Wind River Support Network

HomeDefectsLIN9-5220

Fixed

LIN9-5220 : Security Advisory - evince - CVE-2017-1000083

Created: Sep 14, 2017 Updated: Dec 3, 2018

Resolved Date: Jan 8, 2018

Found In Version: 9.0.0.10

Fix Version: 9.0.0.14

Severity: Standard

Applicable for: Wind River Linux 9

Component/s: Userspace

Description

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a -- command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

https://nvd.nist.gov/vuln/detail/CVE-2017-1000083

Other Downloads

Wind River Linux 9.0.0.14
Wind River Linux 9.0.0.15
Wind River Linux 9.0.0.16
Wind River Linux 9.0.0.17
Wind River Linux 9.0.0.18
Wind River Linux 9.0.0.19
Wind River Linux 9.0.0.20
Wind River Linux 9.0.0.21
Wind River Linux 9.0.0.22
Wind River Linux 9.0.0.23
Wind River Linux 9.0.0.24
Wind River Linux 9.0.0.25
Wind River Linux 9.0.0.26

CVEs

CVE-2017-1000083