Mageia 2018-0389: okular security update
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file crea...
Summary
okular version 18.08 and earlier contains a Directory Traversal
vulnerability in function "unpackDocumentArchive(...)" in
"core/document.cpp" that can result in Arbitrary file creation on the user
workstation. This attack appear to be exploitable via he victim must open
a specially crafted Okular archive (CVE-2018-1000801).
References
- https://bugs.mageia.org/show_bug.cgi?id=23562
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YYAUHZUZOJFM57K33S2TT4PJT33WY7W3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000801
Resolution
MGASA-2018-0389 - Updated okular packages fix security vulnerability
SRPMS
- 6/core/okular-17.12.2-1.1.mga6
Severity
Publication date: 21 Sep 2018
URL: https://advisories.mageia.org/MGASA-2018-0389.html
Type: security
CVE: CVE-2018-1000801
