what you don't know can hurt you

Mandriva Linux Security Advisory 2012-144

Mandriva Linux Security Advisory 2012-144
Posted Aug 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-144 - Multiple vulnerabilities has been found and corrected in tetex. The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2010-3702, CVE-2010-3704, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
MD5 | 07a1d1e4f42dbf305a836a901fd380de

Mandriva Linux Security Advisory 2012-144

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:144
http://www.mandriva.com/security/
_______________________________________________________________________

Package : tetex
Date : August 28, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in tetex:

The Gfx::getPos function in the PDF parser in poppler, allows
context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in poppler, allows context-dependent attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a PDF
file with a crafted Type1 font that contains a negative array index,
which bypasses input validation and which triggers memory corruption
(CVE-2010-3704).

A heap-based buffer overflow flaw was found in the way AFM font file
parser, used for rendering of DVI files, in GNOME evince document
viewer and other products, processed line tokens from the given input
stream. A remote attacker could provide a DVI file, with embedded
specially-crafted font file, and trick the local user to open it with
an application using the AFM font parser, leading to that particular
application crash or, potentially, arbitrary code execution with the
privileges of the user running the application. Different vulnerability
than CVE-2010-2642 (CVE-2011-0433).

t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with
a dereference operation, which allows remote attackers to execute
arbitrary code via a specially crafted Type 1 font in a PDF document
(CVE-2011-0764).

t1lib 5.1.2 and earlier reads from invalid memory locations, which
allows remote attackers to cause a denial of service (application
crash) via a crafted Type 1 font in a PDF document, a different
vulnerability than CVE-2011-0764 (CVE-2011-1552).

Use-after-free vulnerability in t1lib 5.1.2 and earlier allows
remote attackers to cause a denial of service (application crash)
via a PDF document containing a crafted Type 1 font that triggers an
invalid memory write, a different vulnerability than CVE-2011-0764
(CVE-2011-1553).

Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers
to cause a denial of service (application crash) via a PDF document
containing a crafted Type 1 font that triggers an invalid memory
read, integer overflow, and invalid pointer dereference, a different
vulnerability than CVE-2011-0764 (CVE-2011-1554).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554
http://www.toucan-system.com/advisories/tssa-2011-01.txt
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
f7f810e4116f27e959f188bb703c5ea1 mes5/i586/jadetex-3.12-145.3mdvmes5.2.i586.rpm
e5bd1bdccaab2c7e2cafec53cacc84d1 mes5/i586/tetex-3.0-47.3mdvmes5.2.i586.rpm
79ba60000da9d48376d0682f83739d3d mes5/i586/tetex-afm-3.0-47.3mdvmes5.2.i586.rpm
2762a01972d571253ec542acc172a93b mes5/i586/tetex-context-3.0-47.3mdvmes5.2.i586.rpm
04d2e75e3725fb22fe734f3e386f140a mes5/i586/tetex-devel-3.0-47.3mdvmes5.2.i586.rpm
aa4fda2fc5d73e95e1b884ab82ec06ef mes5/i586/tetex-doc-3.0-47.3mdvmes5.2.i586.rpm
188ed09bb211d33436e5c46b33be1a53 mes5/i586/tetex-dvilj-3.0-47.3mdvmes5.2.i586.rpm
eed48db7403810ae54eea2bca807f327 mes5/i586/tetex-dvipdfm-3.0-47.3mdvmes5.2.i586.rpm
e67df6f478840570b2faa773da08f376 mes5/i586/tetex-dvips-3.0-47.3mdvmes5.2.i586.rpm
2ae270880967e2497cbc23a515650edf mes5/i586/tetex-latex-3.0-47.3mdvmes5.2.i586.rpm
1c4d957b2bb7186866636a4a16248471 mes5/i586/tetex-mfwin-3.0-47.3mdvmes5.2.i586.rpm
ce3abdde00968916b2d9fbc84c46899f mes5/i586/tetex-texi2html-3.0-47.3mdvmes5.2.i586.rpm
49c86d874f6d4f63dff0ea033a3769dc mes5/i586/tetex-usrlocal-3.0-47.3mdvmes5.2.i586.rpm
35baf4b93edcd30c2850d11691cc31f2 mes5/i586/tetex-xdvi-3.0-47.3mdvmes5.2.i586.rpm
69cf64422423d89a69c96bf28c239a5a mes5/i586/xmltex-1.9-93.3mdvmes5.2.i586.rpm
afa6531e584b746b4b49ab40be16855a mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
c74b150324e5507584fcf6d0de675540 mes5/x86_64/jadetex-3.12-145.3mdvmes5.2.x86_64.rpm
ece2f503c3d2d72784a395bde4d4b55f mes5/x86_64/tetex-3.0-47.3mdvmes5.2.x86_64.rpm
579a9fd3844da7e5b0ef0745a449d4b7 mes5/x86_64/tetex-afm-3.0-47.3mdvmes5.2.x86_64.rpm
06bc60c5f500374c3f3fe24d674d614a mes5/x86_64/tetex-context-3.0-47.3mdvmes5.2.x86_64.rpm
bf8aace57cf58d686bbe3c55fb4141b3 mes5/x86_64/tetex-devel-3.0-47.3mdvmes5.2.x86_64.rpm
ecfe9cd5a4a5e03172d01c44c51fb5b5 mes5/x86_64/tetex-doc-3.0-47.3mdvmes5.2.x86_64.rpm
8ec49ac5b95d4caba4c2964ad60c7102 mes5/x86_64/tetex-dvilj-3.0-47.3mdvmes5.2.x86_64.rpm
318b50b134c1b78e1fc410f442dcc603 mes5/x86_64/tetex-dvipdfm-3.0-47.3mdvmes5.2.x86_64.rpm
9c1594242450e651dbccb0f23d985720 mes5/x86_64/tetex-dvips-3.0-47.3mdvmes5.2.x86_64.rpm
442fa550ce7b17d812c8b821ef3ea6d1 mes5/x86_64/tetex-latex-3.0-47.3mdvmes5.2.x86_64.rpm
62aa630345a117725cd2dde5f9e62826 mes5/x86_64/tetex-mfwin-3.0-47.3mdvmes5.2.x86_64.rpm
8534c04f7ac1d14f0f696629da487450 mes5/x86_64/tetex-texi2html-3.0-47.3mdvmes5.2.x86_64.rpm
d18f2d629add6518679ca651522e92c4 mes5/x86_64/tetex-usrlocal-3.0-47.3mdvmes5.2.x86_64.rpm
444972fe98ba46addb89212663efdc33 mes5/x86_64/tetex-xdvi-3.0-47.3mdvmes5.2.x86_64.rpm
037d0d760c6df3402b9742898943b021 mes5/x86_64/xmltex-1.9-93.3mdvmes5.2.x86_64.rpm
afa6531e584b746b4b49ab40be16855a mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQPILgmqjQ0CJFipgRAhKBAKCoEM/F4H4+e23lviOf3CYmM8VXJACfegKO
0W8FQpb3KMbHTudQn9SwMkk=
=y2n2
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    19 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close