14 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-10243
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...
RHEL 7 : texlive (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - texlive: mpost allows to run non-whitelisted external programs CVE-2016-10243 - mktexlsr revision 22855...
SUSE SLES12 Security Update : texlive-specs-k (SUSE-SU-2024:1203-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1203-1 advisory. CVE-2016-10243: Fixed arbitrary code execution via mpost during TeX document compilation bsc1028271 Tenable has extracted the preceding...
SUSE-SU-2024:1203-1 Security update for texlive-specs-k
This update for texlive-specs-k fixes the following issues: CVE-2016-10243: Fixed arbitrary code execution via mpost during TeX document compilation bsc1028271...
Huawei EulerOS: Security Advisory for texlive (EulerOS-SA-2019-1873)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : texlive (EulerOS-SA-2019-1873)
According to the version of the texlive packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config...
Fedora 26 : 6:texlive (2017-a8add6c46c)
Security fix for CVE-2016-10243 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...
Updated texlive packages fix security vulnerability
It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code called \write18. Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document...
CVE-2016-10243
CVE-2016-10243 affects TeX Live: the mpost component can be invoked via shell_escape_commands in texmf.cnf, enabling remote command execution. The vulnerability arises from including mpost in shell_escape_commands, allowing a remote attacker to run arbitrary commands when TeX Live processes craft...
CVE-2016-10243
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...
Fedora 25 : 6:texlive (2017-b72cafa5b4)
Security fix for CVE-2016-10243 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...
[SECURITY] [DSA 3803-1] texlive-base security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3803-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 847-1] texlive-base security update
Package : texlive-base Version : 2012.20120611-5+deb7u1 CVE ID : CVE-2016-10243 The TeX system allows for calling external programs from within the TeX source code. This has been restricted to a small set of programs since a long time ago. Unfortunately it turned out that one program in the list,...
Debian: Security Advisory (DSA-3803-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...