Scientific Linux Security Update : evince on SL7.x x86_64
Medium Nessus Plugin ID 102660
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince- thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083)
SolutionUpdate the affected packages.