UBUNTU-CVE-2016-10243

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-10243

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-10243.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2016-10243

Upstream

CVE-2016-10243

Downstream

USN-3401-1

Related

USN-3401-1

Published

2017-05-02T00:00:00Z

Modified

2025-09-08T16:43:58Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file.

References

Affected packages

Ubuntu:14.04:LTS / texlive-base

Package

Name: texlive-base
Purl: pkg:deb/ubuntu/texlive-base@2013.20140215-1ubuntu0.1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.20140215-1ubuntu0.1

Affected versions

2013.*

2013.20130722-1

2013.20131010-2

2013.20131112-1

2013.20131219-1

2013.20140123-1

2013.20140215-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "texlive",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-base",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-fonts-recommended",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-full",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-generic-recommended",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-latex-base",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-latex-recommended",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-luatex",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-metapost",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-omega",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-pictures",
            "binary_version": "2013.20140215-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-xetex",
            "binary_version": "2013.20140215-1ubuntu0.1"
        }
    ]
}

Ubuntu:16.04:LTS / texlive-base

Package

Name: texlive-base
Purl: pkg:deb/ubuntu/texlive-base@2015.20160320-1ubuntu0.1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2015.20160320-1ubuntu0.1

Affected versions

2015.*

2015.20150625-1ubuntu1

2015.20151116-1ubuntu1

2015.20151225-1

2015.20160117-1

2015.20160215-1

2015.20160223-1

2015.20160320-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "luasseq",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-base",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-fonts-recommended",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-full",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-generic-recommended",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-latex-base",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-latex-recommended",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-luatex",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-metapost",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-omega",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-pictures",
            "binary_version": "2015.20160320-1ubuntu0.1"
        },
        {
            "binary_name": "texlive-xetex",
            "binary_version": "2015.20160320-1ubuntu0.1"
        }
    ]
}