CVE-2011-1400

Publication date 25 March 2011

Last updated 24 July 2024

Ubuntu priority

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tex-common	10.10 maverick	Fixed 2.08ubuntu0.1
	10.04 LTS lucid	Fixed 2.06ubuntu0.1
	9.10 karmic	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1103-1
tex-common vulnerability
4 April 2011

Other references

http://www.debian.org/security/2011/dsa-2198
https://www.cve.org/CVERecord?id=CVE-2011-1400