Amazon Linux 2 Security Advisory: ALAS2MATE-DESKTOP1.X-2026-011
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-08
Severity:
Important
Issue Overview:
CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in ev_spawn() in ev-application.c. (CVE-2026-46529)
Affected Packages:
atril
Note:
This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update atril or yum update --advisory ALAS2MATE-DESKTOP1.X-2026-011 to update your system.
New Packages:
aarch64:
atril-1.20.2-1.amzn2.0.7.aarch64
atril-libs-1.20.2-1.amzn2.0.7.aarch64
atril-devel-1.20.2-1.amzn2.0.7.aarch64
atril-caja-1.20.2-1.amzn2.0.7.aarch64
atril-thumbnailer-1.20.2-1.amzn2.0.7.aarch64
atril-debuginfo-1.20.2-1.amzn2.0.7.aarch64
i686:
atril-1.20.2-1.amzn2.0.7.i686
atril-libs-1.20.2-1.amzn2.0.7.i686
atril-devel-1.20.2-1.amzn2.0.7.i686
atril-caja-1.20.2-1.amzn2.0.7.i686
atril-thumbnailer-1.20.2-1.amzn2.0.7.i686
atril-debuginfo-1.20.2-1.amzn2.0.7.i686
src:
atril-1.20.2-1.amzn2.0.7.src
x86_64:
atril-1.20.2-1.amzn2.0.7.x86_64
atril-libs-1.20.2-1.amzn2.0.7.x86_64
atril-devel-1.20.2-1.amzn2.0.7.x86_64
atril-caja-1.20.2-1.amzn2.0.7.x86_64
atril-thumbnailer-1.20.2-1.amzn2.0.7.x86_64
atril-debuginfo-1.20.2-1.amzn2.0.7.x86_64