lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OE33t-0003xE-5v@titan.mandriva.com>
Date: Mon, 17 May 2010 18:21:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:096 ] tetex


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:096
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : tetex
 Date    : May 17, 2010
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and fixed in tetex:
 
 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
 and earlier allow remote attackers to cause a denial of service
 (crash) via a crafted PDF file, related to (1) setBitmap and (2)
 readSymbolDictSeg (CVE-2009-0146).
 
 Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
 earlier allow remote attackers to cause a denial of service (crash)
 via a crafted PDF file (CVE-2009-0147).
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
 to cause a denial of service (crash) via a crafted PDF file that
 triggers a free of uninitialized memory (CVE-2009-0166).
 
 Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
 and probably other products, allows remote attackers to execute
 arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
 segments (CVE-2009-0195).
 
 Buffer overflow in BibTeX 0.99 allows context-dependent attackers to
 cause a denial of service (memory corruption and crash) via a long
 .bib bibliography file (CVE-2009-1284).
 
 Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
 in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
 GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
 attackers to execute arbitrary code via a crafted PDF document that
 triggers a heap-based buffer overflow (CVE-2009-3608).
 
 Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,
 allows remote attackers to cause a denial of service (application
 crash) or possibly execute arbitrary code via a crafted virtual font
 (VF) file associated with a DVI file (CVE-2010-0827).
 
 Multiple array index errors in set.c in dvipng 1.11 and 1.12, and
 teTeX, allow remote attackers to cause a denial of service (application
 crash) or possibly execute arbitrary code via a malformed DVI file
 (CVE-2010-0829).
 
 Integer overflow in the predospecial function in dospecial.c in
 dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote
 attackers to execute arbitrary code via a crafted DVI file that
 triggers a heap-based buffer overflow.  NOTE: some of these details
 are obtained from third party information (CVE-2010-0739).
 
 Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live
 2009 and earlier, and teTeX, allow remote attackers to cause a denial
 of service (application crash) or possibly execute arbitrary code via
 a special command in a DVI file, related to the (1) predospecial and
 (2) bbdospecial functions, a different vulnerability than CVE-2010-0739
 (CVE-2010-1440).
 
 The corrected packages solves these problems.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1284
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0739
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0827
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0829
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1440
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 074ab98aef9b6514a200ab9e5883dc4e  corporate/4.0/i586/jadetex-3.12-110.8.20060mlcs4.i586.rpm
 c99ad31c59a43ede5f0802d671d427d9  corporate/4.0/i586/tetex-3.0-12.8.20060mlcs4.i586.rpm
 9ff7b44ef3b840461c2db7846a82c2a9  corporate/4.0/i586/tetex-afm-3.0-12.8.20060mlcs4.i586.rpm
 8a515142f2a4840f610c2975230c759b  corporate/4.0/i586/tetex-context-3.0-12.8.20060mlcs4.i586.rpm
 13ebae13d6be32ed040a539220da5205  corporate/4.0/i586/tetex-devel-3.0-12.8.20060mlcs4.i586.rpm
 d08ca0f7cb17e8f4aaf14159f2847385  corporate/4.0/i586/tetex-doc-3.0-12.8.20060mlcs4.i586.rpm
 c725bf8aa202b7d4df9f37d662e4cf5e  corporate/4.0/i586/tetex-dvilj-3.0-12.8.20060mlcs4.i586.rpm
 85e7fce95b930eaa1f299b2709b14139  corporate/4.0/i586/tetex-dvipdfm-3.0-12.8.20060mlcs4.i586.rpm
 975dd0fb48045d5f7397f48794f85112  corporate/4.0/i586/tetex-dvips-3.0-12.8.20060mlcs4.i586.rpm
 0702447414b6ce056185a429e5b90f2b  corporate/4.0/i586/tetex-latex-3.0-12.8.20060mlcs4.i586.rpm
 139d0376fe9ccabbb8157d8ce5f220b2  corporate/4.0/i586/tetex-mfwin-3.0-12.8.20060mlcs4.i586.rpm
 6ec4a74d89e349ee75da6189da0e29be  corporate/4.0/i586/tetex-texi2html-3.0-12.8.20060mlcs4.i586.rpm
 baa061164ced3207801bc4bd3299d071  corporate/4.0/i586/tetex-xdvi-3.0-12.8.20060mlcs4.i586.rpm
 c141b482b5edab6e6bc2cef61d613d1d  corporate/4.0/i586/xmltex-1.9-58.8.20060mlcs4.i586.rpm 
 05c3cd1cc81035250a4b68eb18c689e3  corporate/4.0/SRPMS/tetex-3.0-12.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 78c3d11773d3c899ae205d64a0cec725  corporate/4.0/x86_64/jadetex-3.12-110.8.20060mlcs4.x86_64.rpm
 0810065ec01d9aae9743b3ba0eb8d470  corporate/4.0/x86_64/tetex-3.0-12.8.20060mlcs4.x86_64.rpm
 4470d4ba12c8db1a74d03be1abbf4348  corporate/4.0/x86_64/tetex-afm-3.0-12.8.20060mlcs4.x86_64.rpm
 490861c54ad156a6d6f6a42f8b8598e3  corporate/4.0/x86_64/tetex-context-3.0-12.8.20060mlcs4.x86_64.rpm
 e3cbef2e16e8ee837bdc3b01d192444b  corporate/4.0/x86_64/tetex-devel-3.0-12.8.20060mlcs4.x86_64.rpm
 bbff7a2edf4a455ac3fedab8d4c803db  corporate/4.0/x86_64/tetex-doc-3.0-12.8.20060mlcs4.x86_64.rpm
 e76a7f7da703d31c6a2066aff6088a36  corporate/4.0/x86_64/tetex-dvilj-3.0-12.8.20060mlcs4.x86_64.rpm
 836d4a41a9d7d12955c043730f03139b  corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.8.20060mlcs4.x86_64.rpm
 d94395fb00248263360c413838efc39e  corporate/4.0/x86_64/tetex-dvips-3.0-12.8.20060mlcs4.x86_64.rpm
 f4e5f8d156c62007c2af11049f86ab77  corporate/4.0/x86_64/tetex-latex-3.0-12.8.20060mlcs4.x86_64.rpm
 a593e40ecbba2320e40116c31d208555  corporate/4.0/x86_64/tetex-mfwin-3.0-12.8.20060mlcs4.x86_64.rpm
 be8c25178b62320bc8ff913203f43ac5  corporate/4.0/x86_64/tetex-texi2html-3.0-12.8.20060mlcs4.x86_64.rpm
 81fcecbb73f775719be8a3af9f5ad185  corporate/4.0/x86_64/tetex-xdvi-3.0-12.8.20060mlcs4.x86_64.rpm
 4195facae25d085c978bcc1f388126f4  corporate/4.0/x86_64/xmltex-1.9-58.8.20060mlcs4.x86_64.rpm 
 05c3cd1cc81035250a4b68eb18c689e3  corporate/4.0/SRPMS/tetex-3.0-12.8.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL8UIhmqjQ0CJFipgRAvafAKCHWV+qiVeXTvUDLtraCyGg1ONAlQCgkOZK
gL1RilejPSbpkRlDWrIf81E=
=LJew
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ