[SECURITY] [DSA 5688-1] atril security update

2024-05-1213:21:12

lists.debian.org

input sanitising

security advisory

arbitrary files

cve-2023-52076

atril

debian

5.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

JSON

Debian Security Advisory DSA-5688-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
May 12, 2024 https://www.debian.org/security/faq

Package : atril
CVE ID : CVE-2023-52076

It was discovered that missing input sanitising in the Atril document
viewer could result in writing arbitrary files in the users home directory
if a malformed epub document is opened.

For the oldstable distribution (bullseye), this problem has been fixed
in version 1.24.0-1+deb11u1. This update also disables support for
comic book archives, mitigating CVE-2023-51698.

For the stable distribution (bookworm), this problem has been fixed in
version 1.26.0-2+deb12u3.

We recommend that you upgrade your atril packages.

For the detailed security status of atril please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/atril

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11allgir1.2-atrilview-1.5.0< 1.24.0-1+deb11u1gir1.2-atrilview-1.5.0_1.24.0-1+deb11u1_all.deb
Debian12alllibatrildocument-dev< 1.26.0-2+deb12u3libatrildocument-dev_1.26.0-2+deb12u3_all.deb
Debian11alllibatrilview3< 1.24.0-1+deb11u1libatrilview3_1.24.0-1+deb11u1_all.deb
Debian12allatril-common< 1.26.0-2+deb12u3atril-common_1.26.0-2+deb12u3_all.deb
Debian11allatril< 1.24.0-1+deb11u1atril_1.24.0-1+deb11u1_all.deb
Debian12allgir1.2-atrilview-1.5.0< 1.26.0-2+deb12u3gir1.2-atrilview-1.5.0_1.26.0-2+deb12u3_all.deb
Debian11alllibatrildocument-dev< 1.24.0-1+deb11u1libatrildocument-dev_1.24.0-1+deb11u1_all.deb
Debian12alllibatrilview-dev< 1.26.0-2+deb12u3libatrilview-dev_1.26.0-2+deb12u3_all.deb
Debian11alllibatrildocument3< 1.24.0-1+deb11u1libatrildocument3_1.24.0-1+deb11u1_all.deb
Debian11allatril-common< 1.24.0-1+deb11u1atril-common_1.24.0-1+deb11u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	gir1.2-atrilview-1.5.0	< 1.24.0-1+deb11u1	gir1.2-atrilview-1.5.0_1.24.0-1+deb11u1_all.deb
Debian	12	all	libatrildocument-dev	< 1.26.0-2+deb12u3	libatrildocument-dev_1.26.0-2+deb12u3_all.deb
Debian	11	all	libatrilview3	< 1.24.0-1+deb11u1	libatrilview3_1.24.0-1+deb11u1_all.deb
Debian	12	all	atril-common	< 1.26.0-2+deb12u3	atril-common_1.26.0-2+deb12u3_all.deb
Debian	11	all	atril	< 1.24.0-1+deb11u1	atril_1.24.0-1+deb11u1_all.deb
Debian	12	all	gir1.2-atrilview-1.5.0	< 1.26.0-2+deb12u3	gir1.2-atrilview-1.5.0_1.26.0-2+deb12u3_all.deb
Debian	11	all	libatrildocument-dev	< 1.24.0-1+deb11u1	libatrildocument-dev_1.24.0-1+deb11u1_all.deb
Debian	12	all	libatrilview-dev	< 1.26.0-2+deb12u3	libatrilview-dev_1.26.0-2+deb12u3_all.deb
Debian	11	all	libatrildocument3	< 1.24.0-1+deb11u1	libatrildocument3_1.24.0-1+deb11u1_all.deb
Debian	11	all	atril-common	< 1.24.0-1+deb11u1	atril-common_1.24.0-1+deb11u1_all.deb