Nick Roessler
2018-10-08 16:54:34 UTC
Hey all,
I wanted to make everyone aware of a security update for TeX Live,
a distribution of the TeX document preparation software. A buffer
overflow in the handling of Type 1 fonts (.pfb files) allows arbitrary
local code execution without privilege escalation when a malicious font
is loaded by one of the vulnerable tools (pdflatex, pdftex, luatex, dvips).
The patch was rolled out on Sept 21. See:
https://www.debian.org/security/2018/dsa-4299
https://security-tracker.debian.org/tracker/CVE-2018-17407
Thanks,
--
Nick
I wanted to make everyone aware of a security update for TeX Live,
a distribution of the TeX document preparation software. A buffer
overflow in the handling of Type 1 fonts (.pfb files) allows arbitrary
local code execution without privilege escalation when a malicious font
is loaded by one of the vulnerable tools (pdflatex, pdftex, luatex, dvips).
The patch was rolled out on Sept 21. See:
https://www.debian.org/security/2018/dsa-4299
https://security-tracker.debian.org/tracker/CVE-2018-17407
Thanks,
--
Nick