A wkhtmltopdf security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a directory traversal vulnerability.
ELA-691-1 wkhtmltopdf security update
Package wkhtmltopdf
ELA-691-1 wkhtmltopdf security update
Version 0.12.1-2+deb8u1 (jessie), 0.12.3.2-3+deb9u1 (stretch)
Related CVEs CVE-2020-21365
Directory traversal vulnerability in wkhtmltopdf, a set of CLI utilities to convert html to pdf or image using WebKit, allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
For Debian 8 jessie, these problems have been fixed in version 0.12.1-2+deb8u1.
For Debian 9 stretch, these problems have been fixed in version 0.12.3.2-3+deb9u1.
We recommend that you upgrade your wkhtmltopdf packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
