Mandriva Linux Security Advisory - A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened. Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened. A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file.
0f991775c30cb8dd149ffa43aa740074474f1908da8c8544dd63843d28effc58
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:230
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tetex
Date : November 20, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A flaw in the t1lib library where an attacker could create a malicious
file that would cause tetex to crash or possibly execute arbitrary
code when opened (CVE-2007-4033).
Alin Rad Pop found several flaws in how PDF files are handled in tetex.
An attacker could create a malicious PDF file that would cause tetex to
crash or potentially execute arbitrary code when opened (CVE-2007-4352,
CVE-2007-5392, CVE-2007-5393).
A stack-based buffer overflow in dvips in tetex allows for
user-assisted attackers to execute arbitrary code via a DVI file with
a long href tag (CVE-2007-5935).
A vulnerability in dvips in tetex allows local users to obtain
sensitive information and modify certain data by creating certain
temporary files before they are processed by dviljk, which can then
be read or modified in place (CVE-2007-5936).
Multiple buffer overflows in dviljk in tetext may allow users-assisted
attackers to execute arbitrary code via a crafted DVI input file
(CVE-2007-5937).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5937
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
ade4d0388b150fdd6a4469b69a5a662f 2007.0/i586/jadetex-3.12-116.5mdv2007.0.i586.rpm
de24bfc0d41975bfa92aa8136ddd390b 2007.0/i586/tetex-3.0-18.5mdv2007.0.i586.rpm
d44ef3cb47cc4c3f29d723989e791dc8 2007.0/i586/tetex-afm-3.0-18.5mdv2007.0.i586.rpm
2f29a9263ac09a8e944ccf73e3d26e3a 2007.0/i586/tetex-context-3.0-18.5mdv2007.0.i586.rpm
5fa8b58b9aa974ddffd556c03ca81c6f 2007.0/i586/tetex-devel-3.0-18.5mdv2007.0.i586.rpm
dc551e5b0e5c31ed9cfa8d81599f07be 2007.0/i586/tetex-doc-3.0-18.5mdv2007.0.i586.rpm
3b19a24abea988d76f1ee82c25cb1dee 2007.0/i586/tetex-dvilj-3.0-18.5mdv2007.0.i586.rpm
17d5395be6f65db6777f9d701e35c2ff 2007.0/i586/tetex-dvipdfm-3.0-18.5mdv2007.0.i586.rpm
ec5649686425f62103fd085c57c1c3e6 2007.0/i586/tetex-dvips-3.0-18.5mdv2007.0.i586.rpm
66888feb0b690ac4d6a5c2588b6a5a91 2007.0/i586/tetex-latex-3.0-18.5mdv2007.0.i586.rpm
3cc2a2787ff8dc4364a37dc32f81ba27 2007.0/i586/tetex-mfwin-3.0-18.5mdv2007.0.i586.rpm
0199cabc5d28eb64a6ce78f209c674eb 2007.0/i586/tetex-texi2html-3.0-18.5mdv2007.0.i586.rpm
eb849d14a6242b3d0dcd5f6fb9fc2fd2 2007.0/i586/tetex-xdvi-3.0-18.5mdv2007.0.i586.rpm
109eaf4ad10fcbd4fae5db40ee2aca95 2007.0/i586/xmltex-1.9-64.5mdv2007.0.i586.rpm
1cc715537c77ecfe23117f63b57312ad 2007.0/SRPMS/tetex-3.0-18.5mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
80fd46f964f0cad564eec96f31bacb8f 2007.0/x86_64/jadetex-3.12-116.5mdv2007.0.x86_64.rpm
d2cae01046967ec4472ad9fed62c7fb6 2007.0/x86_64/tetex-3.0-18.5mdv2007.0.x86_64.rpm
2783f1a16d9dd40d2b70f275167acea2 2007.0/x86_64/tetex-afm-3.0-18.5mdv2007.0.x86_64.rpm
7fef64eb5797ece756800d7ba0a79c69 2007.0/x86_64/tetex-context-3.0-18.5mdv2007.0.x86_64.rpm
25031c27e20a72e6210cde09074060c2 2007.0/x86_64/tetex-devel-3.0-18.5mdv2007.0.x86_64.rpm
bd70360887385b6672d3f96f1e586c7d 2007.0/x86_64/tetex-doc-3.0-18.5mdv2007.0.x86_64.rpm
7a115bd7186675cdab6c4dd5d017cdce 2007.0/x86_64/tetex-dvilj-3.0-18.5mdv2007.0.x86_64.rpm
a6de020558c9c7de6c46ca8e00f9bfdb 2007.0/x86_64/tetex-dvipdfm-3.0-18.5mdv2007.0.x86_64.rpm
13c7ec52d8ad06fe4be336fd8150ed82 2007.0/x86_64/tetex-dvips-3.0-18.5mdv2007.0.x86_64.rpm
fae6d11af04ff51c41f84df96f00a718 2007.0/x86_64/tetex-latex-3.0-18.5mdv2007.0.x86_64.rpm
3c1819f536a007174df5dcd1e5cd62d7 2007.0/x86_64/tetex-mfwin-3.0-18.5mdv2007.0.x86_64.rpm
e12654ecc2a4425ca5c5680a41b8d23d 2007.0/x86_64/tetex-texi2html-3.0-18.5mdv2007.0.x86_64.rpm
03823155acf3450a67f95ed26a1b1fb4 2007.0/x86_64/tetex-xdvi-3.0-18.5mdv2007.0.x86_64.rpm
65471f0bb517d9b48198213bbf867ba6 2007.0/x86_64/xmltex-1.9-64.5mdv2007.0.x86_64.rpm
1cc715537c77ecfe23117f63b57312ad 2007.0/SRPMS/tetex-3.0-18.5mdv2007.0.src.rpm
Mandriva Linux 2007.1:
323fa0813e626394d1243f7dfa5bc9f6 2007.1/i586/jadetex-3.12-129.4mdv2007.1.i586.rpm
1fc0abad68ebfa7a6e832cf0c0ef2372 2007.1/i586/tetex-3.0-31.4mdv2007.1.i586.rpm
3f4946987850211a71aeadcb02d4b7a5 2007.1/i586/tetex-afm-3.0-31.4mdv2007.1.i586.rpm
3b41ca08cec2ca6fd5ecc517f5a02dbd 2007.1/i586/tetex-context-3.0-31.4mdv2007.1.i586.rpm
5eda3ac9e6620c46b3a10642bff95e07 2007.1/i586/tetex-devel-3.0-31.4mdv2007.1.i586.rpm
e06019819ef6bca80dc50693efc02a60 2007.1/i586/tetex-doc-3.0-31.4mdv2007.1.i586.rpm
ead62a4f752ffe4cc9fd3b5957057368 2007.1/i586/tetex-dvilj-3.0-31.4mdv2007.1.i586.rpm
9729837f65b9acadd64dda1a12e2953a 2007.1/i586/tetex-dvipdfm-3.0-31.4mdv2007.1.i586.rpm
e925814ff3122bacc62881af2f87aefd 2007.1/i586/tetex-dvips-3.0-31.4mdv2007.1.i586.rpm
26fc6c9125488f2c48b6f1cc70801fd0 2007.1/i586/tetex-latex-3.0-31.4mdv2007.1.i586.rpm
fd8b95fe4a35a9f86a720bd80b0e71a8 2007.1/i586/tetex-mfwin-3.0-31.4mdv2007.1.i586.rpm
339d1a3ccdc67365f911076bd7135bf5 2007.1/i586/tetex-texi2html-3.0-31.4mdv2007.1.i586.rpm
9e436656d7b989cbf85ad895cb0ca845 2007.1/i586/tetex-usrlocal-3.0-31.4mdv2007.1.i586.rpm
f6f768605371a06978765c84eddc383f 2007.1/i586/tetex-xdvi-3.0-31.4mdv2007.1.i586.rpm
85553d5c581860e292bf9a1275c862e5 2007.1/i586/xmltex-1.9-77.4mdv2007.1.i586.rpm
002622adc00fc8075eaaff3b69339b6f 2007.1/SRPMS/tetex-3.0-31.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
547617a6e3e232c55894701003b4415f 2007.1/x86_64/jadetex-3.12-129.4mdv2007.1.x86_64.rpm
46bc5ee3ebc5c73b91bd2b521cb0ce44 2007.1/x86_64/tetex-3.0-31.4mdv2007.1.x86_64.rpm
271e0f067cb4cae41d5cd24ff818ebb2 2007.1/x86_64/tetex-afm-3.0-31.4mdv2007.1.x86_64.rpm
0ff27a6ca4044bd8a996a5cb625e2386 2007.1/x86_64/tetex-context-3.0-31.4mdv2007.1.x86_64.rpm
0fde2fa74be4264cd4cd341da3c4f4e5 2007.1/x86_64/tetex-devel-3.0-31.4mdv2007.1.x86_64.rpm
265ec2327558f6b8c0bf3e8574af5f8b 2007.1/x86_64/tetex-doc-3.0-31.4mdv2007.1.x86_64.rpm
e43e61f71a6c087e7722a57936234b90 2007.1/x86_64/tetex-dvilj-3.0-31.4mdv2007.1.x86_64.rpm
003c0158c9e85f20582cca7da6e22a9f 2007.1/x86_64/tetex-dvipdfm-3.0-31.4mdv2007.1.x86_64.rpm
515453d5a664ed8c12b342f20624d460 2007.1/x86_64/tetex-dvips-3.0-31.4mdv2007.1.x86_64.rpm
f628d2997a3735d10321910915b533a3 2007.1/x86_64/tetex-latex-3.0-31.4mdv2007.1.x86_64.rpm
530a1c92bc0d75fb2ddd2295d174133c 2007.1/x86_64/tetex-mfwin-3.0-31.4mdv2007.1.x86_64.rpm
50b3823d4b0e49179e58b9eb4d1a8cb8 2007.1/x86_64/tetex-texi2html-3.0-31.4mdv2007.1.x86_64.rpm
7d943ed3afd0a037efb6dce30f156265 2007.1/x86_64/tetex-usrlocal-3.0-31.4mdv2007.1.x86_64.rpm
cb302cdccdd976f9e0f83742d374b862 2007.1/x86_64/tetex-xdvi-3.0-31.4mdv2007.1.x86_64.rpm
a2ffb3ccf2a6245852be4908ace48e41 2007.1/x86_64/xmltex-1.9-77.4mdv2007.1.x86_64.rpm
002622adc00fc8075eaaff3b69339b6f 2007.1/SRPMS/tetex-3.0-31.4mdv2007.1.src.rpm
Mandriva Linux 2008.0:
5809e2c2d74d6110bcd65d416530abad 2008.0/i586/jadetex-3.12-136.1mdv2008.0.i586.rpm
24aac326cedb34c6c6fbe41cc44ecbcf 2008.0/i586/tetex-3.0-38.1mdv2008.0.i586.rpm
311706b34e5a1c936ffd089e64520a9d 2008.0/i586/tetex-afm-3.0-38.1mdv2008.0.i586.rpm
2595486ac07ffa1da4b8de7f833c6b55 2008.0/i586/tetex-context-3.0-38.1mdv2008.0.i586.rpm
1aa7aea3313a45a4945c6134e5a75012 2008.0/i586/tetex-devel-3.0-38.1mdv2008.0.i586.rpm
317c6a17070d240edf1817996188f518 2008.0/i586/tetex-doc-3.0-38.1mdv2008.0.i586.rpm
e3fa9bdf5aed5ef6822405de56d2e77b 2008.0/i586/tetex-dvilj-3.0-38.1mdv2008.0.i586.rpm
fb3fc811f8c02ec717ad5cc2b5f94c27 2008.0/i586/tetex-dvipdfm-3.0-38.1mdv2008.0.i586.rpm
a7db4f9b642616ffbddaf1b983c140cb 2008.0/i586/tetex-dvips-3.0-38.1mdv2008.0.i586.rpm
709d9e0a8b84d452091a5c8dc6cf9e5c 2008.0/i586/tetex-latex-3.0-38.1mdv2008.0.i586.rpm
04fd7eb421bf6756817de5d729634c29 2008.0/i586/tetex-mfwin-3.0-38.1mdv2008.0.i586.rpm
366ce4a93ca90535f8e3ca999d66133e 2008.0/i586/tetex-texi2html-3.0-38.1mdv2008.0.i586.rpm
02fa0db8f7852cc110e691146f95436a 2008.0/i586/tetex-usrlocal-3.0-38.1mdv2008.0.i586.rpm
c52076f715683b362591400b03683c42 2008.0/i586/tetex-xdvi-3.0-38.1mdv2008.0.i586.rpm
691391b5de00752a609414ca28472690 2008.0/i586/xmltex-1.9-84.1mdv2008.0.i586.rpm
4389c2d79b2668ceb7bad37f1ae4aef4 2008.0/SRPMS/tetex-3.0-38.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
227d5654697cbea77cf744d5bb533d97 2008.0/x86_64/jadetex-3.12-136.1mdv2008.0.x86_64.rpm
64040bef31c7c55bb862495b230da7d2 2008.0/x86_64/tetex-3.0-38.1mdv2008.0.x86_64.rpm
eb98bde6db5ef79cbcda17f4be7f9006 2008.0/x86_64/tetex-afm-3.0-38.1mdv2008.0.x86_64.rpm
3a5cdd92176fd05ed9e7a1872d7c8cbf 2008.0/x86_64/tetex-context-3.0-38.1mdv2008.0.x86_64.rpm
e7874820ef1d6408db4e1f099a977df4 2008.0/x86_64/tetex-devel-3.0-38.1mdv2008.0.x86_64.rpm
9eb3ad284cc722d1737d7e0977dc8216 2008.0/x86_64/tetex-doc-3.0-38.1mdv2008.0.x86_64.rpm
d75b9b25a2c8316044d819735b6ce903 2008.0/x86_64/tetex-dvilj-3.0-38.1mdv2008.0.x86_64.rpm
98124fce07eb51e1afb9a30e2c289fd2 2008.0/x86_64/tetex-dvipdfm-3.0-38.1mdv2008.0.x86_64.rpm
0351786c037be8fbf0915f6008820c1d 2008.0/x86_64/tetex-dvips-3.0-38.1mdv2008.0.x86_64.rpm
147bb5c5ce4a03ee5d3fbd924c8c0f35 2008.0/x86_64/tetex-latex-3.0-38.1mdv2008.0.x86_64.rpm
06bec0274345808718613e07b3e41962 2008.0/x86_64/tetex-mfwin-3.0-38.1mdv2008.0.x86_64.rpm
3a3b8ff321d1ce4ea479045a20200b1e 2008.0/x86_64/tetex-texi2html-3.0-38.1mdv2008.0.x86_64.rpm
6fcb05b2f8b4e7bd885208dc6de21810 2008.0/x86_64/tetex-usrlocal-3.0-38.1mdv2008.0.x86_64.rpm
5738a25bebb49cd7a4d7f43941d78be9 2008.0/x86_64/tetex-xdvi-3.0-38.1mdv2008.0.x86_64.rpm
73daa083814ba2530413f8470aceecfa 2008.0/x86_64/xmltex-1.9-84.1mdv2008.0.x86_64.rpm
4389c2d79b2668ceb7bad37f1ae4aef4 2008.0/SRPMS/tetex-3.0-38.1mdv2008.0.src.rpm
Corporate 4.0:
8c4d6169030b47bb14e15a6dda00b149 corporate/4.0/i586/jadetex-3.12-110.6.20060mlcs4.i586.rpm
4043f0008239df8605033477e1973d7b corporate/4.0/i586/tetex-3.0-12.7.20060mlcs4.i586.rpm
054b119c506c7aecc7c6aca8891fa589 corporate/4.0/i586/tetex-afm-3.0-12.7.20060mlcs4.i586.rpm
016e3516166ecfb4357e1b1f073a68ad corporate/4.0/i586/tetex-context-3.0-12.7.20060mlcs4.i586.rpm
862fc8d42bbe6e2b3d315f94c26d92e6 corporate/4.0/i586/tetex-devel-3.0-12.7.20060mlcs4.i586.rpm
d5c6ce0b055dfdc0ec762a4021070a96 corporate/4.0/i586/tetex-doc-3.0-12.7.20060mlcs4.i586.rpm
22ade3a6c84c25ab4f8ba1678a485cec corporate/4.0/i586/tetex-dvilj-3.0-12.7.20060mlcs4.i586.rpm
25b5c35e76b54d836d0c692f94f298fe corporate/4.0/i586/tetex-dvipdfm-3.0-12.7.20060mlcs4.i586.rpm
c6e4f699fb9c37ce4b279935039157be corporate/4.0/i586/tetex-dvips-3.0-12.7.20060mlcs4.i586.rpm
28d97456ca40feeae28e486e9dae1c47 corporate/4.0/i586/tetex-latex-3.0-12.7.20060mlcs4.i586.rpm
ff78894a433c145884de287e862c6da2 corporate/4.0/i586/tetex-mfwin-3.0-12.7.20060mlcs4.i586.rpm
ce139ab94c185e00ccf6bbde042691b5 corporate/4.0/i586/tetex-texi2html-3.0-12.7.20060mlcs4.i586.rpm
fe3720824a164490ed5e30428bbc599f corporate/4.0/i586/tetex-xdvi-3.0-12.7.20060mlcs4.i586.rpm
0f750dc2af9ec6bf641668e835049a92 corporate/4.0/i586/xmltex-1.9-58.6.20060mlcs4.i586.rpm
627b86549bd327bb5afd58a58a872c3c corporate/4.0/SRPMS/tetex-3.0-12.7.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
1d639b2e29af5d6c0dc798e1077d6a78 corporate/4.0/x86_64/jadetex-3.12-110.6.20060mlcs4.x86_64.rpm
f009fa7cbe313c7ca502d5b322a6dc51 corporate/4.0/x86_64/tetex-3.0-12.7.20060mlcs4.x86_64.rpm
20d9db189c9961836bf9c8dd4bfbb9f7 corporate/4.0/x86_64/tetex-afm-3.0-12.7.20060mlcs4.x86_64.rpm
7bf689989f2ff2535187d0f234634263 corporate/4.0/x86_64/tetex-context-3.0-12.7.20060mlcs4.x86_64.rpm
993ff426ee9bc44a8da9a6fbddf1bdfb corporate/4.0/x86_64/tetex-devel-3.0-12.7.20060mlcs4.x86_64.rpm
cc36e12262a4bed8dd5480dad24f083f corporate/4.0/x86_64/tetex-doc-3.0-12.7.20060mlcs4.x86_64.rpm
a64c552eb0050f83a4dfbaf0575f48f8 corporate/4.0/x86_64/tetex-dvilj-3.0-12.7.20060mlcs4.x86_64.rpm
bcc91fd062ec4ba110c203fcd92e15ee corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.7.20060mlcs4.x86_64.rpm
09ab746d445a8b6ffed415dc4881aff3 corporate/4.0/x86_64/tetex-dvips-3.0-12.7.20060mlcs4.x86_64.rpm
70add36f626053b51866c8b531aba1dc corporate/4.0/x86_64/tetex-latex-3.0-12.7.20060mlcs4.x86_64.rpm
a1ec17d63a557a1b1beac92b18c13a6d corporate/4.0/x86_64/tetex-mfwin-3.0-12.7.20060mlcs4.x86_64.rpm
c88340b9d40ac141bae3977eea7b91dc corporate/4.0/x86_64/tetex-texi2html-3.0-12.7.20060mlcs4.x86_64.rpm
1a96fea8a19af5a30688524e8e332f3b corporate/4.0/x86_64/tetex-xdvi-3.0-12.7.20060mlcs4.x86_64.rpm
28fc6a16c24dd4120aa1ef1617905804 corporate/4.0/x86_64/xmltex-1.9-58.6.20060mlcs4.x86_64.rpm
627b86549bd327bb5afd58a58a872c3c corporate/4.0/SRPMS/tetex-3.0-12.7.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD4DBQFHQ1xCmqjQ0CJFipgRAqLrAJd/pZF+jMpNcICjm60jnkUmZJ6vAKC7ZSpd
t6BAAqG2yCgdP7KNW89gpg==
=CQEh
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed