{"id":"MGASA-2017-0127","summary":"Updated texlive packages fix security vulnerability","details":"It was discovered that texlive whitelists mpost as an external program\nto be run from within the TeX source code (called \\write18). Since\nmpost allows to specify other programs to be run, an attacker can take\nadvantage of this flaw for arbitrary code execution when compiling a TeX\ndocument (CVE-2016-10243).\n","modified":"2026-04-16T06:23:50.676578192Z","published":"2017-05-03T09:48:17Z","upstream":["CVE-2016-10243"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0127.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20401"},{"type":"WEB","url":"https://www.debian.org/security/2017/dsa-3803"}],"affected":[{"package":{"name":"texlive","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/texlive?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20130530-21.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0127.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}