Описание
Security update for texlive
This update for texlive fixes the following issue:
- CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673)
Список пакетов
SUSE Enterprise Storage 4
libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS
libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server 12 SP2-BCL
libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server 12-LTSS
libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libkpathsea6-6.2.0dev-22.3.1
SUSE OpenStack Cloud 7
libkpathsea6-6.2.0dev-22.3.1
Ссылки
- Link for SUSE-SU-2018:3033-2
- E-Mail link for SUSE-SU-2018:3033-2
- SUSE Security Ratings
- SUSE Bug 1109673
- SUSE CVE CVE-2018-17407 page
Описание
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
Затронутые продукты
SUSE Enterprise Storage 4:libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server 12 SP2-BCL:libkpathsea6-6.2.0dev-22.3.1
SUSE Linux Enterprise Server 12 SP2-LTSS:libkpathsea6-6.2.0dev-22.3.1
Ссылки
- CVE-2018-17407
- SUSE Bug 1109673
- SUSE Bug 1125938
- SUSE Bug 1126909