CVE-2017-1000083

Priority
Description
backend/comics/comics-document.c (aka the comic book backend) in GNOME
Evince before 3.24.1 allows remote attackers to execute arbitrary commands
via a .cbt file that is a TAR archive containing a filename beginning with
a "--" command-line option substring, as demonstrated by a
--checkpoint-action=exec=bash at the beginning of the filename.
Ubuntu-Description
Felix Wilhelm discovered that Evince did not safely invoke tar when
handling tar comic book (cbt) files. An attacker could use this to
construct a malicious comic book format file that, when opened in
Evince, executes arbitrary code.
Notes
sbeattieupstream evince in git has switched to using libarchive
The fix for this issue disables CBT support, as tar offers to
many opportunities to invoke commands and CBT is a rarely used comic
book format.
Package
Source: atril (LP Ubuntu Debian)
Upstream:released (1.18.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.12.2-1ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.18.1-1)
Package
Upstream:released (3.24.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [3.10.3-0ubuntu10.3])
Ubuntu 16.04 LTS (Xenial Xerus):released (3.18.2-1ubuntu4.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.24.1-0ubuntu1)
More Information

Updated: 2020-01-29 19:57:33 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)