ASA-201812-4 log original external raw

[ASA-201812-4] texlive-bin: arbitrary code execution
Arch Linux Security Advisory ASA-201812-4 ========================================= Severity: High Date : 2018-12-08 CVE-ID : CVE-2018-17407 Package : texlive-bin Type : arbitrary code execution Remote : No Link : Summary ======= The package texlive-bin before version 2018.48691-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2018.48691-1. # pacman -Syu "texlive-bin>=2018.48691-1" The problem has been fixed upstream in version 2018.48691. Workaround ========== None. Description =========== An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Impact ====== A local attacker can execute arbitrary code via a crafted font. References ==========