[CVE] Arbitrary command injection via DVI filename injection when printing to PDF
Bug #1759069 reported by
Simon Quigley
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
atril (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Simon Quigley | ||
Artful |
Fix Released
|
Medium
|
Simon Quigley |
Bug Description
Command injection in Evince via filename when printing to PDF is possible. This also affects Atril, which is a fork of Evince.
Here's the patch in Atril: https:/
CVE References
Changed in atril (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in atril (Ubuntu Artful): | |
status: | New → In Progress |
Changed in atril (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Fix Released |
Changed in atril (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in atril (Ubuntu Artful): | |
importance: | Undecided → Medium |
Changed in atril (Ubuntu Xenial): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
Changed in atril (Ubuntu Artful): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
To post a comment you must log in.
I have uploaded these fixes (for Xenial and Artful) to a fresh test PPA of mine with all architectures switched on and only the security repo enabled. I then tested both in VMs of each release, and they work as intended. It also fixes the security issue.
Security Team, feel free to copy my packages to your PPA: /launchpad. net/~tsimonq2/ +archive/ ubuntu/ security- test-builds/ +sourcepub/ 8884466/ +listing- archive- extra /launchpad. net/~tsimonq2/ +archive/ ubuntu/ security- test-builds/ +sourcepub/ 8884503/ +listing- archive- extra
https:/
https:/
The diffs for each are on that page if you would like to do it manually.
Martin, how do these fixes look?