Advisories » MGASA-2018-0397

Updated texlive packages fix security vulnerability

Publication date: 14 Oct 2018
Modification date: 14 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-17407

Description

Updated texlive packages fix security vulnerability:

A buffer overflow in the handling of Type 1 fonts allowed arbitrary code
execution when a malicious font is loaded by one of the vulnerable tools:
pdflatex, pdftex, dvips, or luatex (CVE-2018-17407).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23655
• https://www.openwall.com/lists/oss-security/2018/10/08/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17407

SRPMS

6/core

• texlive-20160523-7.1.mga6