Explore top 10 tips to secure your open-source projects now. Read More
×
LuaTeX (TeX Live) could be made to run programs as your login if it
compiled a specially crafted TeX file.
Software Description:
- texlive-bin: Binaries for TeX Live
Details:
Max Chernoff discovered that LuaTeX (TeX Live) did not properly disable
shell escape. An attacker could possibly use this issue to execute
arbitrary shell commands.
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: texlive-binaries 2022.20220321.62855-5ubuntu0.1 Ubuntu 22.10: texlive-binaries 2022.20220321.62855-4ubuntu0.1 Ubuntu 22.04 LTS: texlive-binaries 2021.20210626.59705-1ubuntu0.1 Ubuntu 20.04 LTS: texlive-binaries 2019.20190605.51237-3ubuntu0.1 Ubuntu 18.04 LTS: texlive-binaries 2017.20170613.44572-8ubuntu0.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6115-1
CVE-2023-32700
Get the latest Linux and open source security news straight to your inbox.