lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 14 Aug 2007 15:47:54 -0400
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@...esightlinux.org>
To: foresight-security-announce@...ts.rpath.org
Cc: security-alerts@...uxsecurity.com,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	lwn@....net
Subject: FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0044-1
Published: 2007-08-14

Rating: Major

Updated Versions:
    tetex=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1[desktop is: x86]
    tetex-dvips=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1[desktop is: x86]
    tetex-fonts=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1[desktop is: x86]
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.8-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
    https://issues.foresightlinux.org/browse/FL-471
    https://issues.rpath.com/browse/RPL-1596
    https://issues.rpath.com/browse/RPL-1604

Description:
    Previous versions of the tetex package are vulnerable to an int overflow in
    included xpdf code, which can be exploited via a specially-crafted PDF file
    to execute arbitrary code.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRsIG09fwEn07iAtZAQKFRw/9HOvYe6J2uongwNtmIN7H0D+3g5Tmtc8j
g75EVNYMU8F/uNT5/i1P5oJgWNf0Vr/3FgjsK36vngeXft7szRMQmhG0NEz2/QM5
KHxg32M7gREJnkfpGFZI4ny01VQqBgCTpMnBbed5fEhLmc+cDk+CeqEK3fiqmfsM
bwO2XdY2DmnH77rtPUjb9thFWu381b9Yx1BtnSGggsmwM+Ft8uPaCHqR9hKf4eyW
oT3iQNb1N//NbSoZ3rGUioDPZHDzCp48XNMlZG85CWMwz3hfFBezRiiJOpaKW2am
QGYBg/e0Lds8hKPoP+OAI+HrB24QkjLYYOxQKDjOlHrnGTpIePbL60eguvOG6Oiz
Z3HtMaXCy67x8sAQReXFSx/QnsW6fzRQ9TZOSw6tO/91uuDKW34eAlpXB/f1Bhex
tO5DlAsV9Ghlc0WF0SOC6UJW620JVAq2JrWMY6lpueLf4qO4OYiLde2ErB9gHB24
FYyGM+TgC6twg+gN3fwzf2Xd4xkkX0mFjuNoFTVT+UMe4DQA1CYbZMXGAtX7j+Ni
jLhym0LEpvP0EDzBvtPms+N1F2F5w1s6hiarrfrBV5JLVPFjMDZS+dKnd841Wtaa
J7ZpYyJt5RAqJsCfEu4XuTo71Rm+oFsAyxjMSAV6vZ+BYRw31i7nBItuTOMi0Meh
IzTcy+F5PfU=
=L7pD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists