MGASA-2017-0127

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0127.html

Import Source

https://advisories.mageia.org/MGASA-2017-0127.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0127

Related

CVE-2016-10243

Published

2017-05-03T09:48:17Z

Modified

2017-05-03T09:14:25Z

Summary

Updated texlive packages fix security vulnerability

Details

It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code (called \write18). Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document (CVE-2016-10243).

References

https://advisories.mageia.org/MGASA-2017-0127.html
https://bugs.mageia.org/show_bug.cgi?id=20401
https://www.debian.org/security/2017/dsa-3803

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2017-0127

Affected packages