SUSE-SU-2018:3033-3

Опубликовано: 27 апр. 2019

Источник: suse-cvrf

Описание

Security update for texlive

This update for texlive fixes the following issue:

CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673)

Список пакетов

SUSE Linux Enterprise Server for SAP Applications 12 SP1

libkpathsea6-6.2.0dev-22.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183033-3/
Link for SUSE-SU-2018:3033-3
https://lists.suse.com/pipermail/sle-security-updates/2019-April/005392.html
E-Mail link for SUSE-SU-2018:3033-3
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1109673
SUSE Bug 1109673
https://www.suse.com/security/cve/CVE-2018-17407/
SUSE CVE CVE-2018-17407 page

Описание

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.

Затронутые продукты

SUSE Linux Enterprise Server for SAP Applications 12 SP1:libkpathsea6-6.2.0dev-22.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-17407.html
CVE-2018-17407
https://bugzilla.suse.com/1109673
SUSE Bug 1109673
https://bugzilla.suse.com/1125938
SUSE Bug 1125938
https://bugzilla.suse.com/1126909
SUSE Bug 1126909

SUSE-SU-2018:3033-3

Описание

Список пакетов

SUSE Linux Enterprise Server for SAP Applications 12 SP1

Ссылки

Уязвимость: CVE-2018-17407

Описание

Затронутые продукты

Ссылки