DSA-2198-1 tex-common -- insufficient input sanitizationID: oval:org.secpod.oval:def:600216 | Date: (C)2011-03-25 (M)2023-11-09 |
Class: PATCH | Family: unix |
Mathias Svensson discovered that tex-common, a package shipping a number of scripts and configuration files necessary for TeX, contains insecure settings for the "shell_escape_commands" directive. Depending on the scenario, this may result in arbitrary code execution when a victim is tricked into processing a malicious tex-file or this is done in an automated fashion. The oldstable distribution is not affected by this problem due to shell_escape being disabled.