CVE-2016-10243

Published: 02 May 2017

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
texlive-base
Launchpad, Ubuntu, Debian
Upstream
Released (2016.20161130-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2015.20160320-1ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2013.20140215-1ubuntu0.1])
Patches:
Upstream: http://www.tug.org/svn/texlive?view=revision&revision=42605
texlive-bin
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not packaged)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not packaged])