Your submission was sent successfully! Close

CVE-2016-10243

Published: 2 May 2017

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.

Notes

AuthorNote
mdeslaur
texmf.cnf isn't shipped in texlive-bin package
Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
texlive-base
Launchpad, Ubuntu, Debian
artful Not vulnerable
(2016.20170123-3)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was released [2013.20140215-1ubuntu0.1])
upstream
Released (2016.20161130-1)
xenial
Released (2015.20160320-1ubuntu0.1)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(2016.20170123-3)
Patches:
upstream: http://www.tug.org/svn/texlive?view=revision&revision=42605
texlive-bin
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not packaged)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was not-affected [code not packaged])
upstream Needed

xenial Not vulnerable
(code not packaged)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(code not packaged)