Debian Security Advisory 5688-1 ≈ Packet Storm

Home ^[1] Files ^[2] News ^[3] &[SERVICES_TAB] Contact ^[4] Add New ^[5]

Debian Security Advisory 5688-1^[6]: Authored by Debian ^[7] | Site debian.org ^[8]; Debian Linux Security Advisory 5688-1 - It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened.; systems | linux ^[9], debian ^[10]; advisories | CVE-2023-52076 ^[11]; SHA-256 | ce64dbc7042d36045420d8024d1749d0ba1c9d8b43b3a218aec4ed4925c70038; Download ^[12] | Favorite ^[13] | View ^[14]

        -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5688-1                   Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://www.debian.org/security/                       Moritz Muehlenhoff
May 12, 2024                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package        : atril
CVE ID         : CVE-2023-52076
It was discovered that missing input sanitising in the Atril document
viewer could result in writing arbitrary files in the users home directory
if a malformed epub document is opened.
For the oldstable distribution (bullseye), this problem has been fixed
in version 1.24.0-1+deb11u1. This update also disables support for
comic book archives, mitigating CVE-2023-51698.
For the stable distribution (bookworm), this problem has been fixed in
version 1.26.0-2+deb12u3.
We recommend that you upgrade your atril packages.
For the detailed security status of atril please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/atril
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZAwWEACgkQEMKTtsN8
TjYqAw/+OF7wq08UNm4f0fbj/1xH8rFftCj/pnB1XGjkPiOPQA7cYDHUM0kRjEQt
4MDCxzQXs5gWOR20XhZUUij95xj2d29t99N9xRWdhoC49pWOfAUKRNojrt+aa/LX
SzEd2tQTWD+RuFd0ODUVJ8EYwwTH+U+NA2qVRnrXVS2PT3rUIotdXjIUPPe+LII+
UX/wx3c8AKBk8UH+2bJJnLpZ26KqzcoQR4Qx4hClx0mvDFtmbKPANBeiiJSmy3er
Y9VG7PSDqI0m+N67Sa5mOqOr9rVFNpqXJegSm/RIEvN/K3J+HKtxpkDyWIsG8tro
ZxA53WanVGLjWVU9HnE+XtwMvEQcjlg2r/vaN/oisbdFzybbBFrvoITVBQTeKnMP
GVI3IIPGRBlHYGFJpvhc25xZfVphYlqB9gVwDIlkIIPCa23fr4KilCK/k7fDTrF/
3ae91LnzyLMIxBIIDmtEbdWxKxCnizZtTpZf0Tdy1srueqdW5FdqT0fl/SZqtWhJ
2g/uAROk4lOvs8H609it8UCK4X9PPZwYci7gzKHBpzQ5vuI+oAjL9EN41R4sahq6
Wl0Z7n5gFcsfpfKSkdFosLMylsfQ3h2Wfdw/obiXr9VYjIUQHBdQ6zUgOnwdhNp8
hvwY2WNDWrpwg2mu0cp8zRcCFLeHtfYcza9VWtiJcEa+6WAAemQ=
=6TWQ
-----END PGP SIGNATURE-----