Bug 1107591 (CVE-2018-1000801)

Summary: VUL-0: CVE-2018-1000801: okular: Directory traversal in function unpackDocumentArchive() in core/document.cpp
Product: [openSUSE] openSUSE Distribution Reporter: Marcus Meissner <meissner>
Component: KDE ApplicationsAssignee: E-Mail List <opensuse-kde-bugs>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: astieger, lbeltrame
Version: Leap 42.3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/213875/
Whiteboard: CVSSv3:RedHat:CVE-2018-1000801:5.5:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2018-09-07 06:29:20 UTC
rh#1626265

okular version 18.08 and earlier contains a Directory Traversal vulnerability in
function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in
Arbitrary file creation on the user workstation. This attack appear to be
exploitable via he victim must open a specially crafted Okular archive. This
issue appears to have been corrected in version 18.08.1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1626265
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000801
https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47
https://bugs.kde.org/show_bug.cgi?id=398096
Comment 1 Luca Beltrame 2018-09-10 15:37:53 UTC
Update is already queued for Tumbleweed, 15.0 was done right now. 42.3 following up.
Comment 2 Swamp Workflow Management 2018-09-10 16:30:09 UTC
This is an autogenerated message for OBS integration:
This bug (1107591) was mentioned in
https://build.opensuse.org/request/show/634778 15.0 / okular
https://build.opensuse.org/request/show/634779 42.3 / okular
Comment 3 Andreas Stieger 2018-09-10 17:47:08 UTC
> https://build.opensuse.org/request/show/634779 42.3 / okular

Does not build
Comment 4 Swamp Workflow Management 2018-09-10 21:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1107591) was mentioned in
https://build.opensuse.org/request/show/634802 42.3 / okular
Comment 5 Swamp Workflow Management 2018-09-11 07:30:06 UTC
This is an autogenerated message for OBS integration:
This bug (1107591) was mentioned in
https://build.opensuse.org/request/show/634880 Backports:SLE-12-SP3 / okular
Comment 6 Andreas Stieger 2018-09-15 08:08:45 UTC
done
Comment 7 Swamp Workflow Management 2018-09-15 13:10:28 UTC
openSUSE-SU-2018:2727-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1107591
CVE References: CVE-2018-1000801
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    okular-17.04.2-11.1
Comment 8 Swamp Workflow Management 2018-09-15 13:13:58 UTC
openSUSE-SU-2018:2733-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1107591
CVE References: CVE-2018-1000801
Sources used:
openSUSE Leap 42.3 (src):    okular-17.04.2-6.1
openSUSE Leap 15.0 (src):    okular-17.12.3-lp150.3.3.1
Comment 9 Swamp Workflow Management 2018-09-22 07:23:49 UTC
openSUSE-SU-2018:2733-2: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1107591
CVE References: CVE-2018-1000801
Sources used:
openSUSE Backports SLE-15 (src):    okular-17.12.3-bp150.3.3.1