|
|
Subscribe / Log in / New account

Mageia alert MGASA-2018-0399 (calibre)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2018-0399: Updated calibre packages fix security vulnerability 


Date:
              Fri, 19 Oct 2018 20:01:31 +0200


Message-ID:
              <20181019180131.F2E97A0017@duvel.mageia.org>


MGASA-2018-0399 - Updated calibre packages fix security vulnerability

Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0399.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-7889

Description:
Updated calibre package fixes security vulnerability:

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on
imported bookmark data, which allows remote attackers to execute arbitrary
code via a crafted .pickle file, as demonstrated by Python code that
contains an os.system call (CVE-2018-7889).

The python-html5-parser package is a new dependency for the updated calibre
package and has been included with this update.

References:
- https://bugs.mageia.org/show_bug.cgi?id=22814
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889

SRPMS:
- 6/core/calibre-3.27.1-2.mga6
- 6/core/python-html5-parser-0.4.4-1.1.mga6
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds