GLSA-201811-08 : Okular: Directory traversal
Medium Nessus Plugin ID 124214
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201811-08 (Okular: Directory traversal)
It was discovered that Okular contains a Directory Traversal vulnerability in function unpackDocumentArchive() in core/document.cpp.
A remote attacker could entice a user to open a specially crafted Okular archive, possibly allowing the writing of arbitrary files with the privileges of the process.
There is no known workaround at this time.
SolutionAll Okular users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-apps/okular-18.04.3-r1'