[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25993: texlive CVE-2016-10243

From: Leo Famulari
Subject: bug#25993: texlive CVE-2016-10243
Date: Sun, 5 Mar 2017 22:30:58 -0500
User-agent: Mutt/1.8.0 (2017-02-23)

This fixes CVE-2016-10243:

"The TeX system allows for calling external programs from within the
TeX source code (called \write18). This has been restricted to a
small set of programs since a long time ago.

Unfortunately it turned out that one program in the list, mpost
(also shipped with TeX Live), allows in turn to specify other
programs to be run, which allows arbitrary code execution when
compiling a TeX document."


This patch prevents the POC described in blog post:

Attachment: 0001-gnu-texlive-Fix-CVE-2016-10243.patch
Description: Text document

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]