Amazon Linux 2 Security Advisory: ALASMATE-DESKTOP1.X-2024-007
Advisory Release Date: 2024-02-15 04:09 Pacific
Advisory Updated Date: 2024-02-19 17:57 Pacific
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6. (CVE-2023-51698)
Affected Packages:
atril
Note:
This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update atril to update your system.
aarch64:
atril-1.20.2-1.amzn2.0.6.aarch64
atril-libs-1.20.2-1.amzn2.0.6.aarch64
atril-devel-1.20.2-1.amzn2.0.6.aarch64
atril-caja-1.20.2-1.amzn2.0.6.aarch64
atril-thumbnailer-1.20.2-1.amzn2.0.6.aarch64
atril-debuginfo-1.20.2-1.amzn2.0.6.aarch64
i686:
atril-1.20.2-1.amzn2.0.6.i686
atril-libs-1.20.2-1.amzn2.0.6.i686
atril-devel-1.20.2-1.amzn2.0.6.i686
atril-caja-1.20.2-1.amzn2.0.6.i686
atril-thumbnailer-1.20.2-1.amzn2.0.6.i686
atril-debuginfo-1.20.2-1.amzn2.0.6.i686
src:
atril-1.20.2-1.amzn2.0.6.src
x86_64:
atril-1.20.2-1.amzn2.0.6.x86_64
atril-libs-1.20.2-1.amzn2.0.6.x86_64
atril-devel-1.20.2-1.amzn2.0.6.x86_64
atril-caja-1.20.2-1.amzn2.0.6.x86_64
atril-thumbnailer-1.20.2-1.amzn2.0.6.x86_64
atril-debuginfo-1.20.2-1.amzn2.0.6.x86_64