Joined: 12 May 2004
|Posted: Sat Nov 10, 2018 3:26 am Post subject: [ GLSA 201811-08 ] Okular
|Gentoo Linux Security Advisory
Title: Okular: Directory traversal (GLSA 201811-08)
Okular is vulnerable to a directory traversal attack.
Okular is a universal document viewer based on KPDF for KDE 4.
Vulnerable: < 18.04.3-r1
Unaffected: >= 18.04.3-r1
Architectures: All supported architectures
It was discovered that Okular contains a Directory Traversal
vulnerability in function unpackDocumentArchive() in core/document.cpp.
A remote attacker could entice a user to open a specially crafted Okular
archive, possibly allowing the writing of arbitrary files with the
privileges of the process.
There is no known workaround at this time.
All Okular users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-apps/okular-18.04.3-r1"