1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4624-1] evince security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Feb 15 00:10:01 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4624-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : evince
    CVE ID : CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006
    Debian Bug : 927820

    Several vulnerabilities were discovered in evince, a simple multi-page
    document viewer.

    CVE-2017-1000159

    Tobias Mueller reported that the DVI exporter in evince is
    susceptible to a command injection vulnerability via specially
    crafted filenames.

    CVE-2019-11459

    Andy Nguyen reported that the tiff_document_render() and
    tiff_document_get_thumbnail() functions in the TIFF document backend
    did not handle errors from TIFFReadRGBAImageOriented(), leading to
    disclosure of uninitialized memory when processing TIFF image files.

    CVE-2019-1010006

    A buffer overflow vulnerability in the tiff backend could lead to
    denial of service, or potentially the execution of arbitrary code if
    a specially crafted PDF file is opened.

    For the oldstable distribution (stretch), these problems have been fixed
    in version 3.22.1-3+deb9u2.

    For the stable distribution (buster), these problems have been fixed in
    version 3.30.2-3+deb10u1. The stable distribution is only affected by CVE-2019-11459.

    We recommend that you upgrade your evince packages.

    For the detailed security status of evince please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/evince

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5HJltfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TDaRAAmBX8fGuGLGCkCa7bZSdnOknK+SbsWBDP+S9WrPI4I/RgScv42gNb3TtB JNxZBmD4pWkmHbADErn6/aPiJpaysZKBfHQQ7Qlib2nlGFvUWdww1IMhMFVvPs5I 9NgekbqI3C4/LylcpMs/ri9viMZoio1omovlB66t3mLSRmcEU9/bra9mA3iZ7wGB gW83jzoMXHbcrcyV4Fpv6yJrIE8huIZtooKzxkNReQiuqJo7DandByAEw1q3ivlj x3f6atTfni76yoUsoHQ23f4G9PgVnl3r2lit9bsE8PudUUjKMd/a4o4awahbvwbL v9Yq8ybq1SieoVE+MB2mNUa1KOTpCkkQki89ftLTxwbI5wksPw72Qpd7qewvIPJy RhBS7Ca3BFfMvSkAgyL3sVtCPT+KAS47At9gNpQ+4IqqEvWlAoVoXx/eXpxP2174 qo2s4TT9LTJRkBpDFwueWof0PBoOgubXtvSE9es4kFJXJITeOJtbArE8qTmQcOQy 8Ve4TZCbA3lvzBLxmKhetnFarSZm+6Fc+caINYh26WxG8aFKtG0nfRow6Y6tNMrK /l3KWU+nO18bezPt1yxVdfB1urnggMxRbP055CfR9JaTP5wYPF8FA/9h5UzzAAvC Y0EfdRXNbEkUZWY0iAUlKrgQyvXMZAP0r/OOkVKeoqFljWvaeQU=
    =yY0k
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)