Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in TeX
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in TeX
ID: USN-3401-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
Datum: Di, 22. August 2017, 23:12
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243

Originalnachricht


--===============2363280803572055336==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-UfnisTqCQrkPk4H6nJDJ"


--=-UfnisTqCQrkPk4H6nJDJ
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3401-1
August 22, 2017

texlive-base vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

TeX Live could be made to run programs as your login if it
opened a specially crafted file.

Software Description:
- texlive-base: TeX Live: Essential programs and files

Details:

It was discovered that TeX Live incorrectly handled certain
system commands. If a user were tricked into processing a
specially crafted TeX file, a remote attacker could execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  texlive-base                    2015.20160320-1ubuntu0.1
  texlive-latex-base              2015.20160320-1ubuntu0.1

Ubuntu 14.04 LTS:
  texlive-base                    2013.20140215-1ubuntu0.1
  texlive-latex-base              2013.20140215-1ubuntu0.1

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3401-1
  CVE-2016-10243

Package Information:
  https://launchpad.net/ubuntu/+source/texlive-base/2015.20160320-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/texlive-base/2013.20140215-1ubuntu0.1

--ÞfnisTqCQrkPk4H6nJDJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJZnDfrAAoJEEW851uECx9pDq4P/A4VM8hvUWgKff4pAtplQSqh
Mwoxca5LdGReL6+Q0rroB03rX/eCXf6aY+XkdXoO0istZ33wedOqBbJ4hBoW/F9G
a5kn/9R5HOzW2tWPeE4DDH0T/pHf+2DF/S5pkbGOpL6D03C/AqoXpLqaRE05jeoB
GrL2A7B+BlsL6aMG7EAi73tAQs6ls/hlpmiSOtdFm4dDzchMZ+rnpWx8s+D0S2qT
jv3aeKYkjNtRW1frPWjJ9kCL7+IlO5AsmOQsA939TOZ/P3ExP2+qhv+Ers1qI77n
Wxze7VNXgLTlpBH8jyHm8bfwL1cY4UT97A8abEoyrzv7JYOII4l+X7MgzxiQ36ZT
eveb9FjqUzoNXvkHE4lsQhMectBlQtHRLlJlSI847AZhMXOnXSarHAwsH4unmgRN
rJmIBBnjCTLpWEYXoY/7e5LCDVYBl+4tlWLSJKvy6JKSO1SGuIyPmHKMiODAe6FO
n3mfHVY6b9B9Pbihmpe4ZN9SUiWvVyj3t9/esqx538J6k+3YnLGWH0y8ScdKZrkY
uxnE1MwBGaIHXtC6BxxeNcIVnwaRSgaEKhaiZI3EWhlhILiz3AkruAeoZNdg46Af
eKsKN4By9f+PTPOeJjkF6bo/+EWIF831LoFwj1hO5sTlvmRFynw9D48xRbElv5OG
PP2e/XVoxhlVgW3uUqYm
=g2Vm
-----END PGP SIGNATURE-----

--=-UfnisTqCQrkPk4H6nJDJ--



--===============2363280803572055336==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2363280803572055336==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung