CVE-2011-1400
Published: 25 March 2011
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.
Priority
Status
Package | Release | Status |
---|---|---|
tex-common Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Not vulnerable
(disabled)
|
|
karmic |
Not vulnerable
(disabled)
|
|
lucid |
Released
(2.06ubuntu0.1)
|
|
maverick |
Released
(2.08ubuntu0.1)
|
|
upstream |
Released
(2.08.1)
|