[CLSA-2026:1782485183] evince: Fix of CVE-2026-46529
Type:
security
Severity:
Important
Release date:
2026-06-26 14:46:37 UTC
Description:
- CVE-2026-46529: fix single-click RCE via /GoToR action argv injection by quoting the page-label, named-dest and search-string arguments passed to ev_spawn (backport of upstream 970c219e)
CVEs fixed:
Updated packages:
  • evince-40.5-2.el9.tuxcare.els1.x86_64.rpm
    sha:69b83e99fd7e2314d2a787e011185acfab0cc82eba68183a76bc89010a718a81
  • evince-devel-40.5-2.el9.tuxcare.els1.x86_64.rpm
    sha:473f360ebb115cc643abbfb11024c701ed946abce125418f21d4aef2bf403bd2
  • evince-dvi-40.5-2.el9.tuxcare.els1.x86_64.rpm
    sha:69f28d8dedd732090cf25a25eb86ed5f0f8733c201b1f1d6ba1513bc73817e7d
  • evince-libs-40.5-2.el9.tuxcare.els1.i686.rpm
    sha:893554e27b5befc1cb0df036d08e5a827289c1d479e3b5fcf77b22edf7e5aa8d
  • evince-libs-40.5-2.el9.tuxcare.els1.x86_64.rpm
    sha:7158d45c2d0f273a92988894741118178f32d2fdd6ba60a35b8ba41577f10508
  • evince-nautilus-40.5-2.el9.tuxcare.els1.x86_64.rpm
    sha:0903c70c7d13af443bdd18934271cabbfb7e9cc1fb0640fa33e96c2764a4dff9
  • evince-previewer-40.5-2.el9.tuxcare.els1.x86_64.rpm
    sha:45aabbd259a9db17bf1308ecb01343bca3dd16e74b626945206d4cc2e8371dac
  • evince-thumbnailer-40.5-2.el9.tuxcare.els1.x86_64.rpm
    sha:f43bff2176f970b1a537ad8aaaa617f786245f55ad68cb9947f69a301eabbcb1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.