ASA-202003-10 log original external raw

[ASA-202003-10] okular: arbitrary command execution
Arch Linux Security Advisory ASA-202003-10 ========================================== Severity: Low Date : 2020-03-13 CVE-ID : CVE-2020-9359 Package : okular Type : arbitrary command execution Remote : Yes Link : Summary ======= The package okular before version 19.12.3-3 is vulnerable to arbitrary command execution. Resolution ========== Upgrade to 19.12.3-3. # pacman -Syu "okular>=19.12.3-3" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A security issue has been found in Okular before 1.10.0, that can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries. Impact ====== A remote attacker can execute an arbitrary command by tricking a local user into opening a specially crafted PDF document. References ==========