moderate: evince/file security update
moderate
An update for evince/file is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
evince: Evince is simple multi-page document viewer. It can display and print Portable Document Format (PDF), PostScript (PS) and Encapsulated PostScript (EPS) files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks and editing of forms.
file: Libraries for applications using libmagic.
Security Fix(es):
evince: A flaw was found in Poppler in the way certain PDF files were converted into HTML. This flaw allows a remote attacker to provide a malicious PDF file that, when processed by the 'pdftohtml' program, crashes the application, causing a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-27778)
evince: bugfix
file: cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218)
file: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.B0B9.