Vulnerability: Debian GNU/Linux

The SuSE security team has discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call thesystem function insecurely, which allows an attacker to execute arbitrary commands via cleverly crafted DVI files.

The problem has been fixed in version 1.0.7+20011202-7.1 for the current stable distribution (woody), in version 1.0.6-7.3 for the old stable distribution (potato) and in version 1.0.7+20021025-4 for the unstable distribution (sid).

Users should upgrade their tetex-lib package immediately.

For details, click here.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about DebianSuse

Show Comments