USN-6695-1

Source
https://ubuntu.com/security/notices/USN-6695-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6695-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-6695-1
Related
Published
2024-03-14T11:45:28.587489Z
Modified
2024-03-14T11:45:28.587489Z
Summary
texlive-bin vulnerabilities
Details

It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2019-18604)

It was discovered that TeX Live allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-32668)

It was discovered that TeX Live incorrectly handled certain TrueType fonts. If a user or automated system were tricked into opening a specially crafted TrueType font, a remote attacker could use this issue to cause TeX Live to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-25262)

References

Affected packages

Ubuntu:20.04:LTS / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/ubuntu/texlive-bin?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2019.20190605.51237-3ubuntu0.2

Affected versions

2019.*

2019.20190605.51237-2build1
2019.20190605.51237-3
2019.20190605.51237-3build1
2019.20190605.51237-3build2
2019.20190605.51237-3ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libkpathsea-dev"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libkpathsea6"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libkpathsea6-dbgsym"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libptexenc-dev"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libptexenc1"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libptexenc1-dbgsym"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libsynctex-dev"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libsynctex2"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libsynctex2-dbgsym"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libtexlua53"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libtexlua53-dbgsym"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libtexlua53-dev"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libtexluajit-dev"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libtexluajit2"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "libtexluajit2-dbgsym"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "texlive-binaries"
        },
        {
            "binary_version": "2019.20190605.51237-3ubuntu0.2",
            "binary_name": "texlive-binaries-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/ubuntu/texlive-bin?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2021.20210626.59705-1ubuntu0.2

Affected versions

2020.*

2020.20200327.54578-7
2020.20200327.54578-7build1

2021.*

2021.20210626.59705-1
2021.20210626.59705-1build1
2021.20210626.59705-1ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libkpathsea-dev"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libkpathsea6"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libkpathsea6-dbgsym"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libptexenc-dev"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libptexenc1"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libptexenc1-dbgsym"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libsynctex-dev"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libsynctex2"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libsynctex2-dbgsym"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libtexlua53"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libtexlua53-dbgsym"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libtexlua53-dev"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libtexluajit-dev"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libtexluajit2"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "libtexluajit2-dbgsym"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "texlive-binaries"
        },
        {
            "binary_version": "2021.20210626.59705-1ubuntu0.2",
            "binary_name": "texlive-binaries-dbgsym"
        }
    ]
}

Ubuntu:23.10 / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/ubuntu/texlive-bin?arch=src?distro=mantic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2023.20230311.66589-6ubuntu0.1

Affected versions

2022.*

2022.20220321.62855-5build1
2022.20220321.62855-5.1
2022.20220321.62855-7
2022.20220321.62855-8

2023.*

2023.20230311.66589-3
2023.20230311.66589-4
2023.20230311.66589-6

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libkpathsea-dev"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libkpathsea6"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libkpathsea6-dbgsym"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libptexenc-dev"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libptexenc1"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libptexenc1-dbgsym"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libsynctex-dev"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libsynctex2"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libsynctex2-dbgsym"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libtexlua-dev"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libtexlua53"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libtexlua53-5"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libtexlua53-5-dbgsym"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libtexlua53-dev"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libtexluajit-dev"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libtexluajit2"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "libtexluajit2-dbgsym"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "texlive-binaries"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "texlive-binaries-dbgsym"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "texlive-binaries-sse2"
        },
        {
            "binary_version": "2023.20230311.66589-6ubuntu0.1",
            "binary_name": "texlive-binaries-sse2-dbgsym"
        }
    ]
}