evince-3.22.1-5.2.el7
エラータID: AXSA:2017-2116:01
リリース日:
2017/09/09 Saturday - 15:10
題名:
evince-3.22.1-5.2.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
- GNOME Evinceのbackend/comics/comics-document.c の
comic book backend とも呼ばれる実装には、リモートの攻撃者が、tarアーカイブである .cbt
ファイルに、--checkpoint-action=exec=bash のような
"--"で始まるファイル名のファイルを含めることを介して、
任意のコマンドを実行できる脆弱性があります。(CVE-2017-1000083)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
Update packages.
CVE:
CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
追加情報:
N/A
ダウンロード:
SRPMS
- evince-3.22.1-5.2.el7.src.rpm
MD5: aae4e8f784692dd0c167e84d094fe11f
SHA-256: ffb0893bdf8451546ce1c493bcc52ecf4066ca45e1fe9253610cf57f8fe54535
Size: 3.26 MB
Asianux Server 7 for x86_64
- evince-3.22.1-5.2.el7.x86_64.rpm
MD5: a0644dedf52f68b50a03e51f49b96478
SHA-256: fd1de8381792cf73650f5a726b695e1b8771f99832ecacc3d44aba54b0362326
Size: 2.51 MB - evince-dvi-3.22.1-5.2.el7.x86_64.rpm
MD5: 0d6ec234ab37854a517cd5d0502a0973
SHA-256: 1424fcb18367f57d999f2078cb76b89bfe53fd4ea4d75d826d2a9f3682fd2e3a
Size: 93.86 kB - evince-libs-3.22.1-5.2.el7.x86_64.rpm
MD5: 543433908c616d21552ece8c2244acbb
SHA-256: f5c2e2aa1e21a4e05ff1878928b19f8d60742ea7a38a9049b983b8392845c72e
Size: 357.05 kB - evince-nautilus-3.22.1-5.2.el7.x86_64.rpm
MD5: 2000e4bb0fcbc5e774b979d71e05fbb4
SHA-256: 7d139071e00cab0867d81ea7603952a3bcf5f81d43cf9f18860486819d1f8f90
Size: 39.45 kB - evince-libs-3.22.1-5.2.el7.i686.rpm
MD5: 93933de7d15c22c873757bfdecee1c50
SHA-256: 26dd7beda8b8f16be5e7cd4a1e0eab1d21a464a22efc623029c8b6ae2a1b765b
Size: 357.06 kB