-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:144 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tetex Date : August 28, 2012 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in tetex: The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Different vulnerability than CVE-2010-2642 (CVE-2011-0433). t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document (CVE-2011-0764). t1lib 5.1.2 and earlier reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764 (CVE-2011-1552). Use-after-free vulnerability in t1lib 5.1.2 and earlier allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764 (CVE-2011-1553). Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764 (CVE-2011-1554). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554 http://www.toucan-system.com/advisories/tssa-2011-01.txt _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: f7f810e4116f27e959f188bb703c5ea1 mes5/i586/jadetex-3.12-145.3mdvmes5.2.i586.rpm e5bd1bdccaab2c7e2cafec53cacc84d1 mes5/i586/tetex-3.0-47.3mdvmes5.2.i586.rpm 79ba60000da9d48376d0682f83739d3d mes5/i586/tetex-afm-3.0-47.3mdvmes5.2.i586.rpm 2762a01972d571253ec542acc172a93b mes5/i586/tetex-context-3.0-47.3mdvmes5.2.i586.rpm 04d2e75e3725fb22fe734f3e386f140a mes5/i586/tetex-devel-3.0-47.3mdvmes5.2.i586.rpm aa4fda2fc5d73e95e1b884ab82ec06ef mes5/i586/tetex-doc-3.0-47.3mdvmes5.2.i586.rpm 188ed09bb211d33436e5c46b33be1a53 mes5/i586/tetex-dvilj-3.0-47.3mdvmes5.2.i586.rpm eed48db7403810ae54eea2bca807f327 mes5/i586/tetex-dvipdfm-3.0-47.3mdvmes5.2.i586.rpm e67df6f478840570b2faa773da08f376 mes5/i586/tetex-dvips-3.0-47.3mdvmes5.2.i586.rpm 2ae270880967e2497cbc23a515650edf mes5/i586/tetex-latex-3.0-47.3mdvmes5.2.i586.rpm 1c4d957b2bb7186866636a4a16248471 mes5/i586/tetex-mfwin-3.0-47.3mdvmes5.2.i586.rpm ce3abdde00968916b2d9fbc84c46899f mes5/i586/tetex-texi2html-3.0-47.3mdvmes5.2.i586.rpm 49c86d874f6d4f63dff0ea033a3769dc mes5/i586/tetex-usrlocal-3.0-47.3mdvmes5.2.i586.rpm 35baf4b93edcd30c2850d11691cc31f2 mes5/i586/tetex-xdvi-3.0-47.3mdvmes5.2.i586.rpm 69cf64422423d89a69c96bf28c239a5a mes5/i586/xmltex-1.9-93.3mdvmes5.2.i586.rpm afa6531e584b746b4b49ab40be16855a mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: c74b150324e5507584fcf6d0de675540 mes5/x86_64/jadetex-3.12-145.3mdvmes5.2.x86_64.rpm ece2f503c3d2d72784a395bde4d4b55f mes5/x86_64/tetex-3.0-47.3mdvmes5.2.x86_64.rpm 579a9fd3844da7e5b0ef0745a449d4b7 mes5/x86_64/tetex-afm-3.0-47.3mdvmes5.2.x86_64.rpm 06bc60c5f500374c3f3fe24d674d614a mes5/x86_64/tetex-context-3.0-47.3mdvmes5.2.x86_64.rpm bf8aace57cf58d686bbe3c55fb4141b3 mes5/x86_64/tetex-devel-3.0-47.3mdvmes5.2.x86_64.rpm ecfe9cd5a4a5e03172d01c44c51fb5b5 mes5/x86_64/tetex-doc-3.0-47.3mdvmes5.2.x86_64.rpm 8ec49ac5b95d4caba4c2964ad60c7102 mes5/x86_64/tetex-dvilj-3.0-47.3mdvmes5.2.x86_64.rpm 318b50b134c1b78e1fc410f442dcc603 mes5/x86_64/tetex-dvipdfm-3.0-47.3mdvmes5.2.x86_64.rpm 9c1594242450e651dbccb0f23d985720 mes5/x86_64/tetex-dvips-3.0-47.3mdvmes5.2.x86_64.rpm 442fa550ce7b17d812c8b821ef3ea6d1 mes5/x86_64/tetex-latex-3.0-47.3mdvmes5.2.x86_64.rpm 62aa630345a117725cd2dde5f9e62826 mes5/x86_64/tetex-mfwin-3.0-47.3mdvmes5.2.x86_64.rpm 8534c04f7ac1d14f0f696629da487450 mes5/x86_64/tetex-texi2html-3.0-47.3mdvmes5.2.x86_64.rpm d18f2d629add6518679ca651522e92c4 mes5/x86_64/tetex-usrlocal-3.0-47.3mdvmes5.2.x86_64.rpm 444972fe98ba46addb89212663efdc33 mes5/x86_64/tetex-xdvi-3.0-47.3mdvmes5.2.x86_64.rpm 037d0d760c6df3402b9742898943b021 mes5/x86_64/xmltex-1.9-93.3mdvmes5.2.x86_64.rpm afa6531e584b746b4b49ab40be16855a mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQPILgmqjQ0CJFipgRAhKBAKCoEM/F4H4+e23lviOf3CYmM8VXJACfegKO 0W8FQpb3KMbHTudQn9SwMkk= =y2n2 -----END PGP SIGNATURE-----