7.i686.rpm
    MD5: 93933de7d15c22c873757bfdecee1c50
    SHA-256: 26dd7beda8b8f16be5e7cd4a1e0eab1d21a464a22efc623029c8b6ae2a1b765b
    Size: 357.06 kB