GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Nov 10, 2018 3:26 am Post subject: [ GLSA 201811-08 ] Okular |
 |
|
Gentoo Linux Security Advisory
Title: Okular: Directory traversal (GLSA 201811-08)
Severity: normal
Exploitable: remote
Date: 2018-11-10
Bug(s): #665662
ID: 201811-08
Synopsis
Okular is vulnerable to a directory traversal attack.
Background
Okular is a universal document viewer based on KPDF for KDE 4.
Affected Packages
Package: kde-apps/okular
Vulnerable: < 18.04.3-r1
Unaffected: >= 18.04.3-r1
Architectures: All supported architectures
Description
It was discovered that Okular contains a Directory Traversal
vulnerability in function unpackDocumentArchive() in core/document.cpp.
Impact
A remote attacker could entice a user to open a specially crafted Okular
archive, possibly allowing the writing of arbitrary files with the
privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All Okular users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=kde-apps/okular-18.04.3-r1"
|
References
CVE-2018-1000801
|
|
News & Announcements
