[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1881-1] evince security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : evince
Version        : 3.14.1-2+deb8u3
CVE ID         : CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006

A few issues were found in the Evince document viewer.

CVE-2017-1000159

    When printing from DVI to PDF, the dvipdfm tool was called without
    properly sanitizing the filename, which could lead to a command
    injection attack via the filename.

CVE-2019-11459

    The tiff_document_render() and tiff_document_get_thumbnail() did
    not check the status of TIFFReadRGBAImageOriented(), leading to
    uninitialized memory access if that funcion fails.

CVE-2019-1010006

    Some buffer overflow checks were not properly done, leading to
    application crash or possibly arbitrary code execution when
    opening maliciously crafted files.

For Debian 8 "Jessie", these problems have been fixed in version
3.14.1-2+deb8u3.

We recommend that you upgrade your evince packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1SqhoACgkQnUbEiOQ2
gwJUqBAApx4Lk52L/xsbI5E6Ly+ZR7g2PjAfO7rPHzTQo/l1GsGYr5TnhboUrPdG
uTirUgMrFvnAYALG7uWjRUhD5nHe/fgH+x/mfTtBX2Z77M0ufRNd/cL2mqZeB7a+
2ajBLG5/QNr3Ob9r0CeAQmtiM170en4JlE7xLZ9IBH3du2ZwgJzy8YD93fO4HSLb
8MagHhEncodKEhnzfjoki2fTsj1fepamyJcntJi/J/kyU2EEEt1wWVnV1abKMGx3
Kh3ogSJZPwETrTPjse78/t1CtEMhBgsrCnqO4UkdWX0ZCSsqjr9eIDsaZoMCVxQf
EcGNFVm5fOp2SaOqfmKCzXheY1R5hB67+z/ObzG+eqPEDJF7G6+krWDccLokqeri
Uvs1OmtCu6RXyqjrFcG9gQYaz8OJm39ofSnFNTJIzT7ZNduvs1BqCIDG0UxMJdit
aP/jG0qQUIXgMhOfV7J68swnkSBmlkE45gzR7Q/2UjB1u4fXZW1huGkfpuDkye3H
XOjkGNi0KiPjHI7YXwQ6hvq539V3XLfGDrtIPkaLQj9Ug0l1Hp+Ltuhx/y/5r9ew
/2szUobwd3nA6OI5hUMKEcEn1osi1lJOEyHe2hvV5Hmo51Q7VwKCbdX5cBmtQemC
Xpf4M4iViRiwB1sJLKQqs5yp5ZnNhM2tVFX2TVqYptx7R7Jqiug=
=HXPT
-----END PGP SIGNATURE-----


Reply to: