Re: [evince] any discussion of evince pdf malware vulnerabilities?



On Thu, 2017-05-11 at 10:40 -0700, Mark Dwyer via evince-list wrote:
Recently received pdf email attachment from an unknown source and
was 
reminded that these can contain viruses/malware. If there is a site
that 
describes evince's hardening against such attacks, I was not able to 
find it.

I do not think so. I would start looking for Evince AppArmor profiles
and Evince SELinux. AFAIK, Evince is commonly sandboxed by
distributions.

For example, in Ubuntu Evince's AppArmor profile is distributed in the
Evince package:
http://archive.ubuntu.com/ubuntu/pool/main/e/evince/evince_3.24.0-0ubun
tu1.debian.tar.xz

-- 
Germán Poo-Caamaño
http://calcifer.org/

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]