CVE-2015-5700

Published: 25 August 2017

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

Priority

Low

CVSS 3 base score: 6.1

Status

Package Release Status
texlive-bin
Launchpad, Ubuntu, Debian
Upstream
Released (2014.20140926.35254-5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2013.20130729.30972-2ubuntu0.1])
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu.