blob: ef1a40180b067bde03ceacf8ee4c81ea2a3c315e [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<glsa id="201401-27">
<title>GNU TeXmacs: Privilege escalation</title>
<synopsis>A vulnerability in GNU TeXmacs could result in privilege
<product type="ebuild">texmacs</product>
<announced>January 26, 2014</announced>
<revised>January 26, 2014: 2</revised>
<package name="app-office/texmacs" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
<p>GNU TeXmacs is a free WYSIWYG editing platform with special features for
<p>The texmacs and tm_mupad_help scripts in TeXmacs place a zero-length
directory name in the LD_LIBRARY_PATH, which might result in the current
working directory (.) to be included when searching for dynamically
linked libraries.
<impact type="high">
<p>A local attacker could gain escalated privileges via a specially crafted
shared library.
<p>There is no known workaround at this time.</p>
<p>All GNU TeXmacs users should upgrade to the latest version:</p>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-office/texmacs-"
<p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since April 02, 2011. It is likely that your system is already
no longer affected by this issue.
<uri link="">
<metadata tag="requester" timestamp="Fri, 07 Oct 2011 23:38:13 +0000">
<metadata tag="submitter" timestamp="Sun, 26 Jan 2014 00:54:29 +0000">Zlogene</metadata>