USN-51-1: teTeX auxiliary script vulnerability
23 December 2004
teTeX auxiliary script vulnerability
Releases
Details
Javier Fernández-Sanguino Peña noticed that "xdvizilla", an auxiliary
script to integrate DVI file viewing in Mozilla-based browsers,
created temporary files and directories in an insecure manner. This
could allow a symbolic link attack to create or overwrite arbitrary
files with the privileges of the user invoking the program.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 4.10
-
tetex-bin
-
In general, a standard system update will make all the necessary changes.