-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:124 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tetex Date : June 13, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 _______________________________________________________________________ Problem Description: A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Tetex uses an embedded copy of the gd source and may also be affected by this issue. The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 2e8c2ac6ad83cc072b76787be3d15299 2007.0/i586/jadetex-3.12-116.3mdv2007.0.i586.rpm 957a3160ce764d40e12e6017130a6332 2007.0/i586/tetex-3.0-18.3mdv2007.0.i586.rpm e6f1f57c2aab41833f5a2f4a46356144 2007.0/i586/tetex-afm-3.0-18.3mdv2007.0.i586.rpm 8c6e7772152cfa5ebe14cef82e9c8886 2007.0/i586/tetex-context-3.0-18.3mdv2007.0.i586.rpm 94be356439d6932788d9f7550e9206d5 2007.0/i586/tetex-devel-3.0-18.3mdv2007.0.i586.rpm cd5db61b9bfd3e644efd262de24e84c5 2007.0/i586/tetex-doc-3.0-18.3mdv2007.0.i586.rpm 846e037efab3a20fe81c1be5a5cbbfc0 2007.0/i586/tetex-dvilj-3.0-18.3mdv2007.0.i586.rpm 33c7aa750310bfda386768f9e7f8055d 2007.0/i586/tetex-dvipdfm-3.0-18.3mdv2007.0.i586.rpm 08db04b936e7d91644f21b54a423bcff 2007.0/i586/tetex-dvips-3.0-18.3mdv2007.0.i586.rpm 5bc245e88f789ded24c3b2c36740d24a 2007.0/i586/tetex-latex-3.0-18.3mdv2007.0.i586.rpm bb90c0b9833a35c31450f43149a5b076 2007.0/i586/tetex-mfwin-3.0-18.3mdv2007.0.i586.rpm dba9384f7d839111cacaee7511e080ed 2007.0/i586/tetex-texi2html-3.0-18.3mdv2007.0.i586.rpm 626eb3c0c5f18540e14c25b098e882e5 2007.0/i586/tetex-xdvi-3.0-18.3mdv2007.0.i586.rpm 468a678c98a37047027dc813274004ce 2007.0/i586/xmltex-1.9-64.3mdv2007.0.i586.rpm f65fbde65d9ca68be158f92e24508413 2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: ce0d6de4ce859af079ffe3afc49c05bf 2007.0/x86_64/jadetex-3.12-116.3mdv2007.0.x86_64.rpm 4b2e945b215737269c192a6fbcf838b6 2007.0/x86_64/tetex-3.0-18.3mdv2007.0.x86_64.rpm 1673d2571a84c29b58385e02eb3bd6c3 2007.0/x86_64/tetex-afm-3.0-18.3mdv2007.0.x86_64.rpm 60ca25d92303c6864a50559098c1b601 2007.0/x86_64/tetex-context-3.0-18.3mdv2007.0.x86_64.rpm 91d962afd5f258ab72c5ef2ab6bdfa1a 2007.0/x86_64/tetex-devel-3.0-18.3mdv2007.0.x86_64.rpm 2c186f216f86f43920ad9904d28e3e0f 2007.0/x86_64/tetex-doc-3.0-18.3mdv2007.0.x86_64.rpm 4d6ea1b35f033e1cd27d1d61393a0196 2007.0/x86_64/tetex-dvilj-3.0-18.3mdv2007.0.x86_64.rpm e4fc1eda06c96d9f72ec0415099d6094 2007.0/x86_64/tetex-dvipdfm-3.0-18.3mdv2007.0.x86_64.rpm a4daeeb22f0e9de15893df0d2b49614d 2007.0/x86_64/tetex-dvips-3.0-18.3mdv2007.0.x86_64.rpm 051377331be602aee494c41d7858b8a8 2007.0/x86_64/tetex-latex-3.0-18.3mdv2007.0.x86_64.rpm e341788602e2239080c80c111bc23d52 2007.0/x86_64/tetex-mfwin-3.0-18.3mdv2007.0.x86_64.rpm 6486e09c3be46503b597666819f2dcb3 2007.0/x86_64/tetex-texi2html-3.0-18.3mdv2007.0.x86_64.rpm fe18bf6f511d0a8af4a52f8970102fcb 2007.0/x86_64/tetex-xdvi-3.0-18.3mdv2007.0.x86_64.rpm 9b018058b8cae68e65228a151a849603 2007.0/x86_64/xmltex-1.9-64.3mdv2007.0.x86_64.rpm f65fbde65d9ca68be158f92e24508413 2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm Mandriva Linux 2007.1: 50048a669bb05f151efa42105f43fb9c 2007.1/i586/jadetex-3.12-129.2mdv2007.1.i586.rpm e29de9eb213eb8b94539a1e3d6a22db9 2007.1/i586/tetex-3.0-31.2mdv2007.1.i586.rpm 81ca9f7536b997c3793df222442fb519 2007.1/i586/tetex-afm-3.0-31.2mdv2007.1.i586.rpm 9659b9e7a5b8530c49cc9ceb40a32f18 2007.1/i586/tetex-context-3.0-31.2mdv2007.1.i586.rpm 2ba7ea077768d4c82351656578c984eb 2007.1/i586/tetex-devel-3.0-31.2mdv2007.1.i586.rpm 6ea801e052eab5a1bd6258c08b6c8268 2007.1/i586/tetex-doc-3.0-31.2mdv2007.1.i586.rpm 16160a0300b7a80c131a161fee536ccb 2007.1/i586/tetex-dvilj-3.0-31.2mdv2007.1.i586.rpm 8fb693d4715e914d85d4ef97f57c91f8 2007.1/i586/tetex-dvipdfm-3.0-31.2mdv2007.1.i586.rpm bc1ad2d54861f6b447e6205024f7e52f 2007.1/i586/tetex-dvips-3.0-31.2mdv2007.1.i586.rpm f672d69f2edb5d6a9d1ef562f570a7b9 2007.1/i586/tetex-latex-3.0-31.2mdv2007.1.i586.rpm 028c8012150d66f65b0386f1c1bc85a4 2007.1/i586/tetex-mfwin-3.0-31.2mdv2007.1.i586.rpm 67aa7bdf0e24c48f005ffdb6d5f1ed36 2007.1/i586/tetex-texi2html-3.0-31.2mdv2007.1.i586.rpm 0f2a7b4946894afa7e126f9deb17a7b7 2007.1/i586/tetex-usrlocal-3.0-31.2mdv2007.1.i586.rpm e481bed4173177025ae1ec8736be5d00 2007.1/i586/tetex-xdvi-3.0-31.2mdv2007.1.i586.rpm 5840aff2d781d350c725cfa542bd1703 2007.1/i586/xmltex-1.9-77.2mdv2007.1.i586.rpm 30fc9e3fdd1c57f5c3114ef62cd40206 2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: ca693fc97d8d06f649dbf6ce495065a2 2007.1/x86_64/jadetex-3.12-129.2mdv2007.1.x86_64.rpm c80a9f1e9d46d70acb08d8ff1ba79b89 2007.1/x86_64/tetex-3.0-31.2mdv2007.1.x86_64.rpm 384fbbfe1f41516e186217f772be285f 2007.1/x86_64/tetex-afm-3.0-31.2mdv2007.1.x86_64.rpm 2cde2d3ca5867704be94ad810b98545c 2007.1/x86_64/tetex-context-3.0-31.2mdv2007.1.x86_64.rpm 4a967f6eb42973b60120978d5b6552d5 2007.1/x86_64/tetex-devel-3.0-31.2mdv2007.1.x86_64.rpm b5b172dba480c0c8fb56bca4e0625983 2007.1/x86_64/tetex-doc-3.0-31.2mdv2007.1.x86_64.rpm a874b50dfb6ca67b3fa5e8a39f0570c0 2007.1/x86_64/tetex-dvilj-3.0-31.2mdv2007.1.x86_64.rpm 84c44363e7fb26726cdb47c3645a3e4a 2007.1/x86_64/tetex-dvipdfm-3.0-31.2mdv2007.1.x86_64.rpm 71cea521a62bcd4a019a46808df86f50 2007.1/x86_64/tetex-dvips-3.0-31.2mdv2007.1.x86_64.rpm f0e20e8eb0957621fef83b324d24ec6d 2007.1/x86_64/tetex-latex-3.0-31.2mdv2007.1.x86_64.rpm 52e972b6404156a84bd101acd972e7de 2007.1/x86_64/tetex-mfwin-3.0-31.2mdv2007.1.x86_64.rpm d0c983661de367d9c3b5ef8641d65784 2007.1/x86_64/tetex-texi2html-3.0-31.2mdv2007.1.x86_64.rpm b12db36bc90330c6ac09677bc9a4dadc 2007.1/x86_64/tetex-usrlocal-3.0-31.2mdv2007.1.x86_64.rpm 54d7c5622d0923ba8514e23e3d730c0b 2007.1/x86_64/tetex-xdvi-3.0-31.2mdv2007.1.x86_64.rpm 51d9d825e1826d8a4a2e35830b789d32 2007.1/x86_64/xmltex-1.9-77.2mdv2007.1.x86_64.rpm 30fc9e3fdd1c57f5c3114ef62cd40206 2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm Corporate 4.0: e599963f57bf4cbabcfa0bc5cd85361a corporate/4.0/i586/jadetex-3.12-110.5.20060mlcs4.i586.rpm 3d51ae4ec1cb2d9257990de218735b7c corporate/4.0/i586/tetex-3.0-12.5.20060mlcs4.i586.rpm f54c81df83907d8465375ebf0cc0be51 corporate/4.0/i586/tetex-afm-3.0-12.5.20060mlcs4.i586.rpm 628d170cfd5848644efccc75e3c7b2ee corporate/4.0/i586/tetex-context-3.0-12.5.20060mlcs4.i586.rpm e8414063f9a970b11eb259e4f247d6a4 corporate/4.0/i586/tetex-devel-3.0-12.5.20060mlcs4.i586.rpm 766cadc5ead080da2714132785abbc2b corporate/4.0/i586/tetex-doc-3.0-12.5.20060mlcs4.i586.rpm a1a0d027f353f029eff92e44d1d380b2 corporate/4.0/i586/tetex-dvilj-3.0-12.5.20060mlcs4.i586.rpm 4878794c86296306e98e3083b0888da9 corporate/4.0/i586/tetex-dvipdfm-3.0-12.5.20060mlcs4.i586.rpm 13fded1d09028f0f6a09745dde2c9195 corporate/4.0/i586/tetex-dvips-3.0-12.5.20060mlcs4.i586.rpm bf586503d8f18aeb0e4d039b0a5811ac corporate/4.0/i586/tetex-latex-3.0-12.5.20060mlcs4.i586.rpm 6addfcd795b2760417bd6322b1e06161 corporate/4.0/i586/tetex-mfwin-3.0-12.5.20060mlcs4.i586.rpm dadfda7a6b914a804ca9064f3ccd858b corporate/4.0/i586/tetex-texi2html-3.0-12.5.20060mlcs4.i586.rpm 7d503c927bed3c8f4900bb63dc5fa1cb corporate/4.0/i586/tetex-xdvi-3.0-12.5.20060mlcs4.i586.rpm 14abc9b3821b8fed85ccc324d2750464 corporate/4.0/i586/xmltex-1.9-58.5.20060mlcs4.i586.rpm 6eeeae7b2e2a3f73041996ed6bb455b6 corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: 20945c9decacd27b855bbf1a234f51fe corporate/4.0/x86_64/jadetex-3.12-110.5.20060mlcs4.x86_64.rpm 051d3485b5f89420dd2d88ec53307412 corporate/4.0/x86_64/tetex-3.0-12.5.20060mlcs4.x86_64.rpm 0e26a770001875de05795cbed4206a77 corporate/4.0/x86_64/tetex-afm-3.0-12.5.20060mlcs4.x86_64.rpm d9fdf4240acec0a31dbc5e0c96887de5 corporate/4.0/x86_64/tetex-context-3.0-12.5.20060mlcs4.x86_64.rpm 428e660f5caf899f82a9f9aca31ed4a0 corporate/4.0/x86_64/tetex-devel-3.0-12.5.20060mlcs4.x86_64.rpm 51c6a7ed18b59d381156ffe1291cf4a5 corporate/4.0/x86_64/tetex-doc-3.0-12.5.20060mlcs4.x86_64.rpm 2f182feb9728673a4f97bfc60fb3e6fb corporate/4.0/x86_64/tetex-dvilj-3.0-12.5.20060mlcs4.x86_64.rpm 9ae5269b4468ce485ad0488cabc2f91e corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.5.20060mlcs4.x86_64.rpm 75b50d9c33d183728796d845b0f07c14 corporate/4.0/x86_64/tetex-dvips-3.0-12.5.20060mlcs4.x86_64.rpm 1f0454ee084c06cce0739937441e0487 corporate/4.0/x86_64/tetex-latex-3.0-12.5.20060mlcs4.x86_64.rpm 97a2f90d8e8f5f19fde44b25834af43b corporate/4.0/x86_64/tetex-mfwin-3.0-12.5.20060mlcs4.x86_64.rpm 27b66f9466cf9ff3f4850fe0e6a412de corporate/4.0/x86_64/tetex-texi2html-3.0-12.5.20060mlcs4.x86_64.rpm 9568e6f8b9efa04ea56b943dc1ac6383 corporate/4.0/x86_64/tetex-xdvi-3.0-12.5.20060mlcs4.x86_64.rpm 8672d507807a9f69cd8457ccaec313af corporate/4.0/x86_64/xmltex-1.9-58.5.20060mlcs4.x86_64.rpm 6eeeae7b2e2a3f73041996ed6bb455b6 corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGcH29mqjQ0CJFipgRAtkAAJkBxXRe2D5sxrXM3DquTkeyiJa9NACeN+/g YNHAIvisoAStqxxVjL2y0ks= =eT9G -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/