DebianDEBIAN:DLA-1031-1:AF9A5[SECURITY] [DLA 1031-1] evince security update
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.142 Low
EPSS
Percentile
95.7%
Package : evince
Version : 3.4.0-3.1+deb7u1
CVE ID : CVE-2017-1000083
Debian Bug : 868500
from the Google Security Team discovered that the Evince document
viewer made insecure use of tar when opening tar comic book archives
(CBT). Opening a malicious CBT archive could result in the execution
of arbitrary code. This update disables the CBT format entirely.
For Debian 7 "Wheezy", these problems have been fixed in version
3.4.0-3.1+deb7u1.
We recommend that you upgrade your evince packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | mipsel | libatrildocument3 | < 1.16.1-2+deb9u1 | libatrildocument3_1.16.1-2+deb9u1_mipsel.deb |
| Debian | 9 | s390x | browser-plugin-evince | < 3.22.1-3+deb9u1 | browser-plugin-evince_3.22.1-3+deb9u1_s390x.deb |
| Debian | 8 | armhf | atril | < 1.8.1+dfsg1-4+deb8u1 | atril_1.8.1+dfsg1-4+deb8u1_armhf.deb |
| Debian | 9 | mips | atril | < 1.16.1-2+deb9u1 | atril_1.16.1-2+deb9u1_mips.deb |
| Debian | 9 | amd64 | libevdocument3-4-dbgsym | < 3.22.1-3+deb9u1 | libevdocument3-4-dbgsym_3.22.1-3+deb9u1_amd64.deb |
| Debian | 8 | kfreebsd-amd64 | libatrildocument-dev | < 1.8.1+dfsg1-4+deb8u1 | libatrildocument-dev_1.8.1+dfsg1-4+deb8u1_kfreebsd-amd64.deb |
| Debian | 8 | powerpc | evince | < 3.14.1-2+deb8u2 | evince_3.14.1-2+deb8u2_powerpc.deb |
| Debian | 8 | kfreebsd-amd64 | libevview3-3 | < 3.14.1-2+deb8u2 | libevview3-3_3.14.1-2+deb8u2_kfreebsd-amd64.deb |
| Debian | 9 | ppc64el | libevview3-3-dbgsym | < 3.22.1-3+deb9u1 | libevview3-3-dbgsym_3.22.1-3+deb9u1_ppc64el.deb |
| Debian | 8 | kfreebsd-amd64 | libatrilview3-dbg | < 1.8.1+dfsg1-4+deb8u1 | libatrilview3-dbg_1.8.1+dfsg1-4+deb8u1_kfreebsd-amd64.deb |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.142 Low
EPSS
Percentile
95.7%