[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3941-1] texlive-bin security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3941-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien Roucariès
October 29, 2024                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : texlive-bin
Version        : 2020.20200327.54578-7+deb11u2
CVE ID         : CVE-2023-32668 CVE-2024-25262
Debian Bug     : 1036470 1064517

texlive, a popular software distribution for the TeX typesetting system
that includes major TeX-related programs, macro packages, and fonts,
was affected by two vulnerabilties.

CVE-2023-32668

    A document (compiled with the default settings)
    was allowed to make arbitrary network requests.
    This occurs because full access to the socket library was
    permitted by default, as stated in the documentation.

CVE-2024-25262

    A heap buffer overflow was found via
    the function ttfLoadHDMX:ttfdump. This vulnerability
    allows attackers to cause a Denial of Service (DoS)
    via supplying a crafted TTF file.

For Debian 11 bullseye, these problems have been fixed in version
2020.20200327.54578-7+deb11u2.

We recommend that you upgrade your texlive-bin packages.

For the detailed security status of texlive-bin please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/texlive-bin

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmch9NARHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+dPg//Xleg2Pj6+KG5nxQMWDU7313UmGeM6IKt
ULMgQFnNg+aV6yXIwSrbwSe/SSoPDTiQiIqobwocPSyvZDjjGWutJfxe9bfA07hw
zaBkcFkbJlVuG7V2QkajJ4E+PNTs3UXyGvwQpsbRvxhdnRKFZ0DIg/GyVRtpgEuY
89dKHHDkkUbW1Mmt8GAmnICptFtbmzCsYBNAQROHFgXDdyuBtVDkxf7CXaVEGC3Q
c1+AUXiS408X9+8Z0Q8QpPH/ocY04XUg7gd3zj1iMoLlbSEe8G3nLI1Wqtu91FeN
YoQlTh8LzP+yE+A+t+2XpDpdLZ2ELMpxwOb8as7UoL1SKPfVBsggv1A/RiGP+sxg
4KZ/dqupcIkTIfITnj113k9FEbjB6zoDhZTuIbYFi1rhsy/FA0xwa35Yc+SAPaO3
wrsjqOleS37HMnvZqu8bJfptVvDUJDWDR+j6RvvORsOpA7Qty740BJ2LfSxX8ZvY
ueicT+20DDTRhDk1PH0GBeLWrM1JCN6Nz/qXz86xYxOtev0iKyddrv4KfZaLrZaF
viIFvXToW5/TGvqJ9K+3mzZuMy1M1yzhsNSQEhTyrKyRUVtAl5UYueG8T5Seqk1D
wpghc7K/m6r5Pxb7/TQJRCsov0xMWWnTILEyIM8xbtIQzPb+VZwYpg+rtMrfFKqW
0TQizuwwTEY=
=l9aI
-----END PGP SIGNATURE-----


Reply to: