Gentoo Linux Security Advisory 201709-7 - A vulnerability in Kpathsea allows remote attackers to execute arbitrary commands by manipulating the -tex option from mpost program. Versions less than 6.2.2_p20160523 are affected.
74393787b41ed794c957845ee6e182bd9c106d02114dbbf74a130e91b5851217
Ubuntu Security Notice 3401-1 - It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code.
e2dd15b88bd511cf338df474d6659910010ee0c046f5ebf774a500cbf8251847