Debian Security Advisory 5406-1

Debian Security Advisory 5406-1: Posted May 22, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5406-1 - Max Chernoff discovered that improperly secured shell-escape in LuaTeX may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed.; tags | advisory, arbitrary, shell; systems | linux, debian; advisories | CVE-2023-32700; SHA-256 | 5295edf512ed1a9a3cee6103f9bf48379a4b69b3e5af6b362a9016821312bfd2; Download | Favorite | View

Debian Security Advisory 5406-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5406-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 20, 2023                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : texlive-bin
CVE ID         : CVE-2023-32700

Max Chernoff discovered that improperly secured shell-escape in LuaTeX
may result in arbitrary shell command execution, even with shell escape
disabled, if specially crafted tex files are processed.

For the stable distribution (bullseye), this problem has been fixed in
version 2020.20200327.54578-7+deb11u1.

We recommend that you upgrade your texlive-bin packages.

For the detailed security status of texlive-bin please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/texlive-bin

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRogV1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q8Mw//dU+/D/UBb2JkwXlEIokR3DA2T8caFdICcRICYBEAZCGIonM2uzbUIy5D
bRtAit45gOqWY+VS+Z0zuPPTzUek7m99+L3yjXg9FSW1qsWVgBQu6w+L9CBDQBf0
KUbzaXgAsqQoxzul08SwQY3gQV620PuNpt20HfVM4QUR03r92QHH1pSPzA6nWzcR
UYoj8rK2F0NYish95yuLrU+sRCw5LWbPpQkwDFw6L37Ml0GQJ6lIa/2jhHrUe/VR
D4PU9knWeYcudegUNjt5UfbLk2DWR99zaIazBJUazBFoBiLJwx9b6UqvJHzyvdQF
O9v6zRC+Ds9jIpbV0fwVRSRqaxYB23SgpJXp7gB0lVhWDFFLJ9EkI8sftsgTwEhP
xfZ1xHrzdIfWjmuIHo4+HQhDUzikJNe7HYlLP6vE1LszGMJhusrbxkgjJqcqSH+J
Zdaw4IzfVYd9ms0Kc0Ec5N1DABOW4UoN5//gq13Ny43QW/K8wzzEKFnwe84FPEwz
Fe5iMfZswjXsCyn3Se/fJWcFp082TW6iOOegcJaYD/YcbzmKigJv8L8XlyLNjaEV
OyXsdY6AQlXSRp7bbcMtmqoH2b3wsS5KX4mD+XJ+sJynbSW8xwMRiqOan3h0PtL8
7RHEiBCbeqznhdkZbs5NDVURUqT+Jy5+yUlHc5+BFqVNQ4e9LsA=3/W/
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 5406-1

Debian Security Advisory 5406-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5406-1

Share This

Debian Security Advisory 5406-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems