okular-21.08.1-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11110 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z okular-21.08.1-1.2 on GA media These are all security issues fixed in the okular-21.08.1-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11110 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11110 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-1000801/ SUSE CVE CVE-2018-1000801 page https://www.suse.com/security/cve/CVE-2020-9359/ SUSE CVE CVE-2020-9359 page openSUSE Tumbleweed okular-21.08.1-1.2 okular-devel-21.08.1-1.2 okular-lang-21.08.1-1.2 okular-mobile-21.08.1-1.2 okular-spectre-21.08.1-1.2 okular-21.08.1-1.2 as a component of openSUSE Tumbleweed okular-devel-21.08.1-1.2 as a component of openSUSE Tumbleweed okular-lang-21.08.1-1.2 as a component of openSUSE Tumbleweed okular-mobile-21.08.1-1.2 as a component of openSUSE Tumbleweed okular-spectre-21.08.1-1.2 as a component of openSUSE Tumbleweed okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 CVE-2018-1000801 openSUSE Tumbleweed:okular-21.08.1-1.2 openSUSE Tumbleweed:okular-devel-21.08.1-1.2 openSUSE Tumbleweed:okular-lang-21.08.1-1.2 openSUSE Tumbleweed:okular-mobile-21.08.1-1.2 openSUSE Tumbleweed:okular-spectre-21.08.1-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1000801.html CVE-2018-1000801 https://bugzilla.suse.com/1107591 SUSE Bug 1107591 KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. CVE-2020-9359 openSUSE Tumbleweed:okular-21.08.1-1.2 openSUSE Tumbleweed:okular-devel-21.08.1-1.2 openSUSE Tumbleweed:okular-lang-21.08.1-1.2 openSUSE Tumbleweed:okular-mobile-21.08.1-1.2 openSUSE Tumbleweed:okular-spectre-21.08.1-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-9359.html CVE-2020-9359 https://bugzilla.suse.com/1167435 SUSE Bug 1167435