LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

May 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA May 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: tetex on SL3.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Fri, 7 May 2010 13:44:53 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (56 lines)

Synopsis:	Moderate: tetex security update
Issue date:	2010-05-06
CVE Names:	CVE-2007-5935 CVE-2009-0791 CVE-2009-3609
                 CVE-2010-0739 CVE-2010-0827 CVE-2010-1440

A buffer overflow flaw was found in the way teTeX processed virtual font
files when converting DVI files into PostScript. An attacker could 
create a malicious DVI file that would cause the dvips executable to 
crash or, potentially, execute arbitrary code. (CVE-2010-0827)

Multiple integer overflow flaws were found in the way teTeX processed
special commands when converting DVI files into PostScript. An attacker
could create a malicious DVI file that would cause the dvips executable 
to crash or, potentially, execute arbitrary code. (CVE-2010-0739,
CVE-2010-1440)

A stack-based buffer overflow flaw was found in the way teTeX processed 
DVI files containing HyperTeX references with long titles, when 
converting them into PostScript. An attacker could create a malicious 
DVI file that would cause the dvips executable to crash. (CVE-2007-5935)

teTeX embeds a copy of Xpdf, an open source Portable Document Format 
(PDF) file viewer, to allow adding images in PDF format to the generated 
PDF documents. The following issues affect Xpdf code:

Multiple integer overflow flaws were found in Xpdf. If a local user
generated a PDF file from a TeX document, referencing a 
specially-crafted PDF file, it would cause Xpdf to crash or, 
potentially, execute arbitrary code with the privileges of the user 
running pdflatex. (CVE-2009-0791, CVE-2009-3609)

SL 3.0.x

      SRPMS:
tetex-1.0.7-67.19.src.rpm
      i386:
tetex-1.0.7-67.19.i386.rpm
tetex-afm-1.0.7-67.19.i386.rpm
tetex-doc-1.0.7-67.19.i386.rpm
tetex-dvips-1.0.7-67.19.i386.rpm
tetex-fonts-1.0.7-67.19.i386.rpm
tetex-latex-1.0.7-67.19.i386.rpm
tetex-xdvi-1.0.7-67.19.i386.rpm
      x86_64:
tetex-1.0.7-67.19.x86_64.rpm
tetex-afm-1.0.7-67.19.x86_64.rpm
tetex-doc-1.0.7-67.19.x86_64.rpm
tetex-dvips-1.0.7-67.19.x86_64.rpm
tetex-fonts-1.0.7-67.19.x86_64.rpm
tetex-latex-1.0.7-67.19.x86_64.rpm
tetex-xdvi-1.0.7-67.19.x86_64.rpm


-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV