Oval Definition:oval:com.redhat.rhsa:def:20172388
Revision Date:2017-08-01Version:636
Title:RHSA-2017:2388: evince security update (Important)
Description:The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.

Security Fix(es):

  • It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083)

    Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2017-1000083
    RHSA-2017:2388
    RHSA-2017:2388-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • evince is earlier than 0:3.22.1-5.2.el7_4
  • AND evince is signed with Red Hat redhatrelease2 key
  • evince-browser-plugin is earlier than 0:3.22.1-5.2.el7_4
  • AND evince-browser-plugin is signed with Red Hat redhatrelease2 key
  • evince-devel is earlier than 0:3.22.1-5.2.el7_4
  • AND evince-devel is signed with Red Hat redhatrelease2 key
  • evince-dvi is earlier than 0:3.22.1-5.2.el7_4
  • AND evince-dvi is signed with Red Hat redhatrelease2 key
  • evince-libs is earlier than 0:3.22.1-5.2.el7_4
  • AND evince-libs is signed with Red Hat redhatrelease2 key
  • evince-nautilus is earlier than 0:3.22.1-5.2.el7_4
  • AND evince-nautilus is signed with Red Hat redhatrelease2 key
    • BACK