lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1H7eah-0002hW-5j@artemis.annvix.ca>
Date: Thu, 18 Jan 2007 14:14:35 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:022 ] - Updated tetex packages fix
	crafted pdf file vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:022
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tetex
 Date    : January 18, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2,
 kpdf in KDE before 3.5.5, and other products, allows remote attackers
 to have an unknown impact, possibly including denial of service
 (infinite loop), arbitrary code execution, or memory corruption, via a
 PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages
 attribute that references an invalid page tree node.

 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 b0e9b86776c418b948d8574d5d9cbd49  2006.0/i586/jadetex-3.12-110.3.20060mdk.i586.rpm
 c2338788f1ab57520c0082392ed79a4d  2006.0/i586/tetex-3.0-12.3.20060mdk.i586.rpm
 23f6c5d99c6d75d8299858f2f1762570  2006.0/i586/tetex-afm-3.0-12.3.20060mdk.i586.rpm
 38ce0c5b942ecbbeecbeb2e67b0fc575  2006.0/i586/tetex-context-3.0-12.3.20060mdk.i586.rpm
 fae0147ac3122354c573418a5e2b933e  2006.0/i586/tetex-devel-3.0-12.3.20060mdk.i586.rpm
 4ea3b6d4bac953feacdafec3b0716a75  2006.0/i586/tetex-doc-3.0-12.3.20060mdk.i586.rpm
 3cea7fdbe482dba0fdccb423e59c0687  2006.0/i586/tetex-dvilj-3.0-12.3.20060mdk.i586.rpm
 de6a3d7a548c55476ac8ffbce57867f2  2006.0/i586/tetex-dvipdfm-3.0-12.3.20060mdk.i586.rpm
 394aaf123e290414c429c0e83e007928  2006.0/i586/tetex-dvips-3.0-12.3.20060mdk.i586.rpm
 e7e1826411e5a655c13381bf8f8a836e  2006.0/i586/tetex-latex-3.0-12.3.20060mdk.i586.rpm
 7a7304b0ff04cb5528b44ec4116dab00  2006.0/i586/tetex-mfwin-3.0-12.3.20060mdk.i586.rpm
 478e42a89808a7a50de49d5824981961  2006.0/i586/tetex-texi2html-3.0-12.3.20060mdk.i586.rpm
 9f2641d71a55e2ca887a43ef4965b32b  2006.0/i586/tetex-xdvi-3.0-12.3.20060mdk.i586.rpm
 d5b7ff7afc8bf10f923d198b12a2eef7  2006.0/i586/xmltex-1.9-58.3.20060mdk.i586.rpm 
 dfac4ea9ee368da19133c7ec734f4df9  2006.0/SRPMS/tetex-3.0-12.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 9ef912b94f8f55197ddbb2123e30a25a  2006.0/x86_64/jadetex-3.12-110.3.20060mdk.x86_64.rpm
 1c01bcd9a4fa2982694492210de47089  2006.0/x86_64/tetex-3.0-12.3.20060mdk.x86_64.rpm
 4d00faf564d28b45374a57f91e5aacb9  2006.0/x86_64/tetex-afm-3.0-12.3.20060mdk.x86_64.rpm
 139a0ee822471c2562eab654142f34f4  2006.0/x86_64/tetex-context-3.0-12.3.20060mdk.x86_64.rpm
 5dbf547b972213623d879c201eaf7d26  2006.0/x86_64/tetex-devel-3.0-12.3.20060mdk.x86_64.rpm
 8080633d08582fac2b2b2084e0e1c14e  2006.0/x86_64/tetex-doc-3.0-12.3.20060mdk.x86_64.rpm
 eea2f40c602d83eab0abcf01065c9e27  2006.0/x86_64/tetex-dvilj-3.0-12.3.20060mdk.x86_64.rpm
 93a9c2c81cebe89e71c386cb122684ca  2006.0/x86_64/tetex-dvipdfm-3.0-12.3.20060mdk.x86_64.rpm
 f370373047439ff20285c560c62d15bb  2006.0/x86_64/tetex-dvips-3.0-12.3.20060mdk.x86_64.rpm
 aac948de1110ed6cd6bec349185c469e  2006.0/x86_64/tetex-latex-3.0-12.3.20060mdk.x86_64.rpm
 ad1b17cdaaeaddcb50ccecca995b40bf  2006.0/x86_64/tetex-mfwin-3.0-12.3.20060mdk.x86_64.rpm
 e0a894fef728129a9c4adaf489b2d4c9  2006.0/x86_64/tetex-texi2html-3.0-12.3.20060mdk.x86_64.rpm
 7be9509ba2bae53fd5e5dad6726319c8  2006.0/x86_64/tetex-xdvi-3.0-12.3.20060mdk.x86_64.rpm
 dac1e6dbb15c0720ddee363e1fca40c8  2006.0/x86_64/xmltex-1.9-58.3.20060mdk.x86_64.rpm 
 dfac4ea9ee368da19133c7ec734f4df9  2006.0/SRPMS/tetex-3.0-12.3.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 78124b41f0f99ef02b030db387b7d0be  2007.0/i586/jadetex-3.12-116.1mdv2007.0.i586.rpm
 0ba38db61f2ac0cfca4017d5a421c371  2007.0/i586/tetex-3.0-18.1mdv2007.0.i586.rpm
 ac07abe40f118a50d4d02480e6fc6acf  2007.0/i586/tetex-afm-3.0-18.1mdv2007.0.i586.rpm
 9b2cc8802dbbd9987fc8e27fc2cd4fa6  2007.0/i586/tetex-context-3.0-18.1mdv2007.0.i586.rpm
 26bf31a911285913987b47d84ab972e6  2007.0/i586/tetex-devel-3.0-18.1mdv2007.0.i586.rpm
 64548fd5d941e14ad9040b0682be073f  2007.0/i586/tetex-doc-3.0-18.1mdv2007.0.i586.rpm
 327b14eb8a8e906b3c671dd2550e23c6  2007.0/i586/tetex-dvilj-3.0-18.1mdv2007.0.i586.rpm
 c10d7f14ac918ecf1346c5602e4702b1  2007.0/i586/tetex-dvipdfm-3.0-18.1mdv2007.0.i586.rpm
 991f7f24ce100c5b1bd650635df534a6  2007.0/i586/tetex-dvips-3.0-18.1mdv2007.0.i586.rpm
 55c23ef379b549f3bf295d7f22eedd3d  2007.0/i586/tetex-latex-3.0-18.1mdv2007.0.i586.rpm
 910a0ab053d49d72beba7dbb8dcfb67d  2007.0/i586/tetex-mfwin-3.0-18.1mdv2007.0.i586.rpm
 d4d79d3ec2e942950a900b0e264dd352  2007.0/i586/tetex-texi2html-3.0-18.1mdv2007.0.i586.rpm
 47569ddcae890f450423c6b7637052c4  2007.0/i586/tetex-xdvi-3.0-18.1mdv2007.0.i586.rpm
 de84b77612fdcb65dc0b492ef035948a  2007.0/i586/xmltex-1.9-64.1mdv2007.0.i586.rpm 
 a25e245f8899b029e6f66628da291ff5  2007.0/SRPMS/tetex-3.0-18.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 484cde452f6dc278ffe7bf8471c5b2a1  2007.0/x86_64/jadetex-3.12-116.1mdv2007.0.x86_64.rpm
 18828e699d7b3c300ea61079266ec72f  2007.0/x86_64/tetex-3.0-18.1mdv2007.0.x86_64.rpm
 67724adf4f8afbcd5f89eb8006bc5af5  2007.0/x86_64/tetex-afm-3.0-18.1mdv2007.0.x86_64.rpm
 96e26248638f41b4bc7d5f3e871649c5  2007.0/x86_64/tetex-context-3.0-18.1mdv2007.0.x86_64.rpm
 dbb59278fcf549d35312f90112b5e168  2007.0/x86_64/tetex-devel-3.0-18.1mdv2007.0.x86_64.rpm
 869e43a9aa80df4c676a768c36a9e117  2007.0/x86_64/tetex-doc-3.0-18.1mdv2007.0.x86_64.rpm
 4e98e1172c41a8cfd87e16789e08d582  2007.0/x86_64/tetex-dvilj-3.0-18.1mdv2007.0.x86_64.rpm
 3db0e91bea2b31540943e23d287c4a73  2007.0/x86_64/tetex-dvipdfm-3.0-18.1mdv2007.0.x86_64.rpm
 056a25922526c43ae74c4540110b363c  2007.0/x86_64/tetex-dvips-3.0-18.1mdv2007.0.x86_64.rpm
 bf89943fbb35e5be431ddaeeb6874c0b  2007.0/x86_64/tetex-latex-3.0-18.1mdv2007.0.x86_64.rpm
 f30fead5ed7b9383a5508b8064688b87  2007.0/x86_64/tetex-mfwin-3.0-18.1mdv2007.0.x86_64.rpm
 21a1d9f09f9c284a6098138490807c7a  2007.0/x86_64/tetex-texi2html-3.0-18.1mdv2007.0.x86_64.rpm
 8cd846107a6ddd85d2be0f3caef277fb  2007.0/x86_64/tetex-xdvi-3.0-18.1mdv2007.0.x86_64.rpm
 43a0155e8b9b4bc75248d6d4a7f8c1f8  2007.0/x86_64/xmltex-1.9-64.1mdv2007.0.x86_64.rpm 
 a25e245f8899b029e6f66628da291ff5  2007.0/SRPMS/tetex-3.0-18.1mdv2007.0.src.rpm

 Corporate 3.0:
 c93214160b8e8ebb0f791b1926f234a5  corporate/3.0/i586/jadetex-3.12-93.5.C30mdk.i586.rpm
 5b364cd2a2217aaf80d17cf179acae98  corporate/3.0/i586/tetex-2.0.2-14.5.C30mdk.i586.rpm
 dccc24883880adc4e5e0f9983217abe6  corporate/3.0/i586/tetex-afm-2.0.2-14.5.C30mdk.i586.rpm
 74f1e2c5ee35b0a8d7552a39812a1f38  corporate/3.0/i586/tetex-context-2.0.2-14.5.C30mdk.i586.rpm
 3c896ce2f2ef58b76a481e8058562d72  corporate/3.0/i586/tetex-devel-2.0.2-14.5.C30mdk.i586.rpm
 6edb72131045c5727b1b87d5ceef0987  corporate/3.0/i586/tetex-doc-2.0.2-14.5.C30mdk.i586.rpm
 08de572c8270a71603b13b436acd64c9  corporate/3.0/i586/tetex-dvilj-2.0.2-14.5.C30mdk.i586.rpm
 aba5bee10035b9b1b57ce92dd90f989d  corporate/3.0/i586/tetex-dvipdfm-2.0.2-14.5.C30mdk.i586.rpm
 c7976d0df3677f7949f220e2fbc99392  corporate/3.0/i586/tetex-dvips-2.0.2-14.5.C30mdk.i586.rpm
 1a83b7e2aaa33cb96a7c9aa35e77bda1  corporate/3.0/i586/tetex-latex-2.0.2-14.5.C30mdk.i586.rpm
 1bbe133477dfbe8f2eed96b90cf26662  corporate/3.0/i586/tetex-mfwin-2.0.2-14.5.C30mdk.i586.rpm
 1d487a5ffa6b68a868228cdeaa20d832  corporate/3.0/i586/tetex-texi2html-2.0.2-14.5.C30mdk.i586.rpm
 0bd2f1246a1571af99941c692cc20110  corporate/3.0/i586/tetex-xdvi-2.0.2-14.5.C30mdk.i586.rpm
 2224bd1105bf725dcedc9292fa518acf  corporate/3.0/i586/xmltex-1.9-41.5.C30mdk.i586.rpm 
 8b5a4a4f6d5ff4d98a1281af2d71d36c  corporate/3.0/SRPMS/tetex-2.0.2-14.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 2d926e3bd8f634ac9c1e5f89df19a85d  corporate/3.0/x86_64/jadetex-3.12-93.5.C30mdk.x86_64.rpm
 f758927c4a9999282f38a13fbcc8d0ed  corporate/3.0/x86_64/tetex-2.0.2-14.5.C30mdk.x86_64.rpm
 8d2da57380f45c588845ee97aa574d2b  corporate/3.0/x86_64/tetex-afm-2.0.2-14.5.C30mdk.x86_64.rpm
 4f6daa6ef092dd5a2f849ef8de52407e  corporate/3.0/x86_64/tetex-context-2.0.2-14.5.C30mdk.x86_64.rpm
 fea3921e3e9f4856d1e613d48370c057  corporate/3.0/x86_64/tetex-devel-2.0.2-14.5.C30mdk.x86_64.rpm
 f58957bfe6c337c4d0aea6332457fb88  corporate/3.0/x86_64/tetex-doc-2.0.2-14.5.C30mdk.x86_64.rpm
 d60dd82115164e40b35528dc494075bb  corporate/3.0/x86_64/tetex-dvilj-2.0.2-14.5.C30mdk.x86_64.rpm
 fe5f1393c2ad00c391a59c013fdd225b  corporate/3.0/x86_64/tetex-dvipdfm-2.0.2-14.5.C30mdk.x86_64.rpm
 77a8c2a7f786d5fe251a3cf6ad56f8a6  corporate/3.0/x86_64/tetex-dvips-2.0.2-14.5.C30mdk.x86_64.rpm
 1ec612e9e803307a1b9cc9b70b6d1eec  corporate/3.0/x86_64/tetex-latex-2.0.2-14.5.C30mdk.x86_64.rpm
 a853b831d61d6e2907664a34cda3d2e6  corporate/3.0/x86_64/tetex-mfwin-2.0.2-14.5.C30mdk.x86_64.rpm
 9c1502657d6a692445d7c05c0bc08760  corporate/3.0/x86_64/tetex-texi2html-2.0.2-14.5.C30mdk.x86_64.rpm
 9be9f52a507ed56fd05baa7f5d612dd7  corporate/3.0/x86_64/tetex-xdvi-2.0.2-14.5.C30mdk.x86_64.rpm
 60ea5b041fa70f46ae8104a04843110c  corporate/3.0/x86_64/xmltex-1.9-41.5.C30mdk.x86_64.rpm 
 8b5a4a4f6d5ff4d98a1281af2d71d36c  corporate/3.0/SRPMS/tetex-2.0.2-14.5.C30mdk.src.rpm

 Corporate 4.0:
 ddac4526b56f24eb774fcf37a0381ce7  corporate/4.0/i586/jadetex-3.12-110.3.20060mlcs4.i586.rpm
 51de65ad28fa07098366fc2c875df20c  corporate/4.0/i586/tetex-3.0-12.3.20060mlcs4.i586.rpm
 0527185de5a39686833f03bb991db5d3  corporate/4.0/i586/tetex-afm-3.0-12.3.20060mlcs4.i586.rpm
 e2826e0f0a22d3548d02ca8fd4c922cd  corporate/4.0/i586/tetex-context-3.0-12.3.20060mlcs4.i586.rpm
 8e6575f0ac52785ea4163ec064999079  corporate/4.0/i586/tetex-devel-3.0-12.3.20060mlcs4.i586.rpm
 6529f3ba8b8c03b8938259048d9fba7f  corporate/4.0/i586/tetex-doc-3.0-12.3.20060mlcs4.i586.rpm
 51a47e7f97e550d63b2d61b7a96b48e3  corporate/4.0/i586/tetex-dvilj-3.0-12.3.20060mlcs4.i586.rpm
 17dc8f10a492283c5121454dff0705c5  corporate/4.0/i586/tetex-dvipdfm-3.0-12.3.20060mlcs4.i586.rpm
 03d91453c6c2ba0435aa7ba503dec417  corporate/4.0/i586/tetex-dvips-3.0-12.3.20060mlcs4.i586.rpm
 071921ff5e769938e177cb5cd43d20b6  corporate/4.0/i586/tetex-latex-3.0-12.3.20060mlcs4.i586.rpm
 479fcb92a32f627bbfb04522f1f7c89c  corporate/4.0/i586/tetex-mfwin-3.0-12.3.20060mlcs4.i586.rpm
 4bd0cbc69453954324dc592126bcbc67  corporate/4.0/i586/tetex-texi2html-3.0-12.3.20060mlcs4.i586.rpm
 95e1b3bc49f2ab0ac317e5130a70a625  corporate/4.0/i586/tetex-xdvi-3.0-12.3.20060mlcs4.i586.rpm
 0f32f2dad3a514a2fc8094ed5a1b712d  corporate/4.0/i586/xmltex-1.9-58.3.20060mlcs4.i586.rpm 
 19ddb7ee7cab54ac851cd5ef399ff77e  corporate/4.0/SRPMS/tetex-3.0-12.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 665879f7fd675b56bec3a9ec4785040d  corporate/4.0/x86_64/jadetex-3.12-110.3.20060mlcs4.x86_64.rpm
 f3bd189b132457a659c16f683040f9f6  corporate/4.0/x86_64/tetex-3.0-12.3.20060mlcs4.x86_64.rpm
 be8f757d3991987a9eb706a04c74c261  corporate/4.0/x86_64/tetex-afm-3.0-12.3.20060mlcs4.x86_64.rpm
 093d2c02434148b7d54c19a145bc4672  corporate/4.0/x86_64/tetex-context-3.0-12.3.20060mlcs4.x86_64.rpm
 90f76b5938c48de76083aadfd61235b6  corporate/4.0/x86_64/tetex-devel-3.0-12.3.20060mlcs4.x86_64.rpm
 ad2f307b2b439f6d02e83b038a6c6750  corporate/4.0/x86_64/tetex-doc-3.0-12.3.20060mlcs4.x86_64.rpm
 64ae40ef2b0a71e88bc86cecac38e188  corporate/4.0/x86_64/tetex-dvilj-3.0-12.3.20060mlcs4.x86_64.rpm
 cf6c423a01ffb30206b7ab973576dc05  corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.3.20060mlcs4.x86_64.rpm
 7f0758b87f1dd184267010edf2ae49c2  corporate/4.0/x86_64/tetex-dvips-3.0-12.3.20060mlcs4.x86_64.rpm
 584677a10b1f4dc829edc38347636ac2  corporate/4.0/x86_64/tetex-latex-3.0-12.3.20060mlcs4.x86_64.rpm
 f807370e1d34149ec4d3f8db0bb718eb  corporate/4.0/x86_64/tetex-mfwin-3.0-12.3.20060mlcs4.x86_64.rpm
 30a5829e72c5694d38224cd6f1048684  corporate/4.0/x86_64/tetex-texi2html-3.0-12.3.20060mlcs4.x86_64.rpm
 202b14f67f12f4390649a00cd677f5bb  corporate/4.0/x86_64/tetex-xdvi-3.0-12.3.20060mlcs4.x86_64.rpm
 ae70ba2da64fc4bd7ea5e543d3921356  corporate/4.0/x86_64/xmltex-1.9-58.3.20060mlcs4.x86_64.rpm 
 19ddb7ee7cab54ac851cd5ef399ff77e  corporate/4.0/SRPMS/tetex-3.0-12.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFr7azmqjQ0CJFipgRAhgjAJwNJwlUAK2S+mIB17aKqmjN8WQJGgCguwgZ
h8dpKOT8JiNu1YzvQKYYs/U=
=xCS/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ