[USN-6808-1] Atril vulnerability
Octavio Galland
octavio.galland at canonical.com
Wed Jun 5 21:55:37 UTC 2024
==========================================================================
Ubuntu Security Notice USN-6808-1
June 05, 2024
atril vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Atril could be made to create arbitrary files when opening a specially
crafted EPUB file.
Software Description:
- atril: Official Document Viewer of the MATE Desktop Environment
Details:
It was discovered that Atril was vulnerable to a path traversal attack.
An attacker could possibly use this vulnerability to create arbitrary
files on the host filesystem with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10
atril 1.26.0-2ubuntu0.1
atril-common 1.26.0-2ubuntu0.1
libatrildocument3 1.26.0-2ubuntu0.1
Ubuntu 22.04 LTS
atril 1.26.0-1ubuntu1.1
atril-common 1.26.0-1ubuntu1.1
libatrildocument3 1.26.0-1ubuntu1.1
Ubuntu 20.04 LTS
atril 1.24.0-1ubuntu0.1
atril-common 1.24.0-1ubuntu0.1
libatrildocument3 1.24.0-1ubuntu0.1
Ubuntu 18.04 LTS
atril 1.20.1-2ubuntu2+esm1
Available with Ubuntu Pro
atril-common 1.20.1-2ubuntu2+esm1
Available with Ubuntu Pro
libatrildocument3 1.20.1-2ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
atril 1.12.2-1ubuntu0.3+esm1
Available with Ubuntu Pro
atril-common 1.12.2-1ubuntu0.3+esm1
Available with Ubuntu Pro
libatrildocument3 1.12.2-1ubuntu0.3+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6808-1
CVE-2023-52076
Package Information:
https://launchpad.net/ubuntu/+source/atril/1.26.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/atril/1.26.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/atril/1.24.0-1ubuntu0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xF6E140F6DB359E58.asc
Type: application/pgp-keys
Size: 3163 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240605/700d81d6/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240605/700d81d6/attachment.sig>
More information about the ubuntu-security-announce
mailing list