lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IueGv-0007oT-4H@artemis.annvix.ca>
Date: Tue, 20 Nov 2007 18:20:57 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:230 ] - Updated tetex packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:230
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tetex
 Date    : November 20, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw in the t1lib library where an attacker could create a malicious
 file that would cause tetex to crash or possibly execute arbitrary
 code when opened (CVE-2007-4033).
 
 Alin Rad Pop found several flaws in how PDF files are handled in tetex.
 An attacker could create a malicious PDF file that would cause tetex to
 crash or potentially execute arbitrary code when opened (CVE-2007-4352,
 CVE-2007-5392, CVE-2007-5393).
 
 A stack-based buffer overflow in dvips in tetex allows for
 user-assisted attackers to execute arbitrary code via a DVI file with
 a long href tag (CVE-2007-5935).
 
 A vulnerability in dvips in tetex allows local users to obtain
 sensitive information and modify certain data by creating certain
 temporary files before they are processed by dviljk, which can then
 be read or modified in place (CVE-2007-5936).
 
 Multiple buffer overflows in dviljk in tetext may allow users-assisted
 attackers to execute arbitrary code via a crafted DVI input file
 (CVE-2007-5937).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5936
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5937
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 ade4d0388b150fdd6a4469b69a5a662f  2007.0/i586/jadetex-3.12-116.5mdv2007.0.i586.rpm
 de24bfc0d41975bfa92aa8136ddd390b  2007.0/i586/tetex-3.0-18.5mdv2007.0.i586.rpm
 d44ef3cb47cc4c3f29d723989e791dc8  2007.0/i586/tetex-afm-3.0-18.5mdv2007.0.i586.rpm
 2f29a9263ac09a8e944ccf73e3d26e3a  2007.0/i586/tetex-context-3.0-18.5mdv2007.0.i586.rpm
 5fa8b58b9aa974ddffd556c03ca81c6f  2007.0/i586/tetex-devel-3.0-18.5mdv2007.0.i586.rpm
 dc551e5b0e5c31ed9cfa8d81599f07be  2007.0/i586/tetex-doc-3.0-18.5mdv2007.0.i586.rpm
 3b19a24abea988d76f1ee82c25cb1dee  2007.0/i586/tetex-dvilj-3.0-18.5mdv2007.0.i586.rpm
 17d5395be6f65db6777f9d701e35c2ff  2007.0/i586/tetex-dvipdfm-3.0-18.5mdv2007.0.i586.rpm
 ec5649686425f62103fd085c57c1c3e6  2007.0/i586/tetex-dvips-3.0-18.5mdv2007.0.i586.rpm
 66888feb0b690ac4d6a5c2588b6a5a91  2007.0/i586/tetex-latex-3.0-18.5mdv2007.0.i586.rpm
 3cc2a2787ff8dc4364a37dc32f81ba27  2007.0/i586/tetex-mfwin-3.0-18.5mdv2007.0.i586.rpm
 0199cabc5d28eb64a6ce78f209c674eb  2007.0/i586/tetex-texi2html-3.0-18.5mdv2007.0.i586.rpm
 eb849d14a6242b3d0dcd5f6fb9fc2fd2  2007.0/i586/tetex-xdvi-3.0-18.5mdv2007.0.i586.rpm
 109eaf4ad10fcbd4fae5db40ee2aca95  2007.0/i586/xmltex-1.9-64.5mdv2007.0.i586.rpm 
 1cc715537c77ecfe23117f63b57312ad  2007.0/SRPMS/tetex-3.0-18.5mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 80fd46f964f0cad564eec96f31bacb8f  2007.0/x86_64/jadetex-3.12-116.5mdv2007.0.x86_64.rpm
 d2cae01046967ec4472ad9fed62c7fb6  2007.0/x86_64/tetex-3.0-18.5mdv2007.0.x86_64.rpm
 2783f1a16d9dd40d2b70f275167acea2  2007.0/x86_64/tetex-afm-3.0-18.5mdv2007.0.x86_64.rpm
 7fef64eb5797ece756800d7ba0a79c69  2007.0/x86_64/tetex-context-3.0-18.5mdv2007.0.x86_64.rpm
 25031c27e20a72e6210cde09074060c2  2007.0/x86_64/tetex-devel-3.0-18.5mdv2007.0.x86_64.rpm
 bd70360887385b6672d3f96f1e586c7d  2007.0/x86_64/tetex-doc-3.0-18.5mdv2007.0.x86_64.rpm
 7a115bd7186675cdab6c4dd5d017cdce  2007.0/x86_64/tetex-dvilj-3.0-18.5mdv2007.0.x86_64.rpm
 a6de020558c9c7de6c46ca8e00f9bfdb  2007.0/x86_64/tetex-dvipdfm-3.0-18.5mdv2007.0.x86_64.rpm
 13c7ec52d8ad06fe4be336fd8150ed82  2007.0/x86_64/tetex-dvips-3.0-18.5mdv2007.0.x86_64.rpm
 fae6d11af04ff51c41f84df96f00a718  2007.0/x86_64/tetex-latex-3.0-18.5mdv2007.0.x86_64.rpm
 3c1819f536a007174df5dcd1e5cd62d7  2007.0/x86_64/tetex-mfwin-3.0-18.5mdv2007.0.x86_64.rpm
 e12654ecc2a4425ca5c5680a41b8d23d  2007.0/x86_64/tetex-texi2html-3.0-18.5mdv2007.0.x86_64.rpm
 03823155acf3450a67f95ed26a1b1fb4  2007.0/x86_64/tetex-xdvi-3.0-18.5mdv2007.0.x86_64.rpm
 65471f0bb517d9b48198213bbf867ba6  2007.0/x86_64/xmltex-1.9-64.5mdv2007.0.x86_64.rpm 
 1cc715537c77ecfe23117f63b57312ad  2007.0/SRPMS/tetex-3.0-18.5mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 323fa0813e626394d1243f7dfa5bc9f6  2007.1/i586/jadetex-3.12-129.4mdv2007.1.i586.rpm
 1fc0abad68ebfa7a6e832cf0c0ef2372  2007.1/i586/tetex-3.0-31.4mdv2007.1.i586.rpm
 3f4946987850211a71aeadcb02d4b7a5  2007.1/i586/tetex-afm-3.0-31.4mdv2007.1.i586.rpm
 3b41ca08cec2ca6fd5ecc517f5a02dbd  2007.1/i586/tetex-context-3.0-31.4mdv2007.1.i586.rpm
 5eda3ac9e6620c46b3a10642bff95e07  2007.1/i586/tetex-devel-3.0-31.4mdv2007.1.i586.rpm
 e06019819ef6bca80dc50693efc02a60  2007.1/i586/tetex-doc-3.0-31.4mdv2007.1.i586.rpm
 ead62a4f752ffe4cc9fd3b5957057368  2007.1/i586/tetex-dvilj-3.0-31.4mdv2007.1.i586.rpm
 9729837f65b9acadd64dda1a12e2953a  2007.1/i586/tetex-dvipdfm-3.0-31.4mdv2007.1.i586.rpm
 e925814ff3122bacc62881af2f87aefd  2007.1/i586/tetex-dvips-3.0-31.4mdv2007.1.i586.rpm
 26fc6c9125488f2c48b6f1cc70801fd0  2007.1/i586/tetex-latex-3.0-31.4mdv2007.1.i586.rpm
 fd8b95fe4a35a9f86a720bd80b0e71a8  2007.1/i586/tetex-mfwin-3.0-31.4mdv2007.1.i586.rpm
 339d1a3ccdc67365f911076bd7135bf5  2007.1/i586/tetex-texi2html-3.0-31.4mdv2007.1.i586.rpm
 9e436656d7b989cbf85ad895cb0ca845  2007.1/i586/tetex-usrlocal-3.0-31.4mdv2007.1.i586.rpm
 f6f768605371a06978765c84eddc383f  2007.1/i586/tetex-xdvi-3.0-31.4mdv2007.1.i586.rpm
 85553d5c581860e292bf9a1275c862e5  2007.1/i586/xmltex-1.9-77.4mdv2007.1.i586.rpm 
 002622adc00fc8075eaaff3b69339b6f  2007.1/SRPMS/tetex-3.0-31.4mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 547617a6e3e232c55894701003b4415f  2007.1/x86_64/jadetex-3.12-129.4mdv2007.1.x86_64.rpm
 46bc5ee3ebc5c73b91bd2b521cb0ce44  2007.1/x86_64/tetex-3.0-31.4mdv2007.1.x86_64.rpm
 271e0f067cb4cae41d5cd24ff818ebb2  2007.1/x86_64/tetex-afm-3.0-31.4mdv2007.1.x86_64.rpm
 0ff27a6ca4044bd8a996a5cb625e2386  2007.1/x86_64/tetex-context-3.0-31.4mdv2007.1.x86_64.rpm
 0fde2fa74be4264cd4cd341da3c4f4e5  2007.1/x86_64/tetex-devel-3.0-31.4mdv2007.1.x86_64.rpm
 265ec2327558f6b8c0bf3e8574af5f8b  2007.1/x86_64/tetex-doc-3.0-31.4mdv2007.1.x86_64.rpm
 e43e61f71a6c087e7722a57936234b90  2007.1/x86_64/tetex-dvilj-3.0-31.4mdv2007.1.x86_64.rpm
 003c0158c9e85f20582cca7da6e22a9f  2007.1/x86_64/tetex-dvipdfm-3.0-31.4mdv2007.1.x86_64.rpm
 515453d5a664ed8c12b342f20624d460  2007.1/x86_64/tetex-dvips-3.0-31.4mdv2007.1.x86_64.rpm
 f628d2997a3735d10321910915b533a3  2007.1/x86_64/tetex-latex-3.0-31.4mdv2007.1.x86_64.rpm
 530a1c92bc0d75fb2ddd2295d174133c  2007.1/x86_64/tetex-mfwin-3.0-31.4mdv2007.1.x86_64.rpm
 50b3823d4b0e49179e58b9eb4d1a8cb8  2007.1/x86_64/tetex-texi2html-3.0-31.4mdv2007.1.x86_64.rpm
 7d943ed3afd0a037efb6dce30f156265  2007.1/x86_64/tetex-usrlocal-3.0-31.4mdv2007.1.x86_64.rpm
 cb302cdccdd976f9e0f83742d374b862  2007.1/x86_64/tetex-xdvi-3.0-31.4mdv2007.1.x86_64.rpm
 a2ffb3ccf2a6245852be4908ace48e41  2007.1/x86_64/xmltex-1.9-77.4mdv2007.1.x86_64.rpm 
 002622adc00fc8075eaaff3b69339b6f  2007.1/SRPMS/tetex-3.0-31.4mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 5809e2c2d74d6110bcd65d416530abad  2008.0/i586/jadetex-3.12-136.1mdv2008.0.i586.rpm
 24aac326cedb34c6c6fbe41cc44ecbcf  2008.0/i586/tetex-3.0-38.1mdv2008.0.i586.rpm
 311706b34e5a1c936ffd089e64520a9d  2008.0/i586/tetex-afm-3.0-38.1mdv2008.0.i586.rpm
 2595486ac07ffa1da4b8de7f833c6b55  2008.0/i586/tetex-context-3.0-38.1mdv2008.0.i586.rpm
 1aa7aea3313a45a4945c6134e5a75012  2008.0/i586/tetex-devel-3.0-38.1mdv2008.0.i586.rpm
 317c6a17070d240edf1817996188f518  2008.0/i586/tetex-doc-3.0-38.1mdv2008.0.i586.rpm
 e3fa9bdf5aed5ef6822405de56d2e77b  2008.0/i586/tetex-dvilj-3.0-38.1mdv2008.0.i586.rpm
 fb3fc811f8c02ec717ad5cc2b5f94c27  2008.0/i586/tetex-dvipdfm-3.0-38.1mdv2008.0.i586.rpm
 a7db4f9b642616ffbddaf1b983c140cb  2008.0/i586/tetex-dvips-3.0-38.1mdv2008.0.i586.rpm
 709d9e0a8b84d452091a5c8dc6cf9e5c  2008.0/i586/tetex-latex-3.0-38.1mdv2008.0.i586.rpm
 04fd7eb421bf6756817de5d729634c29  2008.0/i586/tetex-mfwin-3.0-38.1mdv2008.0.i586.rpm
 366ce4a93ca90535f8e3ca999d66133e  2008.0/i586/tetex-texi2html-3.0-38.1mdv2008.0.i586.rpm
 02fa0db8f7852cc110e691146f95436a  2008.0/i586/tetex-usrlocal-3.0-38.1mdv2008.0.i586.rpm
 c52076f715683b362591400b03683c42  2008.0/i586/tetex-xdvi-3.0-38.1mdv2008.0.i586.rpm
 691391b5de00752a609414ca28472690  2008.0/i586/xmltex-1.9-84.1mdv2008.0.i586.rpm 
 4389c2d79b2668ceb7bad37f1ae4aef4  2008.0/SRPMS/tetex-3.0-38.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 227d5654697cbea77cf744d5bb533d97  2008.0/x86_64/jadetex-3.12-136.1mdv2008.0.x86_64.rpm
 64040bef31c7c55bb862495b230da7d2  2008.0/x86_64/tetex-3.0-38.1mdv2008.0.x86_64.rpm
 eb98bde6db5ef79cbcda17f4be7f9006  2008.0/x86_64/tetex-afm-3.0-38.1mdv2008.0.x86_64.rpm
 3a5cdd92176fd05ed9e7a1872d7c8cbf  2008.0/x86_64/tetex-context-3.0-38.1mdv2008.0.x86_64.rpm
 e7874820ef1d6408db4e1f099a977df4  2008.0/x86_64/tetex-devel-3.0-38.1mdv2008.0.x86_64.rpm
 9eb3ad284cc722d1737d7e0977dc8216  2008.0/x86_64/tetex-doc-3.0-38.1mdv2008.0.x86_64.rpm
 d75b9b25a2c8316044d819735b6ce903  2008.0/x86_64/tetex-dvilj-3.0-38.1mdv2008.0.x86_64.rpm
 98124fce07eb51e1afb9a30e2c289fd2  2008.0/x86_64/tetex-dvipdfm-3.0-38.1mdv2008.0.x86_64.rpm
 0351786c037be8fbf0915f6008820c1d  2008.0/x86_64/tetex-dvips-3.0-38.1mdv2008.0.x86_64.rpm
 147bb5c5ce4a03ee5d3fbd924c8c0f35  2008.0/x86_64/tetex-latex-3.0-38.1mdv2008.0.x86_64.rpm
 06bec0274345808718613e07b3e41962  2008.0/x86_64/tetex-mfwin-3.0-38.1mdv2008.0.x86_64.rpm
 3a3b8ff321d1ce4ea479045a20200b1e  2008.0/x86_64/tetex-texi2html-3.0-38.1mdv2008.0.x86_64.rpm
 6fcb05b2f8b4e7bd885208dc6de21810  2008.0/x86_64/tetex-usrlocal-3.0-38.1mdv2008.0.x86_64.rpm
 5738a25bebb49cd7a4d7f43941d78be9  2008.0/x86_64/tetex-xdvi-3.0-38.1mdv2008.0.x86_64.rpm
 73daa083814ba2530413f8470aceecfa  2008.0/x86_64/xmltex-1.9-84.1mdv2008.0.x86_64.rpm 
 4389c2d79b2668ceb7bad37f1ae4aef4  2008.0/SRPMS/tetex-3.0-38.1mdv2008.0.src.rpm

 Corporate 4.0:
 8c4d6169030b47bb14e15a6dda00b149  corporate/4.0/i586/jadetex-3.12-110.6.20060mlcs4.i586.rpm
 4043f0008239df8605033477e1973d7b  corporate/4.0/i586/tetex-3.0-12.7.20060mlcs4.i586.rpm
 054b119c506c7aecc7c6aca8891fa589  corporate/4.0/i586/tetex-afm-3.0-12.7.20060mlcs4.i586.rpm
 016e3516166ecfb4357e1b1f073a68ad  corporate/4.0/i586/tetex-context-3.0-12.7.20060mlcs4.i586.rpm
 862fc8d42bbe6e2b3d315f94c26d92e6  corporate/4.0/i586/tetex-devel-3.0-12.7.20060mlcs4.i586.rpm
 d5c6ce0b055dfdc0ec762a4021070a96  corporate/4.0/i586/tetex-doc-3.0-12.7.20060mlcs4.i586.rpm
 22ade3a6c84c25ab4f8ba1678a485cec  corporate/4.0/i586/tetex-dvilj-3.0-12.7.20060mlcs4.i586.rpm
 25b5c35e76b54d836d0c692f94f298fe  corporate/4.0/i586/tetex-dvipdfm-3.0-12.7.20060mlcs4.i586.rpm
 c6e4f699fb9c37ce4b279935039157be  corporate/4.0/i586/tetex-dvips-3.0-12.7.20060mlcs4.i586.rpm
 28d97456ca40feeae28e486e9dae1c47  corporate/4.0/i586/tetex-latex-3.0-12.7.20060mlcs4.i586.rpm
 ff78894a433c145884de287e862c6da2  corporate/4.0/i586/tetex-mfwin-3.0-12.7.20060mlcs4.i586.rpm
 ce139ab94c185e00ccf6bbde042691b5  corporate/4.0/i586/tetex-texi2html-3.0-12.7.20060mlcs4.i586.rpm
 fe3720824a164490ed5e30428bbc599f  corporate/4.0/i586/tetex-xdvi-3.0-12.7.20060mlcs4.i586.rpm
 0f750dc2af9ec6bf641668e835049a92  corporate/4.0/i586/xmltex-1.9-58.6.20060mlcs4.i586.rpm 
 627b86549bd327bb5afd58a58a872c3c  corporate/4.0/SRPMS/tetex-3.0-12.7.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 1d639b2e29af5d6c0dc798e1077d6a78  corporate/4.0/x86_64/jadetex-3.12-110.6.20060mlcs4.x86_64.rpm
 f009fa7cbe313c7ca502d5b322a6dc51  corporate/4.0/x86_64/tetex-3.0-12.7.20060mlcs4.x86_64.rpm
 20d9db189c9961836bf9c8dd4bfbb9f7  corporate/4.0/x86_64/tetex-afm-3.0-12.7.20060mlcs4.x86_64.rpm
 7bf689989f2ff2535187d0f234634263  corporate/4.0/x86_64/tetex-context-3.0-12.7.20060mlcs4.x86_64.rpm
 993ff426ee9bc44a8da9a6fbddf1bdfb  corporate/4.0/x86_64/tetex-devel-3.0-12.7.20060mlcs4.x86_64.rpm
 cc36e12262a4bed8dd5480dad24f083f  corporate/4.0/x86_64/tetex-doc-3.0-12.7.20060mlcs4.x86_64.rpm
 a64c552eb0050f83a4dfbaf0575f48f8  corporate/4.0/x86_64/tetex-dvilj-3.0-12.7.20060mlcs4.x86_64.rpm
 bcc91fd062ec4ba110c203fcd92e15ee  corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.7.20060mlcs4.x86_64.rpm
 09ab746d445a8b6ffed415dc4881aff3  corporate/4.0/x86_64/tetex-dvips-3.0-12.7.20060mlcs4.x86_64.rpm
 70add36f626053b51866c8b531aba1dc  corporate/4.0/x86_64/tetex-latex-3.0-12.7.20060mlcs4.x86_64.rpm
 a1ec17d63a557a1b1beac92b18c13a6d  corporate/4.0/x86_64/tetex-mfwin-3.0-12.7.20060mlcs4.x86_64.rpm
 c88340b9d40ac141bae3977eea7b91dc  corporate/4.0/x86_64/tetex-texi2html-3.0-12.7.20060mlcs4.x86_64.rpm
 1a96fea8a19af5a30688524e8e332f3b  corporate/4.0/x86_64/tetex-xdvi-3.0-12.7.20060mlcs4.x86_64.rpm
 28fc6a16c24dd4120aa1ef1617905804  corporate/4.0/x86_64/xmltex-1.9-58.6.20060mlcs4.x86_64.rpm 
 627b86549bd327bb5afd58a58a872c3c  corporate/4.0/SRPMS/tetex-3.0-12.7.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD4DBQFHQ1xCmqjQ0CJFipgRAqLrAJd/pZF+jMpNcICjm60jnkUmZJ6vAKC7ZSpd
t6BAAqG2yCgdP7KNW89gpg==
=CQEh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ