Описание
Security update for texlive
This update for texlive fixes the following issue:
- CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server 12 SP3
libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libptexenc1-1.3.2dev-22.3.1
texlive-2013.20130620-22.3.1
texlive-bibtex-bin-2013.20130620.svn30088-22.3.1
texlive-bin-devel-2013.20130620-22.3.1
texlive-checkcites-bin-2013.20130620.svn25623-22.3.1
texlive-context-bin-2013.20130620.svn29741-22.3.1
texlive-cweb-bin-2013.20130620.svn30088-22.3.1
texlive-dviasm-bin-2013.20130620.svn8329-22.3.1
texlive-dvidvi-bin-2013.20130620.svn30088-22.3.1
texlive-dviljk-bin-2013.20130620.svn30088-22.3.1
texlive-dvipdfmx-bin-2013.20130620.svn30845-22.3.1
texlive-dvipng-bin-2013.20130620.svn30845-22.3.1
texlive-dvips-bin-2013.20130620.svn30088-22.3.1
texlive-dvisvgm-bin-2013.20130620.svn30613-22.3.1
texlive-gsftopk-bin-2013.20130620.svn30088-22.3.1
texlive-jadetex-bin-2013.20130620.svn3006-22.3.1
texlive-kpathsea-bin-2013.20130620.svn30088-22.3.1
texlive-kpathsea-devel-6.2.0dev-22.3.1
texlive-lacheck-bin-2013.20130620.svn30088-22.3.1
texlive-latex-bin-bin-2013.20130620.svn14050-22.3.1
texlive-lua2dox-bin-2013.20130620.svn29053-22.3.1
texlive-luaotfload-bin-2013.20130620.svn30313-22.3.1
texlive-luatex-bin-2013.20130620.svn30845-22.3.1
texlive-makeindex-bin-2013.20130620.svn30088-22.3.1
texlive-metafont-bin-2013.20130620.svn30088-22.3.1
texlive-metapost-bin-2013.20130620.svn30845-22.3.1
texlive-mfware-bin-2013.20130620.svn30088-22.3.1
texlive-mptopdf-bin-2013.20130620.svn18674-22.3.1
texlive-pdftex-bin-2013.20130620.svn30845-22.3.1
texlive-pstools-bin-2013.20130620.svn30088-22.3.1
texlive-ptexenc-devel-1.3.2dev-22.3.1
texlive-seetexk-bin-2013.20130620.svn30088-22.3.1
texlive-splitindex-bin-2013.20130620.svn29688-22.3.1
texlive-tetex-bin-2013.20130620.svn29741-22.3.1
texlive-tex-bin-2013.20130620.svn30088-22.3.1
texlive-tex4ht-bin-2013.20130620.svn30088-22.3.1
texlive-texconfig-bin-2013.20130620.svn29741-22.3.1
texlive-thumbpdf-bin-2013.20130620.svn6898-22.3.1
texlive-vlna-bin-2013.20130620.svn30088-22.3.1
texlive-web-bin-2013.20130620.svn30088-22.3.1
texlive-xdvi-bin-2013.20130620.svn30088-22.3.1
texlive-xetex-bin-2013.20130620.svn30845-22.3.1
texlive-xmltex-bin-2013.20130620.svn3006-22.3.1
Ссылки
- Link for SUSE-SU-2018:3033-1
- E-Mail link for SUSE-SU-2018:3033-1
- SUSE Security Ratings
- SUSE Bug 1109673
- SUSE CVE CVE-2018-17407 page
Описание
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server 12 SP3:libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3:libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libptexenc1-1.3.2dev-22.3.1
Ссылки
- CVE-2018-17407
- SUSE Bug 1109673
- SUSE Bug 1125938
- SUSE Bug 1126909