SUSE: CVE-2023-32700: SUSE Linux Security Advisory
4
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
05/20/2023
05/25/2023
05/25/2023
05/29/2023
Description
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Solution(s)
- suse-upgrade-texlive
- suse-upgrade-texlive-a2ping-bin
- suse-upgrade-texlive-accfonts-bin
- suse-upgrade-texlive-adhocfilelist-bin
- suse-upgrade-texlive-afm2pl-bin
- suse-upgrade-texlive-albatross-bin
- suse-upgrade-texlive-aleph-bin
- suse-upgrade-texlive-amstex-bin
- suse-upgrade-texlive-arara-bin
- suse-upgrade-texlive-asymptote-bin
- suse-upgrade-texlive-attachfile2-bin
- suse-upgrade-texlive-authorindex-bin
- suse-upgrade-texlive-autosp-bin
- suse-upgrade-texlive-axodraw2-bin
- suse-upgrade-texlive-bib2gls-bin
- suse-upgrade-texlive-biber-bin
- suse-upgrade-texlive-bibexport-bin
- suse-upgrade-texlive-bibtex-bin
- suse-upgrade-texlive-bibtex8-bin
- suse-upgrade-texlive-bibtexu-bin
- suse-upgrade-texlive-bin-devel
- suse-upgrade-texlive-bundledoc-bin
- suse-upgrade-texlive-cachepic-bin
- suse-upgrade-texlive-checkcites-bin
- suse-upgrade-texlive-checklistings-bin
- suse-upgrade-texlive-chklref-bin
- suse-upgrade-texlive-chktex-bin
- suse-upgrade-texlive-cjk-gs-integrate-bin
- suse-upgrade-texlive-cjkutils-bin
- suse-upgrade-texlive-clojure-pamphlet-bin
- suse-upgrade-texlive-cluttex-bin
- suse-upgrade-texlive-context-bin
- suse-upgrade-texlive-convbkmk-bin
- suse-upgrade-texlive-crossrefware-bin
- suse-upgrade-texlive-cslatex-bin
- suse-upgrade-texlive-csplain-bin
- suse-upgrade-texlive-ctan-o-mat-bin
- suse-upgrade-texlive-ctanbib-bin
- suse-upgrade-texlive-ctanify-bin
- suse-upgrade-texlive-ctanupload-bin
- suse-upgrade-texlive-ctie-bin
- suse-upgrade-texlive-cweb-bin
- suse-upgrade-texlive-cyrillic-bin-bin
- suse-upgrade-texlive-de-macro-bin
- suse-upgrade-texlive-detex-bin
- suse-upgrade-texlive-diadia-bin
- suse-upgrade-texlive-dosepsbin-bin
- suse-upgrade-texlive-dtl-bin
- suse-upgrade-texlive-dtxgen-bin
- suse-upgrade-texlive-dviasm-bin
- suse-upgrade-texlive-dvicopy-bin
- suse-upgrade-texlive-dvidvi-bin
- suse-upgrade-texlive-dviinfox-bin
- suse-upgrade-texlive-dviljk-bin
- suse-upgrade-texlive-dviout-util-bin
- suse-upgrade-texlive-dvipdfmx-bin
- suse-upgrade-texlive-dvipng-bin
- suse-upgrade-texlive-dvipos-bin
- suse-upgrade-texlive-dvips-bin
- suse-upgrade-texlive-dvisvgm-bin
- suse-upgrade-texlive-ebong-bin
- suse-upgrade-texlive-eplain-bin
- suse-upgrade-texlive-epspdf-bin
- suse-upgrade-texlive-epstopdf-bin
- suse-upgrade-texlive-exceltex-bin
- suse-upgrade-texlive-fig4latex-bin
- suse-upgrade-texlive-findhyph-bin
- suse-upgrade-texlive-fontinst-bin
- suse-upgrade-texlive-fontools-bin
- suse-upgrade-texlive-fontware-bin
- suse-upgrade-texlive-fragmaster-bin
- suse-upgrade-texlive-getmap-bin
- suse-upgrade-texlive-git-latexdiff-bin
- suse-upgrade-texlive-glossaries-bin
- suse-upgrade-texlive-gregoriotex-bin
- suse-upgrade-texlive-gsftopk-bin
- suse-upgrade-texlive-hyperxmp-bin
- suse-upgrade-texlive-jadetex-bin
- suse-upgrade-texlive-jfmutil-bin
- suse-upgrade-texlive-ketcindy-bin
- suse-upgrade-texlive-kotex-utils-bin
- suse-upgrade-texlive-kpathsea-bin
- suse-upgrade-texlive-kpathsea-devel
- suse-upgrade-texlive-l3build-bin
- suse-upgrade-texlive-lacheck-bin
- suse-upgrade-texlive-latex-bin-bin
- suse-upgrade-texlive-latex-bin-dev-bin
- suse-upgrade-texlive-latex-git-log-bin
- suse-upgrade-texlive-latex-papersize-bin
- suse-upgrade-texlive-latex2man-bin
- suse-upgrade-texlive-latex2nemeth-bin
- suse-upgrade-texlive-latexdiff-bin
- suse-upgrade-texlive-latexfileversion-bin
- suse-upgrade-texlive-latexindent-bin
- suse-upgrade-texlive-latexmk-bin
- suse-upgrade-texlive-latexpand-bin
- suse-upgrade-texlive-lcdftypetools-bin
- suse-upgrade-texlive-light-latex-make-bin
- suse-upgrade-texlive-lilyglyphs-bin
- suse-upgrade-texlive-listbib-bin
- suse-upgrade-texlive-listings-ext-bin
- suse-upgrade-texlive-lollipop-bin
- suse-upgrade-texlive-ltxfileinfo-bin
- suse-upgrade-texlive-ltximg-bin
- suse-upgrade-texlive-lua2dox-bin
- suse-upgrade-texlive-luahbtex-bin
- suse-upgrade-texlive-luajittex-bin
- suse-upgrade-texlive-luaotfload-bin
- suse-upgrade-texlive-luatex-bin
- suse-upgrade-texlive-lwarp-bin
- suse-upgrade-texlive-m-tx-bin
- suse-upgrade-texlive-make4ht-bin
- suse-upgrade-texlive-makedtx-bin
- suse-upgrade-texlive-makeindex-bin
- suse-upgrade-texlive-match_parens-bin
- suse-upgrade-texlive-mathspic-bin
- suse-upgrade-texlive-metafont-bin
- suse-upgrade-texlive-metapost-bin
- suse-upgrade-texlive-mex-bin
- suse-upgrade-texlive-mf2pt1-bin
- suse-upgrade-texlive-mflua-bin
- suse-upgrade-texlive-mfware-bin
- suse-upgrade-texlive-mkgrkindex-bin
- suse-upgrade-texlive-mkjobtexmf-bin
- suse-upgrade-texlive-mkpic-bin
- suse-upgrade-texlive-mltex-bin
- suse-upgrade-texlive-mptopdf-bin
- suse-upgrade-texlive-multibibliography-bin
- suse-upgrade-texlive-musixtex-bin
- suse-upgrade-texlive-musixtnt-bin
- suse-upgrade-texlive-omegaware-bin
- suse-upgrade-texlive-optex-bin
- suse-upgrade-texlive-patgen-bin
- suse-upgrade-texlive-pax-bin
- suse-upgrade-texlive-pdfbook2-bin
- suse-upgrade-texlive-pdfcrop-bin
- suse-upgrade-texlive-pdfjam-bin
- suse-upgrade-texlive-pdflatexpicscale-bin
- suse-upgrade-texlive-pdftex-bin
- suse-upgrade-texlive-pdftex-quiet-bin
- suse-upgrade-texlive-pdftools-bin
- suse-upgrade-texlive-pdftosrc-bin
- suse-upgrade-texlive-pdfxup-bin
- suse-upgrade-texlive-pedigree-perl-bin
- suse-upgrade-texlive-perltex-bin
- suse-upgrade-texlive-petri-nets-bin
- suse-upgrade-texlive-pfarrei-bin
- suse-upgrade-texlive-pkfix-bin
- suse-upgrade-texlive-pkfix-helper-bin
- suse-upgrade-texlive-platex-bin
- suse-upgrade-texlive-pmx-bin
- suse-upgrade-texlive-pmxchords-bin
- suse-upgrade-texlive-ps2eps-bin
- suse-upgrade-texlive-ps2pk-bin
- suse-upgrade-texlive-pst-pdf-bin
- suse-upgrade-texlive-pst2pdf-bin
- suse-upgrade-texlive-pstools-bin
- suse-upgrade-texlive-ptex-bin
- suse-upgrade-texlive-ptex-fontmaps-bin
- suse-upgrade-texlive-ptex2pdf-bin
- suse-upgrade-texlive-ptexenc-devel
- suse-upgrade-texlive-purifyeps-bin
- suse-upgrade-texlive-pygmentex-bin
- suse-upgrade-texlive-pythontex-bin
- suse-upgrade-texlive-rubik-bin
- suse-upgrade-texlive-scripts-bin
- suse-upgrade-texlive-scripts-extra-bin
- suse-upgrade-texlive-seetexk-bin
- suse-upgrade-texlive-spix-bin
- suse-upgrade-texlive-splitindex-bin
- suse-upgrade-texlive-srcredact-bin
- suse-upgrade-texlive-sty2dtx-bin
- suse-upgrade-texlive-svn-multi-bin
- suse-upgrade-texlive-synctex-bin
- suse-upgrade-texlive-synctex-devel
- suse-upgrade-texlive-tetex-bin
- suse-upgrade-texlive-tex-bin
- suse-upgrade-texlive-tex4ebook-bin
- suse-upgrade-texlive-tex4ht-bin
- suse-upgrade-texlive-texconfig-bin
- suse-upgrade-texlive-texcount-bin
- suse-upgrade-texlive-texdef-bin
- suse-upgrade-texlive-texdiff-bin
- suse-upgrade-texlive-texdirflatten-bin
- suse-upgrade-texlive-texdoc-bin
- suse-upgrade-texlive-texdoctk-bin
- suse-upgrade-texlive-texfot-bin
- suse-upgrade-texlive-texliveonfly-bin
- suse-upgrade-texlive-texloganalyser-bin
- suse-upgrade-texlive-texlua-devel
- suse-upgrade-texlive-texluajit-devel
- suse-upgrade-texlive-texosquery-bin
- suse-upgrade-texlive-texplate-bin
- suse-upgrade-texlive-texsis-bin
- suse-upgrade-texlive-texware-bin
- suse-upgrade-texlive-thumbpdf-bin
- suse-upgrade-texlive-tie-bin
- suse-upgrade-texlive-tikztosvg-bin
- suse-upgrade-texlive-tpic2pdftex-bin
- suse-upgrade-texlive-ttfutils-bin
- suse-upgrade-texlive-typeoutfileinfo-bin
- suse-upgrade-texlive-ulqda-bin
- suse-upgrade-texlive-uplatex-bin
- suse-upgrade-texlive-uptex-bin
- suse-upgrade-texlive-urlbst-bin
- suse-upgrade-texlive-velthuis-bin
- suse-upgrade-texlive-vlna-bin
- suse-upgrade-texlive-vpe-bin
- suse-upgrade-texlive-web-bin
- suse-upgrade-texlive-webquiz-bin
- suse-upgrade-texlive-wordcount-bin
- suse-upgrade-texlive-xdvi-bin
- suse-upgrade-texlive-xelatex-dev-bin
- suse-upgrade-texlive-xetex-bin
- suse-upgrade-texlive-xindex-bin
- suse-upgrade-texlive-xml2pmx-bin
- suse-upgrade-texlive-xmltex-bin
- suse-upgrade-texlive-xpdfopen-bin
- suse-upgrade-texlive-yplan-bin
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center