Texlive
Monthly
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.