[OS X TeX] i-Installer 2.82 released. Security release: all users requested to upgrade
Gerben Wierda
Gerben.Wierda at rna.nl
Tue Oct 10 19:20:44 EDT 2006
On Oct 11, 2006, at 00:41 , Alain Schremmer wrote:
> Gerben Wierda wrote:
>
>> I have noticed that the setup of i-Installer brings with it a
>> potential security issue which is also potentially serious. This
>> find (by myself, luckily) is not a happy event for me.
>>
>> I have patched i-Installer. As a result, installing i-Installer
>> with drag-and-drop from the II2.dmg volume is now deprecated. The
>> II2.dmg now contains an Apple Installer.app package which installs
>> i- Installer. Also, upgrading with the i-Installer i-Package is
>> supported.
>>
>> i-Installer itself now contains some basic checks for this
>> security issue.
>>
>> All i-Packages will be upgraded/released shortly and they will all
>> contain a check for i-Installer version 2.82 or up to force users
>> to upgrade.
>
> Am I correct to understand this to mean that it is /installing/
> that is a potential security issue but that stuff that is already /
> installed/—in my case v2.65.2 and stuff of that same age—are OK as
> long as I don't install anything else with it?
Correct.
As far as I know, there is no actual exploit and there is only a
possible exploit if someone already has access to your system through
a real login (no exploit via network or so).
G------------------------- Info --------------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
& FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Archive: http://tug.org/pipermail/macostex-archives/
More information about the MacOSX-TeX
mailing list