MGASA-2023-0233 - Updated texlive packages fix security vulnerability Publication date: 19 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0233.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-32700 Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. (CVE-2023-32700) References: - https://bugs.mageia.org/show_bug.cgi?id=31952 - https://www.debian.org/security/2023/dsa-5406 - https://tug.org/~mseven/luatex.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32700 SRPMS: - 8/core/texlive-20200406-9.1.mga8
Mageia 2023-0233: texlive security update
Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled
Summary
Any document compiled with older versions of LuaTeX can execute arbitrary
shell commands, even with shell escape disabled. (CVE-2023-32700)
References
- https://bugs.mageia.org/show_bug.cgi?id=31952
- https://www.debian.org/security/2023/dsa-5406
- https://tug.org/~mseven/luatex.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32700
Resolution
MGASA-2023-0233 - Updated texlive packages fix security vulnerability
SRPMS
- 8/core/texlive-20200406-9.1.mga8
Severity
Publication date: 19 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0233.html
Type: security
CVE: CVE-2023-32700
News
HOWTOs
Features
About Us
Powered By
