An okular security update has been released for Fedora 31 that addresses an issue where Okular can be tricked into executing local binaries via specially crafted PDF files.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-7036f54316
2020-03-24 01:48:02.704940
--------------------------------------------------------------------------------
Name : okular
Product : Fedora 31
Version : 19.12.3
Release : 2.fc31
URL : https://www.kde.org/applications/graphics/okular/
Summary : A document viewer
Description :
A document viewer.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-9359
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2020 Rex Dieter - 19.12.3-2
- Security fix for CVE-2020-9359 (#1815651,1815652)
* Fri Mar 6 2020 Rex Dieter - 19.12.3-1
- 19.12.3
* Tue Feb 4 2020 Rex Dieter - 19.12.2-1
- 19.12.2
* Thu Jan 30 2020 Rex Dieter - 19.12.1-1
- 19.12.1
* Wed Jan 29 2020 Fedora Release Engineering - 19.08.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jan 17 2020 Marek Kasik - 19.08.3-2
- Rebuild for poppler-0.84.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1815651 - CVE-2020-9359 okular: local binary execution via specially crafted PDF files
https://bugzilla.redhat.com/show_bug.cgi?id=1815651
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-7036f54316' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
