Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : evince vulnerability (USN-3351-1)
Medium Nessus Plugin ID 101545
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionFelix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book (cbt) files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in Evince.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected evince and / or evince-common packages.