[security-announce] openSUSE-SU-2018:2998-1: important: Security update for texlive
openSUSE Security Update: Security update for texlive ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2998-1 Rating: important References: #1109673 Cross-References: CVE-2018-17407 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1099=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libkpathsea6-6.2.2-32.3.1 libkpathsea6-debuginfo-6.2.2-32.3.1 libptexenc1-1.3.4-32.3.1 libptexenc1-debuginfo-1.3.4-32.3.1 libsynctex1-1.18-32.3.1 libsynctex1-debuginfo-1.18-32.3.1 libtexlua52-5-5.2.4-32.3.1 libtexlua52-5-debuginfo-5.2.4-32.3.1 libtexluajit2-2.1.0beta2-32.3.1 libtexluajit2-debuginfo-2.1.0beta2-32.3.1 texlive-2016.20160523-32.3.1 texlive-a2ping-bin-2016.20160523.svn27321-32.3.1 texlive-accfonts-bin-2016.20160523.svn12688-32.3.1 texlive-adhocfilelist-bin-2016.20160523.svn28038-32.3.1 texlive-afm2pl-bin-2016.20160523.svn40473-32.3.1 texlive-afm2pl-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-aleph-bin-2016.20160523.svn40987-32.3.1 texlive-aleph-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-amstex-bin-2016.20160523.svn3006-32.3.1 texlive-arara-bin-2016.20160523.svn29036-32.3.1 texlive-asymptote-bin-2016.20160523.svn41076-32.3.1 texlive-asymptote-bin-debuginfo-2016.20160523.svn41076-32.3.1 texlive-authorindex-bin-2016.20160523.svn18790-32.3.1 texlive-autosp-bin-2016.20160523.svn40473-32.3.1 texlive-autosp-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-bibexport-bin-2016.20160523.svn16219-32.3.1 texlive-bibtex-bin-2016.20160523.svn40473-32.3.1 texlive-bibtex-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-bibtex8-bin-2016.20160523.svn40473-32.3.1 texlive-bibtex8-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-bibtexu-bin-2016.20160523.svn40473-32.3.1 texlive-bibtexu-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-bin-devel-2016.20160523-32.3.1 texlive-bundledoc-bin-2016.20160523.svn17794-32.3.1 texlive-cachepic-bin-2016.20160523.svn15543-32.3.1 texlive-checkcites-bin-2016.20160523.svn25623-32.3.1 texlive-checklistings-bin-2016.20160523.svn38300-32.3.1 texlive-chktex-bin-2016.20160523.svn40473-32.3.1 texlive-chktex-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-cjk-gs-integrate-bin-2016.20160523.svn37223-32.3.1 texlive-cjkutils-bin-2016.20160523.svn40473-32.3.1 texlive-cjkutils-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-context-bin-2016.20160523.svn34112-32.3.1 texlive-convbkmk-bin-2016.20160523.svn30408-32.3.1 texlive-crossrefware-bin-2016.20160523.svn35401-32.3.1 texlive-cslatex-bin-2016.20160523.svn3006-32.3.1 texlive-csplain-bin-2016.20160523.svn33902-32.3.1 texlive-ctanify-bin-2016.20160523.svn24061-32.3.1 texlive-ctanupload-bin-2016.20160523.svn23866-32.3.1 texlive-ctie-bin-2016.20160523.svn40473-32.3.1 texlive-ctie-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-cweb-bin-2016.20160523.svn40473-32.3.1 texlive-cweb-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-cyrillic-bin-bin-2016.20160523.svn29741-32.3.1 texlive-de-macro-bin-2016.20160523.svn17399-32.3.1 texlive-debugsource-2016.20160523-32.3.1 texlive-detex-bin-2016.20160523.svn40750-32.3.1 texlive-detex-bin-debuginfo-2016.20160523.svn40750-32.3.1 texlive-devnag-bin-2016.20160523.svn40987-32.3.1 texlive-devnag-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-dosepsbin-bin-2016.20160523.svn24759-32.3.1 texlive-dtl-bin-2016.20160523.svn40473-32.3.1 texlive-dtl-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-dtxgen-bin-2016.20160523.svn29031-32.3.1 texlive-dviasm-bin-2016.20160523.svn8329-32.3.1 texlive-dvicopy-bin-2016.20160523.svn40473-32.3.1 texlive-dvicopy-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-dvidvi-bin-2016.20160523.svn40473-32.3.1 texlive-dvidvi-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-dviljk-bin-2016.20160523.svn40473-32.3.1 texlive-dviljk-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-dvipdfmx-bin-2016.20160523.svn40273-32.3.1 texlive-dvipng-bin-2016.20160523.svn40473-32.3.1 texlive-dvipng-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-dvipos-bin-2016.20160523.svn40473-32.3.1 texlive-dvipos-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-dvips-bin-2016.20160523.svn40987-32.3.1 texlive-dvips-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-dvisvgm-bin-2016.20160523.svn40987-32.3.1 texlive-dvisvgm-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-ebong-bin-2016.20160523.svn21000-32.3.1 texlive-eplain-bin-2016.20160523.svn3006-32.3.1 texlive-epspdf-bin-2016.20160523.svn29050-32.3.1 texlive-epstopdf-bin-2016.20160523.svn18336-32.3.1 texlive-exceltex-bin-2016.20160523.svn25860-32.3.1 texlive-fig4latex-bin-2016.20160523.svn14752-32.3.1 texlive-findhyph-bin-2016.20160523.svn14758-32.3.1 texlive-fontinst-bin-2016.20160523.svn29741-32.3.1 texlive-fontools-bin-2016.20160523.svn25997-32.3.1 texlive-fontware-bin-2016.20160523.svn40473-32.3.1 texlive-fontware-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-fragmaster-bin-2016.20160523.svn13663-32.3.1 texlive-getmap-bin-2016.20160523.svn34971-32.3.1 texlive-glossaries-bin-2016.20160523.svn37813-32.3.1 texlive-gregoriotex-bin-2016.20160523.svn40473-32.3.1 texlive-gregoriotex-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-gsftopk-bin-2016.20160523.svn40473-32.3.1 texlive-gsftopk-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-jadetex-bin-2016.20160523.svn3006-32.3.1 texlive-jfontmaps-bin-2016.20160523.svn29848-32.3.1 texlive-kotex-utils-bin-2016.20160523.svn32101-32.3.1 texlive-kpathsea-bin-2016.20160523.svn40473-32.3.1 texlive-kpathsea-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-kpathsea-devel-6.2.2-32.3.1 texlive-lacheck-bin-2016.20160523.svn40473-32.3.1 texlive-lacheck-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-latex-bin-bin-2016.20160523.svn14050-32.3.1 texlive-latex-git-log-bin-2016.20160523.svn30983-32.3.1 texlive-latex2man-bin-2016.20160523.svn13663-32.3.1 texlive-latexdiff-bin-2016.20160523.svn16420-32.3.1 texlive-latexfileversion-bin-2016.20160523.svn25012-32.3.1 texlive-latexindent-bin-2016.20160523.svn32150-32.3.1 texlive-latexmk-bin-2016.20160523.svn10937-32.3.1 texlive-latexpand-bin-2016.20160523.svn27025-32.3.1 texlive-lcdftypetools-bin-2016.20160523.svn40473-32.3.1 texlive-lcdftypetools-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-lilyglyphs-bin-2016.20160523.svn31696-32.3.1 texlive-listbib-bin-2016.20160523.svn26126-32.3.1 texlive-listings-ext-bin-2016.20160523.svn15093-32.3.1 texlive-lollipop-bin-2016.20160523.svn41133-32.3.1 texlive-ltxfileinfo-bin-2016.20160523.svn29005-32.3.1 texlive-ltximg-bin-2016.20160523.svn32346-32.3.1 texlive-lua2dox-bin-2016.20160523.svn29053-32.3.1 texlive-luaotfload-bin-2016.20160523.svn34647-32.3.1 texlive-luatex-bin-2016.20160523.svn41091-32.3.1 texlive-luatex-bin-debuginfo-2016.20160523.svn41091-32.3.1 texlive-m-tx-bin-2016.20160523.svn40961-32.3.1 texlive-m-tx-bin-debuginfo-2016.20160523.svn40961-32.3.1 texlive-make4ht-bin-2016.20160523.svn37750-32.3.1 texlive-makedtx-bin-2016.20160523.svn38769-32.3.1 texlive-makeindex-bin-2016.20160523.svn40473-32.3.1 texlive-makeindex-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-match_parens-bin-2016.20160523.svn23500-32.3.1 texlive-mathspic-bin-2016.20160523.svn23661-32.3.1 texlive-metafont-bin-2016.20160523.svn40987-32.3.1 texlive-metafont-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-metapost-bin-2016.20160523.svn40473-32.3.1 texlive-metapost-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-mex-bin-2016.20160523.svn3006-32.3.1 texlive-mf2pt1-bin-2016.20160523.svn23406-32.3.1 texlive-mflua-bin-2016.20160523.svn40987-32.3.1 texlive-mflua-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-mfware-bin-2016.20160523.svn40473-32.3.1 texlive-mfware-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-mkgrkindex-bin-2016.20160523.svn14428-32.3.1 texlive-mkjobtexmf-bin-2016.20160523.svn8457-32.3.1 texlive-mkpic-bin-2016.20160523.svn33688-32.3.1 texlive-mltex-bin-2016.20160523.svn3006-32.3.1 texlive-mptopdf-bin-2016.20160523.svn18674-32.3.1 texlive-multibibliography-bin-2016.20160523.svn30534-32.3.1 texlive-musixtex-bin-2016.20160523.svn37026-32.3.1 texlive-musixtnt-bin-2016.20160523.svn40473-32.3.1 texlive-musixtnt-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-omegaware-bin-2016.20160523.svn40750-32.3.1 texlive-omegaware-bin-debuginfo-2016.20160523.svn40750-32.3.1 texlive-patgen-bin-2016.20160523.svn40473-32.3.1 texlive-patgen-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-pax-bin-2016.20160523.svn10843-32.3.1 texlive-pdfbook2-bin-2016.20160523.svn37537-32.3.1 texlive-pdfcrop-bin-2016.20160523.svn14387-32.3.1 texlive-pdfjam-bin-2016.20160523.svn17868-32.3.1 texlive-pdftex-bin-2016.20160523.svn40987-32.3.1 texlive-pdftex-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-pdftools-bin-2016.20160523.svn40473-32.3.1 texlive-pdftools-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-pdfxup-bin-2016.20160523.svn40690-32.3.1 texlive-pedigree-perl-bin-2016.20160523.svn25962-32.3.1 texlive-perltex-bin-2016.20160523.svn16181-32.3.1 texlive-petri-nets-bin-2016.20160523.svn39165-32.3.1 texlive-pfarrei-bin-2016.20160523.svn29348-32.3.1 texlive-pkfix-bin-2016.20160523.svn13364-32.3.1 texlive-pkfix-helper-bin-2016.20160523.svn13663-32.3.1 texlive-platex-bin-2016.20160523.svn22859-32.3.1 texlive-pmx-bin-2016.20160523.svn41091-32.3.1 texlive-pmx-bin-debuginfo-2016.20160523.svn41091-32.3.1 texlive-pmxchords-bin-2016.20160523.svn32405-32.3.1 texlive-ps2pk-bin-2016.20160523.svn40473-32.3.1 texlive-ps2pk-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-pst-pdf-bin-2016.20160523.svn7838-32.3.1 texlive-pst2pdf-bin-2016.20160523.svn29333-32.3.1 texlive-pstools-bin-2016.20160523.svn40473-32.3.1 texlive-pstools-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-ptex-bin-2016.20160523.svn40987-32.3.1 texlive-ptex-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-ptex2pdf-bin-2016.20160523.svn29335-32.3.1 texlive-ptexenc-devel-1.3.4-32.3.1 texlive-purifyeps-bin-2016.20160523.svn13663-32.3.1 texlive-pygmentex-bin-2016.20160523.svn34996-32.3.1 texlive-pythontex-bin-2016.20160523.svn31638-32.3.1 texlive-rubik-bin-2016.20160523.svn32919-32.3.1 texlive-seetexk-bin-2016.20160523.svn40473-32.3.1 texlive-seetexk-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-splitindex-bin-2016.20160523.svn29688-32.3.1 texlive-srcredact-bin-2016.20160523.svn38710-32.3.1 texlive-sty2dtx-bin-2016.20160523.svn21215-32.3.1 texlive-svn-multi-bin-2016.20160523.svn13663-32.3.1 texlive-synctex-bin-2016.20160523.svn40473-32.3.1 texlive-synctex-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-synctex-devel-1.18-32.3.1 texlive-tetex-bin-2016.20160523.svn36770-32.3.1 texlive-tex-bin-2016.20160523.svn40987-32.3.1 texlive-tex-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-tex4ebook-bin-2016.20160523.svn37771-32.3.1 texlive-tex4ht-bin-2016.20160523.svn40473-32.3.1 texlive-tex4ht-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-texconfig-bin-2016.20160523.svn29741-32.3.1 texlive-texcount-bin-2016.20160523.svn13013-32.3.1 texlive-texdef-bin-2016.20160523.svn21802-32.3.1 texlive-texdiff-bin-2016.20160523.svn15506-32.3.1 texlive-texdirflatten-bin-2016.20160523.svn12782-32.3.1 texlive-texdoc-bin-2016.20160523.svn29741-32.3.1 texlive-texfot-bin-2016.20160523.svn33155-32.3.1 texlive-texliveonfly-bin-2016.20160523.svn24062-32.3.1 texlive-texloganalyser-bin-2016.20160523.svn13663-32.3.1 texlive-texlua-devel-5.2.4-32.3.1 texlive-texluajit-devel-2.1.0beta2-32.3.1 texlive-texsis-bin-2016.20160523.svn3006-32.3.1 texlive-texware-bin-2016.20160523.svn40473-32.3.1 texlive-texware-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-thumbpdf-bin-2016.20160523.svn6898-32.3.1 texlive-tie-bin-2016.20160523.svn40473-32.3.1 texlive-tie-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-tpic2pdftex-bin-2016.20160523.svn29741-32.3.1 texlive-ttfutils-bin-2016.20160523.svn40473-32.3.1 texlive-ttfutils-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-typeoutfileinfo-bin-2016.20160523.svn25648-32.3.1 texlive-ulqda-bin-2016.20160523.svn13663-32.3.1 texlive-uplatex-bin-2016.20160523.svn26326-32.3.1 texlive-uptex-bin-2016.20160523.svn40987-32.3.1 texlive-uptex-bin-debuginfo-2016.20160523.svn40987-32.3.1 texlive-urlbst-bin-2016.20160523.svn23262-32.3.1 texlive-vlna-bin-2016.20160523.svn40473-32.3.1 texlive-vlna-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-vpe-bin-2016.20160523.svn6897-32.3.1 texlive-web-bin-2016.20160523.svn40473-32.3.1 texlive-web-bin-debuginfo-2016.20160523.svn40473-32.3.1 texlive-xdvi-bin-2016.20160523.svn40750-32.3.1 texlive-xdvi-bin-debuginfo-2016.20160523.svn40750-32.3.1 texlive-xetex-bin-2016.20160523.svn41091-32.3.1 texlive-xetex-bin-debuginfo-2016.20160523.svn41091-32.3.1 texlive-xmltex-bin-2016.20160523.svn3006-32.3.1 texlive-yplan-bin-2016.20160523.svn34398-32.3.1 - openSUSE Leap 42.3 (noarch): perl-biber-2016.20160523.svn30357-32.3.1 texlive-biber-bin-2016.20160523.svn41193-32.3.1 texlive-diadia-bin-2016.20160523.svn37645-32.3.1 References: https://www.suse.com/security/cve/CVE-2018-17407.html https://bugzilla.suse.com/1109673 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
participants (1)
-
opensuse-security@opensuse.org