drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in TeX
| Name: |
Ausführen beliebiger Kommandos in TeX |
|
| ID: |
USN-3401-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
| Datum: |
Di, 22. August 2017, 23:12 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243 |
|
| Applikationen: |
TeX Live |
|
Originalnachricht |
--===============2363280803572055336==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-UfnisTqCQrkPk4H6nJDJ"
--=-UfnisTqCQrkPk4H6nJDJ
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-3401-1
August 22, 2017
texlive-base vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
TeX Live could be made to run programs as your login if it
opened a specially crafted file.
Software Description:
- texlive-base: TeX Live: Essential programs and files
Details:
It was discovered that TeX Live incorrectly handled certain
system commands. If a user were tricked into processing a
specially crafted TeX file, a remote attacker could execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
 texlive-base                    2015.20160320-1ubuntu0.1
 texlive-latex-base              2015.20160320-1ubuntu0.1
Ubuntu 14.04 LTS:
 texlive-base                    2013.20140215-1ubuntu0.1
 texlive-latex-base              2013.20140215-1ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
 https://www.ubuntu.com/usn/usn-3401-1
 CVE-2016-10243
Package Information:
 https://launchpad.net/ubuntu/+source/texlive-base/2015.20160320-1ubuntu0.1
 https://launchpad.net/ubuntu/+source/texlive-base/2013.20140215-1ubuntu0.1
--ÞfnisTqCQrkPk4H6nJDJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJZnDfrAAoJEEW851uECx9pDq4P/A4VM8hvUWgKff4pAtplQSqh
Mwoxca5LdGReL6+Q0rroB03rX/eCXf6aY+XkdXoO0istZ33wedOqBbJ4hBoW/F9G
a5kn/9R5HOzW2tWPeE4DDH0T/pHf+2DF/S5pkbGOpL6D03C/AqoXpLqaRE05jeoB
GrL2A7B+BlsL6aMG7EAi73tAQs6ls/hlpmiSOtdFm4dDzchMZ+rnpWx8s+D0S2qT
jv3aeKYkjNtRW1frPWjJ9kCL7+IlO5AsmOQsA939TOZ/P3ExP2+qhv+Ers1qI77n
Wxze7VNXgLTlpBH8jyHm8bfwL1cY4UT97A8abEoyrzv7JYOII4l+X7MgzxiQ36ZT
eveb9FjqUzoNXvkHE4lsQhMectBlQtHRLlJlSI847AZhMXOnXSarHAwsH4unmgRN
rJmIBBnjCTLpWEYXoY/7e5LCDVYBl+4tlWLSJKvy6JKSO1SGuIyPmHKMiODAe6FO
n3mfHVY6b9B9Pbihmpe4ZN9SUiWvVyj3t9/esqx538J6k+3YnLGWH0y8ScdKZrkY
uxnE1MwBGaIHXtC6BxxeNcIVnwaRSgaEKhaiZI3EWhlhILiz3AkruAeoZNdg46Af
eKsKN4By9f+PTPOeJjkF6bo/+EWIF831LoFwj1hO5sTlvmRFynw9D48xRbElv5OG
PP2e/XVoxhlVgW3uUqYm
=g2Vm
-----END PGP SIGNATURE-----
--=-UfnisTqCQrkPk4H6nJDJ--
--===============2363280803572055336==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2363280803572055336==--
|
|
|
|
