Security 10748 Published by

A new security update for Debian GNU/Linux has been released

[DSA 207-1] New tetex-lib packages fix arbitrary command execution
The SuSE security team discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call the system() function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files.
Read more