|
|
Subscribe / Log in / New account

Mageia alert MGASA-2015-0453 (latex2rtf)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0453: Updated latex2rtf packages fix security vulnerability 


Date:
    	      Thu, 19 Nov 2015 23:08:58 +0100


Message-ID:
    	      <20151119220858.4BBA35C852@valstar.mageia.org>


MGASA-2015-0453 - Updated latex2rtf packages fix security vulnerability

Publication date: 19 Nov 2015
URL: http://advisories.mageia.org/MGASA-2015-0453.html

Type: security
Affected Mageia releases: 5
CVE: CVE-2015-8106

Description:
A format string vulnerability was found in CmdKeywords function when
processing \keywords command in tex file. When the user runs latex2rtf
with malicious crafted tex file, an attacker can execute arbitrary code.
The variable 'keywords' in the function CmdKeywords may hold a malicious
input string, which can be used as a format argument of vsnprintf
(CVE-2015-8106).

References:
- https://bugs.mageia.org/show_bug.cgi?id=17164

- http://openwall.com/lists/oss-security/2015/11/16/3

- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8106

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8106


SRPMS:
- 5/core/latex2rtf-2.3.8-3.1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds