SUSE update for texlive



Published: 2024-08-23
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-46048
CWE-ID CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Software Development Kit 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 12
Operating systems & Components / Operating system

libkpathsea6-debuginfo
Operating systems & Components / Operating system package or component

libkpathsea6
Operating systems & Components / Operating system package or component

texlive-bibtex-bin
Operating systems & Components / Operating system package or component

texlive-kpathsea-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-lacheck-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-pdftex-bin
Operating systems & Components / Operating system package or component

texlive-dvipdfmx-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive
Operating systems & Components / Operating system package or component

texlive-seetexk-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-lacheck-bin
Operating systems & Components / Operating system package or component

texlive-dviljk-bin
Operating systems & Components / Operating system package or component

texlive-mfware-bin
Operating systems & Components / Operating system package or component

texlive-latex-bin-bin
Operating systems & Components / Operating system package or component

texlive-checkcites-bin
Operating systems & Components / Operating system package or component

texlive-xetex-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-ptexenc-devel
Operating systems & Components / Operating system package or component

texlive-kpathsea-devel
Operating systems & Components / Operating system package or component

texlive-vlna-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-context-bin
Operating systems & Components / Operating system package or component

texlive-dvips-bin
Operating systems & Components / Operating system package or component

texlive-lua2dox-bin
Operating systems & Components / Operating system package or component

texlive-tex4ht-bin
Operating systems & Components / Operating system package or component

texlive-gsftopk-bin
Operating systems & Components / Operating system package or component

texlive-makeindex-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-splitindex-bin
Operating systems & Components / Operating system package or component

texlive-kpathsea-bin
Operating systems & Components / Operating system package or component

texlive-dvips-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-pstools-bin
Operating systems & Components / Operating system package or component

texlive-cweb-bin
Operating systems & Components / Operating system package or component

texlive-web-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-metafont-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-tetex-bin
Operating systems & Components / Operating system package or component

libptexenc1
Operating systems & Components / Operating system package or component

texlive-vlna-bin
Operating systems & Components / Operating system package or component

texlive-luaotfload-bin
Operating systems & Components / Operating system package or component

texlive-dvidvi-bin
Operating systems & Components / Operating system package or component

texlive-gsftopk-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-tex-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-pdftex-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-dvisvgm-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-mptopdf-bin
Operating systems & Components / Operating system package or component

texlive-bibtex-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-bin-devel
Operating systems & Components / Operating system package or component

texlive-metafont-bin
Operating systems & Components / Operating system package or component

texlive-dvipng-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-xetex-bin
Operating systems & Components / Operating system package or component

texlive-dviljk-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-tex-bin
Operating systems & Components / Operating system package or component

texlive-metapost-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-dvipng-bin
Operating systems & Components / Operating system package or component

texlive-pstools-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-metapost-bin
Operating systems & Components / Operating system package or component

texlive-dvipdfmx-bin
Operating systems & Components / Operating system package or component

libptexenc1-debuginfo
Operating systems & Components / Operating system package or component

texlive-cweb-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-dviasm-bin
Operating systems & Components / Operating system package or component

texlive-debugsource
Operating systems & Components / Operating system package or component

texlive-mfware-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-texconfig-bin
Operating systems & Components / Operating system package or component

texlive-jadetex-bin
Operating systems & Components / Operating system package or component

texlive-seetexk-bin
Operating systems & Components / Operating system package or component

texlive-thumbpdf-bin
Operating systems & Components / Operating system package or component

texlive-xdvi-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-luatex-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-xdvi-bin
Operating systems & Components / Operating system package or component

texlive-luatex-bin
Operating systems & Components / Operating system package or component

texlive-dvidvi-bin-debuginfo
Operating systems & Components / Operating system package or component

texlive-web-bin
Operating systems & Components / Operating system package or component

texlive-xmltex-bin
Operating systems & Components / Operating system package or component

texlive-makeindex-bin
Operating systems & Components / Operating system package or component

texlive-dvisvgm-bin
Operating systems & Components / Operating system package or component

texlive-tex4ht-bin-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU96489

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46048

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in texk/web2c/pdftexdir/writet1.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package texlive to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libkpathsea6-debuginfo: before 6.2.0dev-22.11.1

libkpathsea6: before 6.2.0dev-22.11.1

texlive-bibtex-bin: before 2013.20130620.svn30088-22.11.1

texlive-kpathsea-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-lacheck-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-pdftex-bin: before 2013.20130620.svn30845-22.11.1

texlive-dvipdfmx-bin-debuginfo: before 2013.20130620.svn30845-22.11.1

texlive: before 2013.20130620-22.11.1

texlive-seetexk-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-lacheck-bin: before 2013.20130620.svn30088-22.11.1

texlive-dviljk-bin: before 2013.20130620.svn30088-22.11.1

texlive-mfware-bin: before 2013.20130620.svn30088-22.11.1

texlive-latex-bin-bin: before 2013.20130620.svn14050-22.11.1

texlive-checkcites-bin: before 2013.20130620.svn25623-22.11.1

texlive-xetex-bin-debuginfo: before 2013.20130620.svn30845-22.11.1

texlive-ptexenc-devel: before 1.3.2dev-22.11.1

texlive-kpathsea-devel: before 6.2.0dev-22.11.1

texlive-vlna-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-context-bin: before 2013.20130620.svn29741-22.11.1

texlive-dvips-bin: before 2013.20130620.svn30088-22.11.1

texlive-lua2dox-bin: before 2013.20130620.svn29053-22.11.1

texlive-tex4ht-bin: before 2013.20130620.svn30088-22.11.1

texlive-gsftopk-bin: before 2013.20130620.svn30088-22.11.1

texlive-makeindex-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-splitindex-bin: before 2013.20130620.svn29688-22.11.1

texlive-kpathsea-bin: before 2013.20130620.svn30088-22.11.1

texlive-dvips-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-pstools-bin: before 2013.20130620.svn30088-22.11.1

texlive-cweb-bin: before 2013.20130620.svn30088-22.11.1

texlive-web-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-metafont-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-tetex-bin: before 2013.20130620.svn29741-22.11.1

libptexenc1: before 1.3.2dev-22.11.1

texlive-vlna-bin: before 2013.20130620.svn30088-22.11.1

texlive-luaotfload-bin: before 2013.20130620.svn30313-22.11.1

texlive-dvidvi-bin: before 2013.20130620.svn30088-22.11.1

texlive-gsftopk-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-tex-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-pdftex-bin-debuginfo: before 2013.20130620.svn30845-22.11.1

texlive-dvisvgm-bin-debuginfo: before 2013.20130620.svn30613-22.11.1

texlive-mptopdf-bin: before 2013.20130620.svn18674-22.11.1

texlive-bibtex-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-bin-devel: before 2013.20130620-22.11.1

texlive-metafont-bin: before 2013.20130620.svn30088-22.11.1

texlive-dvipng-bin-debuginfo: before 2013.20130620.svn30845-22.11.1

texlive-xetex-bin: before 2013.20130620.svn30845-22.11.1

texlive-dviljk-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-tex-bin: before 2013.20130620.svn30088-22.11.1

texlive-metapost-bin-debuginfo: before 2013.20130620.svn30845-22.11.1

texlive-dvipng-bin: before 2013.20130620.svn30845-22.11.1

texlive-pstools-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-metapost-bin: before 2013.20130620.svn30845-22.11.1

texlive-dvipdfmx-bin: before 2013.20130620.svn30845-22.11.1

libptexenc1-debuginfo: before 1.3.2dev-22.11.1

texlive-cweb-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-dviasm-bin: before 2013.20130620.svn8329-22.11.1

texlive-debugsource: before 2013.20130620-22.11.1

texlive-mfware-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-texconfig-bin: before 2013.20130620.svn29741-22.11.1

texlive-jadetex-bin: before 2013.20130620.svn3006-22.11.1

texlive-seetexk-bin: before 2013.20130620.svn30088-22.11.1

texlive-thumbpdf-bin: before 2013.20130620.svn6898-22.11.1

texlive-xdvi-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-luatex-bin-debuginfo: before 2013.20130620.svn30845-22.11.1

texlive-xdvi-bin: before 2013.20130620.svn30088-22.11.1

texlive-luatex-bin: before 2013.20130620.svn30845-22.11.1

texlive-dvidvi-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

texlive-web-bin: before 2013.20130620.svn30088-22.11.1

texlive-xmltex-bin: before 2013.20130620.svn3006-22.11.1

texlive-makeindex-bin: before 2013.20130620.svn30088-22.11.1

texlive-dvisvgm-bin: before 2013.20130620.svn30613-22.11.1

texlive-tex4ht-bin-debuginfo: before 2013.20130620.svn30088-22.11.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241296-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###