Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6695-1

Ubuntu Security Notice 6695-1 - It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that TeX Live allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Packet Storm
Open in Source
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6695-1March 14, 2024texlive-bin vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in TeX Live.Software Description:- texlive-bin: Binaries for TeX LiveDetails:It was discovered that TeX Live incorrectly handled certain memoryoperations in the embedded axodraw2 tool. An attacker could possibly usethis issue to cause TeX Live to crash, resulting in a denial of service.This issue only affected Ubuntu 20.04 LTS. (CVE-2019-18604)It was discovered that TeX Live allowed documents to make arbitrarynetwork requests. If a user or automated system were tricked into opening aspecially crafted document, a remote attacker could possibly use this issueto exfiltrate sensitive information, or perform other network-relatedattacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.(CVE-2023-32668)It was discovered that TeX Live incorrectly handled certain TrueType fonts.If a user or automated system were tricked into opening a specially craftedTrueType font, a remote attacker could use this issue to cause TeX Live tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2024-25262)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   texlive-binaries                2023.20230311.66589-6ubuntu0.1   texlive-binaries-sse2           2023.20230311.66589-6ubuntu0.1Ubuntu 22.04 LTS:   texlive-binaries                2021.20210626.59705-1ubuntu0.2Ubuntu 20.04 LTS:   texlive-binaries                2019.20190605.51237-3ubuntu0.2In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6695-1   CVE-2019-18604, CVE-2023-32668, CVE-2024-25262Package Information:   https://launchpad.net/ubuntu/+source/texlive-bin/2023.20230311.66589-6ubuntu0.1   https://launchpad.net/ubuntu/+source/texlive-bin/2021.20210626.59705-1ubuntu0.2   https://launchpad.net/ubuntu/+source/texlive-bin/2019.20190605.51237-3ubuntu0.2

Related news

CVE-2023-32668: source/texk/web2c/luatexdir/ChangeLog · b266ef076c96b382cd23a4c93204e247bb98626a · TeXLive / luatex · GitLab

LuaTeX before 1.17.0 enables the socket library by default.

CVE-2019-18604: axohelp 1.3 · TeX-Live/texlive-source@9216833

In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6
Packet Storm