Lucene search

PRIOn knowledge basePRION:CVE-2016-10243

HistoryMay 02, 2017 - 2:59 p.m.

Design/Logic Flaw

2017-05-0214:59:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq7.0
fedoraeq26
fedoraeq25

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	7.0
fedora	eq	26
fedora	eq	25

References

www.debian.org/security/2017/dsa-3803

www.openwall.com/lists/oss-security/2017/03/05/1

www.securityfocus.com/bid/96593

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/

scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/

security.gentoo.org/glsa/201709-07

www.tug.org/svn/texlive?view=revision&revision=42605