lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 06 Dec 2007 16:04:59 -0500
From: Jamie Strandboge <jamie@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-554-1] teTeX and TeX Live vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================
Ubuntu Security Notice USN-554-1          December 06, 2007
tetex-bin, texlive-bin vulnerabilities
CVE-2007-5935, CVE-2007-5936, CVE-2007-5937
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  tetex-bin                       3.0-13ubuntu6.1

Ubuntu 6.10:
  tetex-bin                       3.0-17ubuntu2.1

Ubuntu 7.04:
  tetex-bin                       3.0-27ubuntu1.2

Ubuntu 7.10:
  texlive-extra-utils             2007-12ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)

Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)

Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a specially crafted dvi file,
the dviljk utilities could be made to crash and execute code as
the user invoking the program. (CVE-2007-5937)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1.diff.gz
      Size/MD5:   147737 15f1e02a156c82616483c5fe33e3c995

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1.dsc
      Size/MD5:     1059 48e1181f4ed2d925f5aa735cf4416ee4

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0.orig.tar.gz
      Size/MD5: 12749314 944a4641e79e61043fdaf8f38ecbb4b3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_amd64.deb
      Size/MD5:    77196 7b98a751a64e10eaaacce4e590be2c8b

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_amd64.deb
      Size/MD5:    79390 60d5ba566b62b1f1779d3ad25d1c3dea

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_amd64.deb
      Size/MD5:  3979524 0216c41db9188dc0b125674dfb5d474c

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_i386.deb
      Size/MD5:    68732 dca7cca4022cb7ef79a5309f1c893093

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_i386.deb
      Size/MD5:    75128 a01b92fc05dffaf6556eec1a1519b715

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_i386.deb
      Size/MD5:  3392422 e8236dfa44c5e4cc5e0d3c356e79b0d3

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_powerpc.deb
      Size/MD5:    79680 55487a575962d99d0d19d62f5a0c68db

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_powerpc.deb
      Size/MD5:    80726 c91244b5b53a2003fdd3fec310122a17

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_powerpc.deb
      Size/MD5:  3953686 e74ba9f82bab3938432d82e06d7d4dd6

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_sparc.deb
      Size/MD5:    75092 bae8d0d0d7c5f3cf0c01e1c51be52f65

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_sparc.deb
      Size/MD5:    79094 6b98e992e86c4f1857f8e586aafcd7e3

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_sparc.deb
      Size/MD5:  3748932 dda472ccbd1d1f21719cd4332fbdf17b

Updated packages for Ubuntu 6.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1.diff.gz
      Size/MD5:   157517 fd0668b0eecf41d4bf853b68a8eccab5

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1.dsc
      Size/MD5:     1060 196ac952be9eeb717881c0cce6317515

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0.orig.tar.gz
      Size/MD5: 12749314 944a4641e79e61043fdaf8f38ecbb4b3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_amd64.deb
      Size/MD5:    76670 195cd45ef787676c67478f0c9123c4fb

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_amd64.deb
      Size/MD5:    82082 216d7441389fc81c04a3a32b3aca7382

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_amd64.deb
      Size/MD5:  3993822 e973cb6b2a80d4288e3c98c3731e5c72

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_i386.deb
      Size/MD5:    69712 ddac9890683113ab4b30eb418d6e7710

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_i386.deb
      Size/MD5:    79544 d2c47945e852a15c5ba069e32dacee76

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_i386.deb
      Size/MD5:  3494526 ea3fa09fcd8a12f8b62292c61e8aa8a1

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_powerpc.deb
      Size/MD5:    79316 f499e40bb3376265be7e71c27cf4e30c

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_powerpc.deb
      Size/MD5:    84116 bf5ffbda8b4b67483987c239615e915e

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_powerpc.deb
      Size/MD5:  4007152 94193a6d53b68c763663fa3d158c1091

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_sparc.deb
      Size/MD5:    74786 5761f3dbf0f8ca9b18753c48c82bd691

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_sparc.deb
      Size/MD5:    82372 221e0ded51d0bb8532d5c06b51d14454

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_sparc.deb
      Size/MD5:  3800582 3b8e579f76d06105a2173364bc1ea1d7

Updated packages for Ubuntu 7.04:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2.diff.gz
      Size/MD5:   131834 93b2abbb0c3646605f3bb6a276904e84

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2.dsc
      Size/MD5:     1128 2429c56b9eabda4d30599679b44c25bd

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0.orig.tar.gz
      Size/MD5: 12749314 944a4641e79e61043fdaf8f38ecbb4b3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_amd64.deb
      Size/MD5:    76608 84056c0827e0686e320be77737a0bef1

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_amd64.deb
      Size/MD5:    84996 d01f5347200b625d2ad7bf6e5e539528

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_amd64.deb
      Size/MD5:  3990158 cb8e215c4f30a268cc38c60e338a50ec

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_i386.deb
      Size/MD5:    69632 652d23489b76a6f3b0936ddf18d5308f

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_i386.deb
      Size/MD5:    82264 8fcdbf48f34868afdc08d46b2bc6711c

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_i386.deb
      Size/MD5:  3485146 6c39db7f25db863598208894a05c4892

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_powerpc.deb
      Size/MD5:    79228 1945f38f7db760104ff8b852a5f93509

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_powerpc.deb
      Size/MD5:    90224 8c991716a40e9f26ab83529fbb76a06c

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_powerpc.deb
      Size/MD5:  4063232 2a81799b4ad3103e213715e2907de96f

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_sparc.deb
      Size/MD5:    74718 95d884e8da7d6fc155e544b117b0f826

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_sparc.deb
      Size/MD5:    85058 4320f70459c40e203fbedd1fe2c29cb3

http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_sparc.deb
      Size/MD5:  3807886 43c98a06faac03ac3cf79c17fb1bb64f

Updated packages for Ubuntu 7.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007-12ubuntu3.1.diff.gz
      Size/MD5:   162600 5544cae80eb695f0c059c3da73d743d7

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007-12ubuntu3.1.dsc
      Size/MD5:     1254 5f43e5047453d6cf46bbdcfb2a8ff2e3

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.orig.tar.gz
      Size/MD5: 70676090 11427cda2c5612464e5459b2c7d2b5b6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_amd64.deb
      Size/MD5:   154306 ae009cb67fdac523d847b62567d42522

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_amd64.deb
      Size/MD5:   112268 2adc2fa74f2cad535ab26603aff616ef

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_amd64.deb
      Size/MD5: 11214748 d47427dbfd84ed25e5a58684ab0ee8e6

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_amd64.deb
      Size/MD5:   645450 3f1f86b95849ea405159c38b1b2ae453

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_amd64.deb
      Size/MD5:   993532 ee5c597d7d869f5f87c08a9766dc523a

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_amd64.deb
      Size/MD5:  6699340 45cacd76bae75a2c6199de286bcf0c08

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_amd64.deb
      Size/MD5:  7444434 17a21db43482aa75ede49f999320e9f6

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_amd64.deb
      Size/MD5:  1711754 5317c83235b9dd6026ffc529618c6c4e

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_amd64.deb
      Size/MD5:  2784296 7d7e75a17e254d6f58455b60abce0bfc

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_amd64.deb
      Size/MD5:  6463618 cf7bf5dcd5bf2b96e441924942f9d350

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_i386.deb
      Size/MD5:   146586 cde25bc084da07938c645dfed2ba2101

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_i386.deb
      Size/MD5:   109396 9da1a52ea26394a479bcd19aaebc9d1c

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_i386.deb
      Size/MD5: 10951142 f17262084f77eb186fcece72d0092203

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_i386.deb
      Size/MD5:   569516 75deffbcd015bf93f96806c7f4b6252e

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_i386.deb
      Size/MD5:   958890 401a622b6dec696b25dcb969a539fd7f

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_i386.deb
      Size/MD5:  6697822 2ae6f7dda0c29176d4cd3b257c19ba9a

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_i386.deb
      Size/MD5:  7407550 d87ba707a86968f712783d78e3402e39

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_i386.deb
      Size/MD5:  1711742 c42d3176594477cee2dc60b3401339aa

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_i386.deb
      Size/MD5:  2665088 bc29392d66594c013bba695131bfba7b

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_i386.deb
      Size/MD5:  6374640 9fff76a65961ba321d794ac4a3ace849

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_powerpc.deb
      Size/MD5:   156868 2115d2e1e24202d8c5e6d22960af39cf

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_powerpc.deb
      Size/MD5:   117166 debacefa4e02bb885d47a4550c271137

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_powerpc.deb
      Size/MD5: 11230932 2540d73675a0cd411c51155c194a85c6

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_powerpc.deb
      Size/MD5:   693270 d543b6d627af4d7891329149c9078fc6

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_powerpc.deb
      Size/MD5:  1013252 ddd508d8cffff0e72afc8e2ca7280939

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_powerpc.deb
      Size/MD5:  6700794 8c7911cd2d293c66ba25d7b3419d153e

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_powerpc.deb
      Size/MD5:  7448714 67ae7b80bcac72f74f37fe27e4b78e91

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_powerpc.deb
      Size/MD5:  1711748 b2b5169ee98cdd85d6e99bfe742305b6

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_powerpc.deb
      Size/MD5:  2772356 18496c1a4fcd9d31fcad71b27136e7f8

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_powerpc.deb
      Size/MD5:  6574188 51a0790f07eb68f75deef671925b37e1

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_sparc.deb
      Size/MD5:   152220 26550988b56e6a990038fa5b2d4ddc45

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_sparc.deb
      Size/MD5:   112258 68bf9ca38fbbf1e10c76e32a74efdffb

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_sparc.deb
      Size/MD5: 11099194 e658ebf5061ffd1916ef43ee45079e50

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_sparc.deb
      Size/MD5:   619234 d0f0b17894071ff02512bd539081056f

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_sparc.deb
      Size/MD5:   984878 6d025fdb386b04e2cfb54ce1a720d3bf

http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_sparc.deb
      Size/MD5:  6699896 d0e7b35c0936177ae4024e7f1279df01

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_sparc.deb
      Size/MD5:  7427240 5f222ef3c58af9f815956dc38f399ae0

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_sparc.deb
      Size/MD5:  1711768 8a4bde0a23927d024048a917ba3c4ba8

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_sparc.deb
      Size/MD5:  2739616 83e1b296a0f0fb404a203b51af7fa383

http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_sparc.deb
      Size/MD5:  6471436 b4d454e369af3ac81806c16f114601f5



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHWGP7W0JvuRdL8BoRAiSbAJ41pEfko0y1T2p+ADBhUQ1w85YMhQCfcY7Z
z6XKpOKzypFwg/ZvCCeOufM=
=mIHf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists