Bug 8224 - atril escurity vulnerability CVE-2017-1000083
: atril escurity vulnerability CVE-2017-1000083
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Contributed Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
https://advisories.mageia.org/MGASA-2...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-10 03:20 MSD by Zombie Ryushu
Modified: 2017-08-10 16:24 MSD (History)
2 users (show)

See Also:
RPM Package: atril
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2017-08-10 03:20:38 MSD
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Comment 1 Zombie Ryushu 2017-08-10 03:23:43 MSD
It was discovered that Atril made insecure use of tar when opening tar
comic book archives (CBT). Opening a malicious CBT archive could result
in the execution of arbitrary code. This update disables the CBT format
entirely (CVE-2017-1000083).
Comment 2 Denis Silakov 2017-08-10 16:24:56 MSD
This bug has been already addressed.