Synopsis: Moderate: tetex security update
Issue date: 2010-05-06
CVE Names: CVE-2009-0146 CVE-2009-0147 CVE-2009-0166
CVE-2009-0195 CVE-2009-0791 CVE-2009-0799
CVE-2009-0800 CVE-2009-1179 CVE-2009-1180
CVE-2009-1181 CVE-2009-1182 CVE-2009-1183
CVE-2009-3608 CVE-2009-3609 CVE-2010-0739
CVE-2010-0829 CVE-2010-1440
Multiple integer overflow flaws were found in the way teTeX processed
special commands when converting DVI files into PostScript. An attacker
could create a malicious DVI file that would cause the dvips executable
to crash or, potentially, execute arbitrary code. (CVE-2010-0739,
CVE-2010-1440)
Multiple array index errors were found in the way teTeX converted DVI
files into the Portable Network Graphics (PNG) format. An attacker could
create a malicious DVI file that would cause the dvipng executable to
crash. (CVE-2010-0829)
teTeX embeds a copy of Xpdf, an open source Portable Document Format
(PDF) file viewer, to allow adding images in PDF format to the generated
PDF documents. The following issues affect Xpdf code:
Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or,
potentially, execute arbitrary code with the privileges of the user
running pdflatex. (CVE-2009-0147, CVE-2009-1179)
Multiple integer overflow flaws were found in Xpdf. If a local user
generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or,
potentially, execute arbitrary code with the privileges of the user
running pdflatex. (CVE-2009-0791,
CVE-2009-3608, CVE-2009-3609)
- Hide quoted text -
A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If
a local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or,
potentially, execute arbitrary code with the privileges of the user
running pdflatex. (CVE-2009-0195)
Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or,
potentially, execute arbitrary code with the privileges of the user
running pdflatex. (CVE-2009-0146, CVE-2009-1182)
Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the
freeing of arbitrary memory. If a local user generated a PDF file from a
TeX document, referencing a specially-crafted PDF file, it would cause
Xpdf to crash or, potentially, execute arbitrary code with the
privileges of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)
Multiple input validation flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or,
potentially, execute arbitrary code with the privileges of the user
running pdflatex. (CVE-2009-0800)
Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. If
a local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash.
(CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)
SL 5.x
SRPMS:
tetex-3.0-33.8.el5_5.5.src.rpm
i386:
tetex-3.0-33.8.el5_5.5.i386.rpm
tetex-afm-3.0-33.8.el5_5.5.i386.rpm
tetex-doc-3.0-33.8.el5_5.5.i386.rpm
tetex-dvips-3.0-33.8.el5_5.5.i386.rpm
tetex-fonts-3.0-33.8.el5_5.5.i386.rpm
tetex-latex-3.0-33.8.el5_5.5.i386.rpm
tetex-xdvi-3.0-33.8.el5_5.5.i386.rpm
x86_64:
tetex-3.0-33.8.el5_5.5.x86_64.rpm
tetex-afm-3.0-33.8.el5_5.5.x86_64.rpm
tetex-doc-3.0-33.8.el5_5.5.x86_64.rpm
tetex-dvips-3.0-33.8.el5_5.5.x86_64.rpm
tetex-fonts-3.0-33.8.el5_5.5.x86_64.rpm
tetex-latex-3.0-33.8.el5_5.5.x86_64.rpm
tetex-xdvi-3.0-33.8.el5_5.5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
