{"id":"USN-4024-1","summary":"evince update","details":"As a security improvement, this update adjusts the AppArmor profile for the\nEvince thumbnailer to reduce access to the system and adjusts the AppArmor\nprofile for Evince and Evince previewer to limit access to the DBus system\nbus. Additionally adjust the evince abstraction to disallow writes on\nparent directories of sensitive files.\n","modified":"2026-04-22T09:57:34.937571Z","published":"2019-06-19T20:00:47Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4024-1"},{"type":"REPORT","url":"https://launchpad.net/bugs/1788929"},{"type":"REPORT","url":"https://launchpad.net/bugs/1794848"}],"affected":[{"package":{"name":"evince","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/evince@3.18.2-1ubuntu4.5?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.2-1ubuntu4.5"}]}],"versions":["3.16.1-0ubuntu1","3.18.1-1ubuntu1","3.18.1-1ubuntu2","3.18.2-1ubuntu1","3.18.2-1ubuntu2","3.18.2-1ubuntu3","3.18.2-1ubuntu4","3.18.2-1ubuntu4.1","3.18.2-1ubuntu4.2","3.18.2-1ubuntu4.3","3.18.2-1ubuntu4.4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"evince","binary_version":"3.18.2-1ubuntu4.5"},{"binary_name":"evince-common","binary_version":"3.18.2-1ubuntu4.5"},{"binary_name":"evince-gtk","binary_version":"3.18.2-1ubuntu4.5"},{"binary_name":"gir1.2-evince-3.0","binary_version":"3.18.2-1ubuntu4.5"},{"binary_name":"libevdocument3-4","binary_version":"3.18.2-1ubuntu4.5"},{"binary_name":"libevview3-3","binary_version":"3.18.2-1ubuntu4.5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4024-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:16.04:LTS"}}},{"package":{"name":"evince","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/evince@3.28.4-0ubuntu1.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.4-0ubuntu1.2"}]}],"versions":["3.26.0-1","3.26.0-2","3.26.0-3","3.27.91-1","3.27.92-1","3.28.0-1","3.28.2-1","3.28.4-0ubuntu1","3.28.4-0ubuntu1.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"browser-plugin-evince","binary_version":"3.28.4-0ubuntu1.2"},{"binary_name":"evince","binary_version":"3.28.4-0ubuntu1.2"},{"binary_name":"evince-common","binary_version":"3.28.4-0ubuntu1.2"},{"binary_name":"gir1.2-evince-3.0","binary_version":"3.28.4-0ubuntu1.2"},{"binary_name":"libevdocument3-4","binary_version":"3.28.4-0ubuntu1.2"},{"binary_name":"libevview3-3","binary_version":"3.28.4-0ubuntu1.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4024-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:18.04:LTS"}}}],"schema_version":"1.7.5"}