EUVD-2016-1428

Malware in sbrugna...

RHEL 7 : texlive (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - texlive: mpost allows to run non-whitelisted external programs CVE-2016-10243 - mktexlsr revision 22855...

SUSE CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...

EulerOS 2.0 SP2 : texlive (EulerOS-SA-2019-1873)

According to the version of the texlive packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config...

Kpathsea: User-assisted execution of arbitrary code

Background Kpathsea is a library to do path searching. It is used by TeX Live and others TeX related software. Description It was discovered that the mpost program from the shellescapecommands list is capable of executing arbitrary external programs during the conversion of .tex files. The...

Updated texlive packages fix security vulnerability

It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code called \write18. Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document...

DEBIAN-CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...

CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...

CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...

CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...

UBUNTU-CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...

Debian DLA-847-1 : texlive-base security update

The TeX system allows for calling external programs from within the TeX source code. This has been restricted to a small set of programs since a long time ago. Unfortunately it turned out that one program in the list, mpost, allows in turn to specify other programs to be run, which allows arbitra...

[SECURITY] [DSA 3803-1] texlive-base security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3803-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 08, 2017 https://www.debian.org/security/faq -...

Debian DSA-3803-1 : texlive-base - security update

It was discovered that texlive-base, the TeX Live package which provides the essential TeX programs and files, whitelists mpost as an external program to be run from within the TeX source code called \write18. Since mpost allows to specify other programs to be run, an attacker can take advantage ...

CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...