Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

Ubuntu 23.04: USN-6115-1 Critical: TeX Live Shell Execution Threat

ubuntu
Calendar Grey May 30, 2023
Dist Ubuntu Esm H88
Mitigating the TeX Live security flaw in Ubuntu which permits unauthorized command execution through specially designed TeX documents.
LuaTeX (TeX Live) could be made to run programs as your login if it compiled a specially crafted TeX file.

Summary

LuaTeX (TeX Live) could be made to run programs as your login if it

compiled a specially crafted TeX file.

Software Description:

- texlive-bin: Binaries for TeX Live

Details:

Max Chernoff discovered that LuaTeX (TeX Live) did not properly disable

shell escape. An attacker could possibly use this issue to execute

arbitrary shell commands.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  texlive-binaries                2022.20220321.62855-5ubuntu0.1

Ubuntu 22.10:
  texlive-binaries                2022.20220321.62855-4ubuntu0.1

Ubuntu 22.04 LTS:
  texlive-binaries                2021.20210626.59705-1ubuntu0.1

Ubuntu 20.04 LTS:
  texlive-binaries                2019.20190605.51237-3ubuntu0.1

Ubuntu 18.04 LTS:
  texlive-binaries                2017.20170613.44572-8ubuntu0.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6115-1

CVE-2023-32700

Severity
critical
Lowest
Low
Medium
High
Critical

May 30, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.