MGASA-2017-0127

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0127.html

Import Source

https://advisories.mageia.org/MGASA-2017-0127.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0127

Related

CVE-2016-10243

Published

2017-05-03T09:48:17Z

Modified

2017-05-03T09:14:25Z

Summary

Updated texlive packages fix security vulnerability

Details

It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code (called \write18). Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document (CVE-2016-10243).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / texlive

Package

Name: texlive
Purl: pkg:rpm/mageia/texlive?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20130530-21.1.mga5

Ecosystem specific

{
    "section": "core"
}