[USN-6808-1] Atril vulnerability

Wed, 05 Jun 2024 14:59:22 -0700 

==========================================================================
Ubuntu Security Notice USN-6808-1
June 05, 2024

atril vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Atril could be made to create arbitrary files when opening a specially
crafted EPUB file.

Software Description:
- atril: Official Document Viewer of the MATE Desktop Environment

Details:

It was discovered that Atril was vulnerable to a path traversal attack.
An attacker could possibly use this vulnerability to create arbitrary
files on the host filesystem with user privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
   atril                           1.26.0-2ubuntu0.1
   atril-common                    1.26.0-2ubuntu0.1
   libatrildocument3               1.26.0-2ubuntu0.1

Ubuntu 22.04 LTS
   atril                           1.26.0-1ubuntu1.1
   atril-common                    1.26.0-1ubuntu1.1
   libatrildocument3               1.26.0-1ubuntu1.1

Ubuntu 20.04 LTS
   atril                           1.24.0-1ubuntu0.1
   atril-common                    1.24.0-1ubuntu0.1
   libatrildocument3               1.24.0-1ubuntu0.1

Ubuntu 18.04 LTS
   atril                           1.20.1-2ubuntu2+esm1
                                   Available with Ubuntu Pro
   atril-common                    1.20.1-2ubuntu2+esm1
                                   Available with Ubuntu Pro
   libatrildocument3               1.20.1-2ubuntu2+esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   atril                           1.12.2-1ubuntu0.3+esm1
                                   Available with Ubuntu Pro
   atril-common                    1.12.2-1ubuntu0.3+esm1
                                   Available with Ubuntu Pro
   libatrildocument3               1.12.2-1ubuntu0.3+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6808-1
   CVE-2023-52076

Package Information:
   https://launchpad.net/ubuntu/+source/atril/1.26.0-2ubuntu0.1
   https://launchpad.net/ubuntu/+source/atril/1.26.0-1ubuntu1.1
   https://launchpad.net/ubuntu/+source/atril/1.24.0-1ubuntu0.1

Attachment: OpenPGP_0xF6E140F6DB359E58.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature














    











					Reply via email to