CVE-2018-17407: Tex-Live buffer overflow in handling of Type 1 fonts

[Nick Roessler <nicholas.e.roessler () gmail com>]

Hey all,

    I wanted to make everyone aware of a security update for TeX Live, 
a distribution of the TeX document preparation software. A buffer 
overflow in the handling of Type 1 fonts (.pfb files) allows arbitrary 
local code execution without privilege escalation when a malicious font 
is loaded by one of the vulnerable tools (pdflatex, pdftex, luatex, dvips).

    The patch was rolled out on Sept 21.  See:

https://www.debian.org/security/2018/dsa-4299
https://security-tracker.debian.org/tracker/CVE-2018-17407

Thanks,
--
Nick