lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1T6KBH-00082h-3N@titan.mandriva.com>
Date: Tue, 28 Aug 2012 13:42:02 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:144 ] tetex

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:144
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : tetex
 Date    : August 28, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in tetex:
 
 The Gfx::getPos function in the PDF parser in poppler, allows
 context-dependent attackers to cause a denial of service (crash)
 via unknown vectors that trigger an uninitialized pointer dereference
 (CVE-2010-3702).
 
 The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
 in poppler, allows context-dependent attackers to cause a denial
 of service (crash) and possibly execute arbitrary code via a PDF
 file with a crafted Type1 font that contains a negative array index,
 which bypasses input validation and which triggers memory corruption
 (CVE-2010-3704).
 
 A heap-based buffer overflow flaw was found in the way AFM font file
 parser, used for rendering of DVI files, in GNOME evince document
 viewer and other products, processed line tokens from the given input
 stream. A remote attacker could provide a DVI file, with embedded
 specially-crafted font file, and trick the local user to open it with
 an application using the AFM font parser, leading to that particular
 application crash or, potentially, arbitrary code execution with the
 privileges of the user running the application. Different vulnerability
 than CVE-2010-2642 (CVE-2011-0433).
 
 t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with
 a dereference operation, which allows remote attackers to execute
 arbitrary code via a specially crafted Type 1 font in a PDF document
 (CVE-2011-0764).
 
 t1lib 5.1.2 and earlier reads from invalid memory locations, which
 allows remote attackers to cause a denial of service (application
 crash) via a crafted Type 1 font in a PDF document, a different
 vulnerability than CVE-2011-0764 (CVE-2011-1552).
 
 Use-after-free vulnerability in t1lib 5.1.2 and earlier allows
 remote attackers to cause a denial of service (application crash)
 via a PDF document containing a crafted Type 1 font that triggers an
 invalid memory write, a different vulnerability than CVE-2011-0764
 (CVE-2011-1553).
 
 Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers
 to cause a denial of service (application crash) via a PDF document
 containing a crafted Type 1 font that triggers an invalid memory
 read, integer overflow, and invalid pointer dereference, a different
 vulnerability than CVE-2011-0764 (CVE-2011-1554).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554
 http://www.toucan-system.com/advisories/tssa-2011-01.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 f7f810e4116f27e959f188bb703c5ea1  mes5/i586/jadetex-3.12-145.3mdvmes5.2.i586.rpm
 e5bd1bdccaab2c7e2cafec53cacc84d1  mes5/i586/tetex-3.0-47.3mdvmes5.2.i586.rpm
 79ba60000da9d48376d0682f83739d3d  mes5/i586/tetex-afm-3.0-47.3mdvmes5.2.i586.rpm
 2762a01972d571253ec542acc172a93b  mes5/i586/tetex-context-3.0-47.3mdvmes5.2.i586.rpm
 04d2e75e3725fb22fe734f3e386f140a  mes5/i586/tetex-devel-3.0-47.3mdvmes5.2.i586.rpm
 aa4fda2fc5d73e95e1b884ab82ec06ef  mes5/i586/tetex-doc-3.0-47.3mdvmes5.2.i586.rpm
 188ed09bb211d33436e5c46b33be1a53  mes5/i586/tetex-dvilj-3.0-47.3mdvmes5.2.i586.rpm
 eed48db7403810ae54eea2bca807f327  mes5/i586/tetex-dvipdfm-3.0-47.3mdvmes5.2.i586.rpm
 e67df6f478840570b2faa773da08f376  mes5/i586/tetex-dvips-3.0-47.3mdvmes5.2.i586.rpm
 2ae270880967e2497cbc23a515650edf  mes5/i586/tetex-latex-3.0-47.3mdvmes5.2.i586.rpm
 1c4d957b2bb7186866636a4a16248471  mes5/i586/tetex-mfwin-3.0-47.3mdvmes5.2.i586.rpm
 ce3abdde00968916b2d9fbc84c46899f  mes5/i586/tetex-texi2html-3.0-47.3mdvmes5.2.i586.rpm
 49c86d874f6d4f63dff0ea033a3769dc  mes5/i586/tetex-usrlocal-3.0-47.3mdvmes5.2.i586.rpm
 35baf4b93edcd30c2850d11691cc31f2  mes5/i586/tetex-xdvi-3.0-47.3mdvmes5.2.i586.rpm
 69cf64422423d89a69c96bf28c239a5a  mes5/i586/xmltex-1.9-93.3mdvmes5.2.i586.rpm 
 afa6531e584b746b4b49ab40be16855a  mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 c74b150324e5507584fcf6d0de675540  mes5/x86_64/jadetex-3.12-145.3mdvmes5.2.x86_64.rpm
 ece2f503c3d2d72784a395bde4d4b55f  mes5/x86_64/tetex-3.0-47.3mdvmes5.2.x86_64.rpm
 579a9fd3844da7e5b0ef0745a449d4b7  mes5/x86_64/tetex-afm-3.0-47.3mdvmes5.2.x86_64.rpm
 06bc60c5f500374c3f3fe24d674d614a  mes5/x86_64/tetex-context-3.0-47.3mdvmes5.2.x86_64.rpm
 bf8aace57cf58d686bbe3c55fb4141b3  mes5/x86_64/tetex-devel-3.0-47.3mdvmes5.2.x86_64.rpm
 ecfe9cd5a4a5e03172d01c44c51fb5b5  mes5/x86_64/tetex-doc-3.0-47.3mdvmes5.2.x86_64.rpm
 8ec49ac5b95d4caba4c2964ad60c7102  mes5/x86_64/tetex-dvilj-3.0-47.3mdvmes5.2.x86_64.rpm
 318b50b134c1b78e1fc410f442dcc603  mes5/x86_64/tetex-dvipdfm-3.0-47.3mdvmes5.2.x86_64.rpm
 9c1594242450e651dbccb0f23d985720  mes5/x86_64/tetex-dvips-3.0-47.3mdvmes5.2.x86_64.rpm
 442fa550ce7b17d812c8b821ef3ea6d1  mes5/x86_64/tetex-latex-3.0-47.3mdvmes5.2.x86_64.rpm
 62aa630345a117725cd2dde5f9e62826  mes5/x86_64/tetex-mfwin-3.0-47.3mdvmes5.2.x86_64.rpm
 8534c04f7ac1d14f0f696629da487450  mes5/x86_64/tetex-texi2html-3.0-47.3mdvmes5.2.x86_64.rpm
 d18f2d629add6518679ca651522e92c4  mes5/x86_64/tetex-usrlocal-3.0-47.3mdvmes5.2.x86_64.rpm
 444972fe98ba46addb89212663efdc33  mes5/x86_64/tetex-xdvi-3.0-47.3mdvmes5.2.x86_64.rpm
 037d0d760c6df3402b9742898943b021  mes5/x86_64/xmltex-1.9-93.3mdvmes5.2.x86_64.rpm 
 afa6531e584b746b4b49ab40be16855a  mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQPILgmqjQ0CJFipgRAhKBAKCoEM/F4H4+e23lviOf3CYmM8VXJACfegKO
0W8FQpb3KMbHTudQn9SwMkk=
=y2n2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ