important: texlive-base/microcode_ctl security update
important
An update for texlive-base/microcode_ctl is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
texlive-base:
microcode_ctl:
Security Fix(es):
texlive-base: An arbitrary code execution vulnerability was found in LuaTeX (TeX Live) that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled.(CVE-2023-32700)
texlive-base: bugfix
microcode_ctl: A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core.(CVE-2022-40982)
microcode_ctl: An improper access control flaw was found in some third generation Intel processors that may allow a privileged user to enable information disclosure via local access.(CVE-2023-23908)
microcode_ctl: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.