|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for evince RHSA-2017:2388-01|
|Summary:||The remote host is missing an update for the 'evince'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'evince'
package(s) announced via the referenced advisory.
The evince packages provide a simple
multi-page document viewer for Portable Document Format (PDF), PostScript (PS),
Encapsulated PostScript (EPS) files, and, with additional back-ends, also the
Device Independent File format (DVI) files. Security Fix(es): * It was found
that evince did not properly sanitize the command line which is run to untar
Comic Book Tar (CBT) files, thereby allowing command injection. A specially
crafted CBT file, when opened by evince or evince-thumbnailer, could execute
arbitrary commands in the context of the evince program. (CVE-2017-1000083) Red
Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this
evince on Red Hat Enterprise Linux Server (v. 7)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-1000083|
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.