summaryrefslogtreecommitdiffstats
path: root/kde/patch/okular/cve-2020-9359.patch
diff options
context:
space:
mode:
author Eric Hameleers <alien@slackware.com>2020-03-20 10:34:34 +0100
committer Eric Hameleers <alien@slackware.com>2020-03-20 10:34:34 +0100
commit05f4009a4a1497d3cc553b865b1617c4d38b005f (patch)
treef31c0cf40a0a3ae280b1c1958bc9b130624501cb /kde/patch/okular/cve-2020-9359.patch
parent4545d1e713e90498254656ed03c18fc618b2f251 (diff)
downloadktown-05f4009a4a1497d3cc553b865b1617c4d38b005f.tar.gz
ktown-05f4009a4a1497d3cc553b865b1617c4d38b005f.tar.xz
okular: addresss and fix CVE-2020-9359
Diffstat (limited to '')
-rw-r--r--kde/patch/okular/cve-2020-9359.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/kde/patch/okular/cve-2020-9359.patch b/kde/patch/okular/cve-2020-9359.patch
new file mode 100644
index 0000000..d82c91c
--- /dev/null
+++ b/kde/patch/okular/cve-2020-9359.patch
@@ -0,0 +1,32 @@
+Okular: Local binary execution via action links
+CVE: CVE-2020-9359
+
+Okular can be tricked into executing local binaries via specially crafted
+PDF files.
+This binary execution can require almost no user interaction.
+No parameters can be passed to those local binaries.
+We have not been able to identify any binary that will cause actual damage,
+be it in the hardware or software level, when run without parameters.
+
+We remain relatively confident that for this issue to do any actual damage,
+it has to run a binary specially crafted. That binary must have been deployed
+to the user system via another method, be it the user downloading it directly
+as an email attachment, webpage download, etc. or by the system being
+already compromised.
+
+
+diff --git a/core/document.cpp b/core/document.cpp
+index 3215a1abce6292a6cc25c5f8b645232c92d75ec5..0aa5b698019a2660f2d6baabd54cef1e82002b0e 100644
+--- a/core/document.cpp
++++ b/core/document.cpp
+@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action )
+ {
+ const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url);
+ // KRun autodeletes
+- new KRun( realUrl, d->m_widget );
++ KRun *r = new KRun( realUrl, d->m_widget );
++ r->setRunExecutables(false);
+ }
+ }
+ } break;
+