Updated texlive packages fix security vulnerability
Publication date: 03 May 2017Modification date: 03 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10243
Description
It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code (called \write18). Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document (CVE-2016-10243).
References
SRPMS
5/core
- texlive-20130530-21.1.mga5