UBUNTU-CVE-2023-32668
- Source
- https://ubuntu.com/security/CVE-2023-32668
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32668.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-32668
- Related
- Published
- 2023-05-11T06:15:00Z
- Modified
- 2024-10-15T14:11:32Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
- References
-
- https://ubuntu.com/security/CVE-2023-32668
- https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3
- https://tug.org/pipermail/tex-live/2023-May/049188.html
- https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0
- https://ubuntu.com/security/notices/USN-6695-1
- https://www.cve.org/CVERecord?id=CVE-2023-32668
Affected packages
Ubuntu:Pro:16.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin?arch=src?distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:20.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2019.20190605.51237-3ubuntu0.2
Affected versions
2019.*
2019.20190605.51237-2build1
2019.20190605.51237-3
2019.20190605.51237-3build1
2019.20190605.51237-3build2
2019.20190605.51237-3ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libkpathsea-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libkpathsea6"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libkpathsea6-dbgsym"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libptexenc-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libptexenc1"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libptexenc1-dbgsym"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libsynctex-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libsynctex2"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libsynctex2-dbgsym"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexlua53"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexlua53-dbgsym"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexlua53-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexluajit-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexluajit2"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexluajit2-dbgsym"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "texlive-binaries"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "texlive-binaries-dbgsym"
}
]
}
Ubuntu:22.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2021.20210626.59705-1ubuntu0.2
Affected versions
2020.*
2020.20200327.54578-7
2020.20200327.54578-7build1
2021.*
2021.20210626.59705-1
2021.20210626.59705-1build1
2021.20210626.59705-1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libkpathsea-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libkpathsea6"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libkpathsea6-dbgsym"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libptexenc-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libptexenc1"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libptexenc1-dbgsym"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libsynctex-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libsynctex2"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libsynctex2-dbgsym"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexlua53"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexlua53-dbgsym"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexlua53-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexluajit-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexluajit2"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexluajit2-dbgsym"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "texlive-binaries"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "texlive-binaries-dbgsym"
}
]
}