[OS X TeX] i-Installer 2.82 released. Security release: all users requested to upgrade

Gerben Wierda Gerben.Wierda at rna.nl
Wed Oct 11 01:20:44 CEST 2006


On Oct 11, 2006, at 00:41 , Alain Schremmer wrote:

> Gerben Wierda wrote:
>
>> I have noticed that the setup of i-Installer brings with it a  
>> potential security issue which is also potentially serious. This  
>> find (by myself, luckily) is not a happy event for me.
>>
>> I have patched i-Installer. As a result, installing i-Installer  
>> with drag-and-drop from the II2.dmg volume is now deprecated. The  
>> II2.dmg now contains an Apple Installer.app package which installs  
>> i- Installer. Also, upgrading with the i-Installer i-Package is  
>> supported.
>>
>> i-Installer itself now contains some basic checks for this  
>> security issue.
>>
>> All i-Packages will be upgraded/released shortly and they will all  
>> contain a check for i-Installer version 2.82 or up to force users  
>> to upgrade.
>
> Am I correct to understand this to mean that it is /installing/  
> that is a potential security issue but that stuff that is already / 
> installed/—in my case v2.65.2 and stuff of that same age—are OK as  
> long as I don't install anything else with it?

Correct.

As far as I know, there is no actual exploit and there is only a  
possible exploit if someone already has access to your system through  
a real login (no exploit via network or so).

G------------------------- Info --------------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
          & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Archive: http://tug.org/pipermail/macostex-archives/




More information about the macostex-archives mailing list