[<prev] [next>] [day] [month] [year] [list]
Message-ID: <475863FB.3090708@ubuntu.com>
Date: Thu, 06 Dec 2007 16:04:59 -0500
From: Jamie Strandboge <jamie@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-554-1] teTeX and TeX Live vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================
Ubuntu Security Notice USN-554-1 December 06, 2007
tetex-bin, texlive-bin vulnerabilities
CVE-2007-5935, CVE-2007-5936, CVE-2007-5937
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
tetex-bin 3.0-13ubuntu6.1
Ubuntu 6.10:
tetex-bin 3.0-17ubuntu2.1
Ubuntu 7.04:
tetex-bin 3.0-27ubuntu1.2
Ubuntu 7.10:
texlive-extra-utils 2007-12ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)
Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)
Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a specially crafted dvi file,
the dviljk utilities could be made to crash and execute code as
the user invoking the program. (CVE-2007-5937)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1.diff.gz
Size/MD5: 147737 15f1e02a156c82616483c5fe33e3c995
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1.dsc
Size/MD5: 1059 48e1181f4ed2d925f5aa735cf4416ee4
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0.orig.tar.gz
Size/MD5: 12749314 944a4641e79e61043fdaf8f38ecbb4b3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_amd64.deb
Size/MD5: 77196 7b98a751a64e10eaaacce4e590be2c8b
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_amd64.deb
Size/MD5: 79390 60d5ba566b62b1f1779d3ad25d1c3dea
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_amd64.deb
Size/MD5: 3979524 0216c41db9188dc0b125674dfb5d474c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_i386.deb
Size/MD5: 68732 dca7cca4022cb7ef79a5309f1c893093
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_i386.deb
Size/MD5: 75128 a01b92fc05dffaf6556eec1a1519b715
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_i386.deb
Size/MD5: 3392422 e8236dfa44c5e4cc5e0d3c356e79b0d3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_powerpc.deb
Size/MD5: 79680 55487a575962d99d0d19d62f5a0c68db
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_powerpc.deb
Size/MD5: 80726 c91244b5b53a2003fdd3fec310122a17
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_powerpc.deb
Size/MD5: 3953686 e74ba9f82bab3938432d82e06d7d4dd6
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_sparc.deb
Size/MD5: 75092 bae8d0d0d7c5f3cf0c01e1c51be52f65
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_sparc.deb
Size/MD5: 79094 6b98e992e86c4f1857f8e586aafcd7e3
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_sparc.deb
Size/MD5: 3748932 dda472ccbd1d1f21719cd4332fbdf17b
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1.diff.gz
Size/MD5: 157517 fd0668b0eecf41d4bf853b68a8eccab5
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1.dsc
Size/MD5: 1060 196ac952be9eeb717881c0cce6317515
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0.orig.tar.gz
Size/MD5: 12749314 944a4641e79e61043fdaf8f38ecbb4b3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_amd64.deb
Size/MD5: 76670 195cd45ef787676c67478f0c9123c4fb
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_amd64.deb
Size/MD5: 82082 216d7441389fc81c04a3a32b3aca7382
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_amd64.deb
Size/MD5: 3993822 e973cb6b2a80d4288e3c98c3731e5c72
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_i386.deb
Size/MD5: 69712 ddac9890683113ab4b30eb418d6e7710
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_i386.deb
Size/MD5: 79544 d2c47945e852a15c5ba069e32dacee76
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_i386.deb
Size/MD5: 3494526 ea3fa09fcd8a12f8b62292c61e8aa8a1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_powerpc.deb
Size/MD5: 79316 f499e40bb3376265be7e71c27cf4e30c
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_powerpc.deb
Size/MD5: 84116 bf5ffbda8b4b67483987c239615e915e
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_powerpc.deb
Size/MD5: 4007152 94193a6d53b68c763663fa3d158c1091
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_sparc.deb
Size/MD5: 74786 5761f3dbf0f8ca9b18753c48c82bd691
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_sparc.deb
Size/MD5: 82372 221e0ded51d0bb8532d5c06b51d14454
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_sparc.deb
Size/MD5: 3800582 3b8e579f76d06105a2173364bc1ea1d7
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2.diff.gz
Size/MD5: 131834 93b2abbb0c3646605f3bb6a276904e84
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2.dsc
Size/MD5: 1128 2429c56b9eabda4d30599679b44c25bd
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0.orig.tar.gz
Size/MD5: 12749314 944a4641e79e61043fdaf8f38ecbb4b3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_amd64.deb
Size/MD5: 76608 84056c0827e0686e320be77737a0bef1
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_amd64.deb
Size/MD5: 84996 d01f5347200b625d2ad7bf6e5e539528
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_amd64.deb
Size/MD5: 3990158 cb8e215c4f30a268cc38c60e338a50ec
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_i386.deb
Size/MD5: 69632 652d23489b76a6f3b0936ddf18d5308f
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_i386.deb
Size/MD5: 82264 8fcdbf48f34868afdc08d46b2bc6711c
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_i386.deb
Size/MD5: 3485146 6c39db7f25db863598208894a05c4892
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_powerpc.deb
Size/MD5: 79228 1945f38f7db760104ff8b852a5f93509
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_powerpc.deb
Size/MD5: 90224 8c991716a40e9f26ab83529fbb76a06c
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_powerpc.deb
Size/MD5: 4063232 2a81799b4ad3103e213715e2907de96f
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_sparc.deb
Size/MD5: 74718 95d884e8da7d6fc155e544b117b0f826
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_sparc.deb
Size/MD5: 85058 4320f70459c40e203fbedd1fe2c29cb3
http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_sparc.deb
Size/MD5: 3807886 43c98a06faac03ac3cf79c17fb1bb64f
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007-12ubuntu3.1.diff.gz
Size/MD5: 162600 5544cae80eb695f0c059c3da73d743d7
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007-12ubuntu3.1.dsc
Size/MD5: 1254 5f43e5047453d6cf46bbdcfb2a8ff2e3
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.orig.tar.gz
Size/MD5: 70676090 11427cda2c5612464e5459b2c7d2b5b6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_amd64.deb
Size/MD5: 154306 ae009cb67fdac523d847b62567d42522
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_amd64.deb
Size/MD5: 112268 2adc2fa74f2cad535ab26603aff616ef
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_amd64.deb
Size/MD5: 11214748 d47427dbfd84ed25e5a58684ab0ee8e6
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_amd64.deb
Size/MD5: 645450 3f1f86b95849ea405159c38b1b2ae453
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_amd64.deb
Size/MD5: 993532 ee5c597d7d869f5f87c08a9766dc523a
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_amd64.deb
Size/MD5: 6699340 45cacd76bae75a2c6199de286bcf0c08
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_amd64.deb
Size/MD5: 7444434 17a21db43482aa75ede49f999320e9f6
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_amd64.deb
Size/MD5: 1711754 5317c83235b9dd6026ffc529618c6c4e
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_amd64.deb
Size/MD5: 2784296 7d7e75a17e254d6f58455b60abce0bfc
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_amd64.deb
Size/MD5: 6463618 cf7bf5dcd5bf2b96e441924942f9d350
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_i386.deb
Size/MD5: 146586 cde25bc084da07938c645dfed2ba2101
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_i386.deb
Size/MD5: 109396 9da1a52ea26394a479bcd19aaebc9d1c
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_i386.deb
Size/MD5: 10951142 f17262084f77eb186fcece72d0092203
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_i386.deb
Size/MD5: 569516 75deffbcd015bf93f96806c7f4b6252e
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_i386.deb
Size/MD5: 958890 401a622b6dec696b25dcb969a539fd7f
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_i386.deb
Size/MD5: 6697822 2ae6f7dda0c29176d4cd3b257c19ba9a
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_i386.deb
Size/MD5: 7407550 d87ba707a86968f712783d78e3402e39
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_i386.deb
Size/MD5: 1711742 c42d3176594477cee2dc60b3401339aa
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_i386.deb
Size/MD5: 2665088 bc29392d66594c013bba695131bfba7b
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_i386.deb
Size/MD5: 6374640 9fff76a65961ba321d794ac4a3ace849
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 156868 2115d2e1e24202d8c5e6d22960af39cf
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 117166 debacefa4e02bb885d47a4550c271137
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 11230932 2540d73675a0cd411c51155c194a85c6
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 693270 d543b6d627af4d7891329149c9078fc6
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 1013252 ddd508d8cffff0e72afc8e2ca7280939
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 6700794 8c7911cd2d293c66ba25d7b3419d153e
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 7448714 67ae7b80bcac72f74f37fe27e4b78e91
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 1711748 b2b5169ee98cdd85d6e99bfe742305b6
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 2772356 18496c1a4fcd9d31fcad71b27136e7f8
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_powerpc.deb
Size/MD5: 6574188 51a0790f07eb68f75deef671925b37e1
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_sparc.deb
Size/MD5: 152220 26550988b56e6a990038fa5b2d4ddc45
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_sparc.deb
Size/MD5: 112258 68bf9ca38fbbf1e10c76e32a74efdffb
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_sparc.deb
Size/MD5: 11099194 e658ebf5061ffd1916ef43ee45079e50
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_sparc.deb
Size/MD5: 619234 d0f0b17894071ff02512bd539081056f
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_sparc.deb
Size/MD5: 984878 6d025fdb386b04e2cfb54ce1a720d3bf
http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_sparc.deb
Size/MD5: 6699896 d0e7b35c0936177ae4024e7f1279df01
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_sparc.deb
Size/MD5: 7427240 5f222ef3c58af9f815956dc38f399ae0
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_sparc.deb
Size/MD5: 1711768 8a4bde0a23927d024048a917ba3c4ba8
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_sparc.deb
Size/MD5: 2739616 83e1b296a0f0fb404a203b51af7fa383
http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_sparc.deb
Size/MD5: 6471436 b4d454e369af3ac81806c16f114601f5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHWGP7W0JvuRdL8BoRAiSbAJ41pEfko0y1T2p+ADBhUQ1w85YMhQCfcY7Z
z6XKpOKzypFwg/ZvCCeOufM=
=mIHf
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists