Vulnerability: Debian GNU/Linux

The SuSE security team has discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call thesystem function insecurely, which allows an attacker to execute arbitrary commands via cleverly crafted DVI files.

The problem has been fixed in version 1.0.7+20011202-7.1 for the current stable distribution (woody), in version 1.0.6-7.3 for the old stable distribution (potato) and in version 1.0.7+20021025-4 for the unstable distribution (sid).

Users should upgrade their tetex-lib package immediately.

For details, click here.

Join the newsletter!

Error: Please check your email address.

More about DebianSuse

Show Comments