Ubuntu alert USN-7985-1 (texlive-bin)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-7985-1] TeX Live vulnerabilities
Date:
             
 
Thu, 29 Jan 2026 20:50:52 +0000
Message-ID:
             
 
<E1vlYya-0001Qc-6A@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-7985-1
January 29, 2026

texlive-bin vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in TeX Live.

Software Description:
- texlive-bin: Binaries for TeX Live

Details:

Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly
handled memory when decoding certain data streams. An attacker could
possibly use this issue to cause TeX Live to crash, resulting in a denial
of service, or execute arbitrary code. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24106, CVE-2022-24107)

It was discovered that TeX Live allowed documents to make arbitrary network
requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2023-32668)

It was discovered that TeX Live incorrectly handled certain TrueType fonts.
If a user or automated system were tricked into opening a specially crafted
TrueType font, a remote attacker could use this issue to cause TeX Live to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2024-25262)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  texlive-binaries                2021.20210626.59705-1ubuntu0.3

Ubuntu 20.04 LTS
  texlive-binaries                2019.20190605.51237-3ubuntu0.2+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  texlive-binaries                2017.20170613.44572-8ubuntu0.2+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  texlive-binaries                2015.20160222.37495-1ubuntu0.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7985-1
  CVE-2022-24106, CVE-2022-24107, CVE-2023-32668, CVE-2024-25262

Package Information:
  https://launchpad.net/ubuntu/+source/texlive-bin/2021.202...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAml7x5EACgkQcpJm3tlz
hgG1Ng//UgKM2s8uV660+b/OGr4KtGLnox/jV7/hIYZOaLEMpzWCmURDiafH98g3
7ESGr9YCZNQljOSvAdMOrTz4SCJgGgIGABKzjw24W0MBD5sN6DIDLaPcEydCKg+0
UG2T3+dAKy1Q7PYtNmBry8CujLRt4VCFzTnVQyNhrsyH2C2Ba2vT/iSoMsJ0B6Lk
PXiK15oLu1NF+Cl4exILVtKC77hApZf07SVYHt9jnw9MA7r4j+80ViwyO5JKlE/z
dr/D6qo54e3+Bl6tj9hw4+VuUJtBnTcKn9WNxDS5nk0MpbYF/B47BRoLaei9htk0
yCxIpXQ9mN9Awk8vyidbaZIzXl72hy+KmCPp5+VXNWWZkS0v8eZtAFIT/P7cuRjq
cxbW3m1SWG4Edb0AX46q00BWsjy/bHIFqFIqkKYzMvEpizznVmIXI+5LsQ+tU4wH
Jwts5aN2oiQ+Jwu6pPGnMLxA9oJMKAXiXAfhreq6JLC1M+iV7Bw3eI1GsSL24arN
7+kC0xXLWavdvZU+0TMvSkeA1NaG1I4ceujqP4wXkzrVeUE9HloYaBcSScA3Pzhz
0iiSpS08lGuLJre/zRArV7T/bmywzpZbGGpzUO7JLrvhw8EGeuTFpAtYbD/QTqQP
du8iRehCxhHszP2gvKrSLISAnxvV9jZIQPpIfpcxfinpcHWnQHM=
=hc1R
-----END PGP SIGNATURE-----