UbuntuUpdates.org

Package "libtexlua53"

Name: libtexlua53

Description:

TeX Live: Lua 5.3, modified for use with LuaTeX

Latest version: 2021.20210626.59705-1ubuntu0.2
Release: jammy (22.04)
Level: security
Repository: main
Head package: texlive-bin
Homepage: https://www.tug.org/texlive/

Links


Download "libtexlua53"


Other versions of "libtexlua53" in Jammy

Repository Area Version
base main 2021.20210626.59705-1build1
updates main 2021.20210626.59705-1ubuntu0.2

Changelog

Version: 2021.20210626.59705-1ubuntu0.2 2024-03-14 14:07:01 UTC

  texlive-bin (2021.20210626.59705-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: arbitrary network requests via socket library
    - debian/patches/CVE-2023-32668.patch: disable socket library by
      default in texk/web2c/luatexdir/lua/loslibext.c,
      texk/web2c/luatexdir/lua/luainit.c,
      texk/web2c/luatexdir/lua/luastuff.c,
      texk/web2c/luatexdir/lua/luatex-api.h,
      texk/web2c/luatexdir/luasocket/src/lua_preload.c.
    - CVE-2023-32668
  * SECURITY UPDATE: heap overflow in ttfdump (LP: #2047912)
    - debian/patches/CVE-2024-25262.diff: add overflow check to
      texk/ttfdump/libttf/hdmx.c.
    - CVE-2024-25262

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2024 10:11:46 -0400

Source diff to previous version
2047912 There is a heap buffer overflow in texlive-bin
CVE-2023-32668 LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to th
CVE-2024-25262 texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to

Version: 2021.20210626.59705-1ubuntu0.1 2023-05-30 11:07:16 UTC

  texlive-bin (2021.20210626.59705-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Arbitrary Code Execution
    - debian/patches/CVE-2023-32700.patch: Fix improperly secured
      shell-escape in LuaTeX.
    - CVE-2023-32700

 -- Eduardo Barretto <email address hidden> Thu, 25 May 2023 14:33:01 +0200

CVE-2023-32700 LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because lu



About   -   Send Feedback to @ubuntu_updates