Recommended update for evince SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:1648-1 Final 1 1 2019-06-21T15:41:52Z current 2019-06-21T15:41:52Z 2019-06-21T15:41:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for evince This update for evince provides the following fixes: Security issue fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of unitialized use of memory (bsc#1133037). Other issue addressed: - Removed Supplements from psdocument package, so that it isn't pulled in by default (bsc#1122794). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-1648,SUSE-SLE-Module-Desktop-Applications-15-2019-1648,SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1648,SUSE-SLE-Module-Development-Tools-OBS-15-2019-1648,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1648 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20191648-1/ Link for SUSE-SU-2019:1648-1 https://lists.suse.com/pipermail/sle-security-updates/2019-June/005621.html E-Mail link for SUSE-SU-2019:1648-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1122794 SUSE Bug 1122794 https://bugzilla.suse.com/1133037 SUSE Bug 1133037 https://www.suse.com/security/cve/CVE-2019-11459/ SUSE CVE CVE-2019-11459 page SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 evince-3.26.0+20180128.1bd86963-4.7.3 evince-devel-3.26.0+20180128.1bd86963-4.7.3 evince-lang-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-comicsdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-djvudocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-dvidocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-psdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-4.7.3 libevdocument3-4-3.26.0+20180128.1bd86963-4.7.3 libevview3-3-3.26.0+20180128.1bd86963-4.7.3 nautilus-evince-3.26.0+20180128.1bd86963-4.7.3 typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-4.7.3 typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-4.7.3 evince-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 evince-devel-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 evince-lang-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 evince-plugin-djvudocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 evince-plugin-dvidocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 evince-plugin-psdocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libevdocument3-4-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libevview3-3-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 nautilus-evince-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 evince-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 evince-devel-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 evince-lang-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 evince-plugin-djvudocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 evince-plugin-dvidocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 evince-plugin-psdocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 libevdocument3-4-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 libevview3-3-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 nautilus-evince-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-4.7.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. CVE-2019-11459 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:evince-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:evince-devel-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:evince-lang-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:evince-plugin-djvudocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:evince-plugin-dvidocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:evince-plugin-psdocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libevdocument3-4-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libevview3-3-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:nautilus-evince-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:evince-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:evince-devel-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:evince-lang-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:evince-plugin-djvudocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:evince-plugin-dvidocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:evince-plugin-psdocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:libevdocument3-4-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:libevview3-3-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:nautilus-evince-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-4.7.3 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-4.7.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20191648-1/ https://www.suse.com/security/cve/CVE-2019-11459.html CVE-2019-11459 https://bugzilla.suse.com/1133037 SUSE Bug 1133037