Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia 8: 2023-0233 Moderate: LuaTeX Arbitrary Command Execution

mageia
Calendar Grey July 19, 2023
Dist Mageia Esm H88
Recent texlive updates address a security flaw that permitted shell command execution via LuaTeX. Click to learn more.
Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled

Summary

Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. (CVE-2023-32700)

References

- https://bugs.mageia.org/show_bug.cgi?id=31952

- https://lists.debian.org/debian-security-announce/2023/msg00097.html

- https://www.maxchernoff.ca/p/luatex-vulnerabilities

- https://www.cve.org/CVERecord?id=CVE-2023-32700

Resolution

SRPMS

- 8/core/texlive-20200406-9.1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 19 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0233.html
Type: security
CVE: CVE-2023-32700

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here