MGASA-2023-0233 Updated texlive packages fix security vulnerability

Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. CVE-2023-32700...

Updated texlive packages fix security vulnerability

Updated texlive packages fix security vulnerability: A buffer overflow in the handling of Type 1 fonts allowed arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex CVE-2018-17407...

MGASA-2018-0397 Updated texlive packages fix security vulnerability

Updated texlive packages fix security vulnerability: A buffer overflow in the handling of Type 1 fonts allowed arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex CVE-2018-17407...

MGASA-2017-0127 Updated texlive packages fix security vulnerability

It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code called \write18. Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document...