Home page logo
/

bugtraq logo Bugtraq mailing list archives

MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: Tue, 25 Jan 2005 21:53:57 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           tetex
 Advisory ID:            MDKSA-2005:021
 Date:                   January 25th, 2005

 Affected versions:      10.0, 10.1, Corporate Server 3.0
 ______________________________________________________________________

 Problem Description:

 A buffer overflow vulnerability was discovered in the xpdf PDF          
 code, which could allow for arbitrary code execution as the user 
 viewing a PDF file. The vulnerability exists due to insufficient bounds
 checking while processing a PDF file that provides malicious values in
 the /Encrypt /Length tag. Tetex uses xpdf code and is susceptible to the
 same vulnerability.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 40d6aebb8d91f7b04d502c13c0c7988d  10.0/RPMS/jadetex-3.12-93.2.100mdk.i586.rpm
 41f2fa1c103e0f52d928082df6092702  10.0/RPMS/tetex-2.0.2-14.2.100mdk.i586.rpm
 af3e3902dbb7b92bd17d75266ab19f55  10.0/RPMS/tetex-afm-2.0.2-14.2.100mdk.i586.rpm
 f5c0808347d158d73c538e33bb16f4eb  10.0/RPMS/tetex-context-2.0.2-14.2.100mdk.i586.rpm
 b241d5b5d6642c208c55b25d139ea3db  10.0/RPMS/tetex-devel-2.0.2-14.2.100mdk.i586.rpm
 ea189c41518751ec76c34892d51fe6fa  10.0/RPMS/tetex-doc-2.0.2-14.2.100mdk.i586.rpm
 f7c4338ad2fa1577a61f3c9e6d171e78  10.0/RPMS/tetex-dvilj-2.0.2-14.2.100mdk.i586.rpm
 2ab382ddc6314e39697703d41287bb85  10.0/RPMS/tetex-dvipdfm-2.0.2-14.2.100mdk.i586.rpm
 0f271b4912b99e8f78b756e28b79e3b7  10.0/RPMS/tetex-dvips-2.0.2-14.2.100mdk.i586.rpm
 e9537b9c894f25be502dd30f8cbb9093  10.0/RPMS/tetex-latex-2.0.2-14.2.100mdk.i586.rpm
 457cf9e27e637f2af71b3f318bced378  10.0/RPMS/tetex-mfwin-2.0.2-14.2.100mdk.i586.rpm
 d589c6473932773c2dae23507b6f8da3  10.0/RPMS/tetex-texi2html-2.0.2-14.2.100mdk.i586.rpm
 519f7e12dd92391036eae21474b1f7ea  10.0/RPMS/tetex-xdvi-2.0.2-14.2.100mdk.i586.rpm
 7b9f14eefca1f88d17177b326377ae48  10.0/RPMS/xmltex-1.9-41.2.100mdk.i586.rpm
 6c10db8e7c4b28f137e925830e0209be  10.0/SRPMS/tetex-2.0.2-14.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 3baa5126a4177a234774aff259885dee  amd64/10.0/RPMS/jadetex-3.12-93.2.100mdk.amd64.rpm
 8e7f1561dee9f3c7c340c3a0bce0748a  amd64/10.0/RPMS/tetex-2.0.2-14.2.100mdk.amd64.rpm
 df30facae4620505899124645b3c8d4e  amd64/10.0/RPMS/tetex-afm-2.0.2-14.2.100mdk.amd64.rpm
 f12bb795148163d2bb95d004d4362337  amd64/10.0/RPMS/tetex-context-2.0.2-14.2.100mdk.amd64.rpm
 61cdcd9359db5ff35f6544e4d5275798  amd64/10.0/RPMS/tetex-devel-2.0.2-14.2.100mdk.amd64.rpm
 d211b65dd282fd9bf4fe96bf5b179c20  amd64/10.0/RPMS/tetex-doc-2.0.2-14.2.100mdk.amd64.rpm
 8e80407a7cd67d10b5530397e0c84825  amd64/10.0/RPMS/tetex-dvilj-2.0.2-14.2.100mdk.amd64.rpm
 f380ff2dc335c076d83ec4c7a04296ae  amd64/10.0/RPMS/tetex-dvipdfm-2.0.2-14.2.100mdk.amd64.rpm
 725702ea717f0aee358a3f6f8215b44f  amd64/10.0/RPMS/tetex-dvips-2.0.2-14.2.100mdk.amd64.rpm
 7823c3937b223d32ca4564d3f89783cc  amd64/10.0/RPMS/tetex-latex-2.0.2-14.2.100mdk.amd64.rpm
 9f2b8571f6aae75f01f5550453a663bd  amd64/10.0/RPMS/tetex-mfwin-2.0.2-14.2.100mdk.amd64.rpm
 e4e2f03a4175dc115b61835a7d46e730  amd64/10.0/RPMS/tetex-texi2html-2.0.2-14.2.100mdk.amd64.rpm
 bf6544e25d3b3814332fed95f503318a  amd64/10.0/RPMS/tetex-xdvi-2.0.2-14.2.100mdk.amd64.rpm
 e30a3d2c064ac446c630e082e632b4ff  amd64/10.0/RPMS/xmltex-1.9-41.2.100mdk.amd64.rpm
 6c10db8e7c4b28f137e925830e0209be  amd64/10.0/SRPMS/tetex-2.0.2-14.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 eca5fcbe65ed5c3797e06ed9ff1a7f13  10.1/RPMS/jadetex-3.12-98.2.101mdk.i586.rpm
 c77f7180326a753e16b32432802a54d4  10.1/RPMS/tetex-2.0.2-19.2.101mdk.i586.rpm
 2b911077426596c3fdc2d0f0b001e3d9  10.1/RPMS/tetex-afm-2.0.2-19.2.101mdk.i586.rpm
 7fc9384f549a69836ceb0a313231cd2f  10.1/RPMS/tetex-context-2.0.2-19.2.101mdk.i586.rpm
 ab251e5f024fa5f68418d0ec93ac69c1  10.1/RPMS/tetex-devel-2.0.2-19.2.101mdk.i586.rpm
 1178eba7e1977da9f2030c8988d952b9  10.1/RPMS/tetex-doc-2.0.2-19.2.101mdk.i586.rpm
 532aed1e7b7b86d06e920ce7607878f3  10.1/RPMS/tetex-dvilj-2.0.2-19.2.101mdk.i586.rpm
 839b4a857a67530927ff53e3ae8d86dc  10.1/RPMS/tetex-dvipdfm-2.0.2-19.2.101mdk.i586.rpm
 9beb5ef910f48934f5502c2dc98213bc  10.1/RPMS/tetex-dvips-2.0.2-19.2.101mdk.i586.rpm
 18cbe96e3029686d99e88b236572a62b  10.1/RPMS/tetex-latex-2.0.2-19.2.101mdk.i586.rpm
 12ed83277f18fa2bb01335f3e0b010c4  10.1/RPMS/tetex-mfwin-2.0.2-19.2.101mdk.i586.rpm
 7a8027ae68b579e471b368c46f3c32ed  10.1/RPMS/tetex-texi2html-2.0.2-19.2.101mdk.i586.rpm
 2d37ee84d4f0cde89e4886de9df078b9  10.1/RPMS/tetex-xdvi-2.0.2-19.2.101mdk.i586.rpm
 85e3c674ccc6902c03cbc282ed4aa66e  10.1/RPMS/xmltex-1.9-46.2.101mdk.i586.rpm
 dde980ea4d7c444ef0d522984fd87633  10.1/SRPMS/tetex-2.0.2-19.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 a62b9a7e1371a93b530985284198e7dd  x86_64/10.1/RPMS/jadetex-3.12-98.2.101mdk.x86_64.rpm
 64c7cf3a6a022fa496055553405a7c34  x86_64/10.1/RPMS/tetex-2.0.2-19.2.101mdk.x86_64.rpm
 6085e92f336de0eda7e285d00a075286  x86_64/10.1/RPMS/tetex-afm-2.0.2-19.2.101mdk.x86_64.rpm
 d64f00f92cdda49926df9b834b3ba325  x86_64/10.1/RPMS/tetex-context-2.0.2-19.2.101mdk.x86_64.rpm
 c28cec8afde1d2f08fe6c43eb3a27811  x86_64/10.1/RPMS/tetex-devel-2.0.2-19.2.101mdk.x86_64.rpm
 568739e6b166790afbf3de9624a2b8f2  x86_64/10.1/RPMS/tetex-doc-2.0.2-19.2.101mdk.x86_64.rpm
 7f8b83210a2694d10b4066190cb34a0e  x86_64/10.1/RPMS/tetex-dvilj-2.0.2-19.2.101mdk.x86_64.rpm
 1ac663acf2c915376a9ce8fd2626a3e1  x86_64/10.1/RPMS/tetex-dvipdfm-2.0.2-19.2.101mdk.x86_64.rpm
 32cb8f7149cf6f886b50fbbc5a9e4377  x86_64/10.1/RPMS/tetex-dvips-2.0.2-19.2.101mdk.x86_64.rpm
 528ec8126e736bd3a21b72ff2d147a20  x86_64/10.1/RPMS/tetex-latex-2.0.2-19.2.101mdk.x86_64.rpm
 10ebdf7f419cc91c7ab10552e5003e9d  x86_64/10.1/RPMS/tetex-mfwin-2.0.2-19.2.101mdk.x86_64.rpm
 b13e174640ea86a7da131625812f1003  x86_64/10.1/RPMS/tetex-texi2html-2.0.2-19.2.101mdk.x86_64.rpm
 c79803217976d09397864afea0206965  x86_64/10.1/RPMS/tetex-xdvi-2.0.2-19.2.101mdk.x86_64.rpm
 adb9f1d3b3bca4d4880578abb39dde1d  x86_64/10.1/RPMS/xmltex-1.9-46.2.101mdk.x86_64.rpm
 dde980ea4d7c444ef0d522984fd87633  x86_64/10.1/SRPMS/tetex-2.0.2-19.2.101mdk.src.rpm

 Corporate Server 3.0:
 9c2b33053456652155f02b6d03195f15  corporate/3.0/RPMS/jadetex-3.12-93.2.C30mdk.i586.rpm
 31297608c24b9a17ad09da551b502f62  corporate/3.0/RPMS/tetex-2.0.2-14.2.C30mdk.i586.rpm
 5194001eb838de6d57b4117fc4022bb6  corporate/3.0/RPMS/tetex-afm-2.0.2-14.2.C30mdk.i586.rpm
 1384feb89e678fcb1d453a3b58ff2398  corporate/3.0/RPMS/tetex-context-2.0.2-14.2.C30mdk.i586.rpm
 9dd1376bed60d332d73678b419974fbb  corporate/3.0/RPMS/tetex-devel-2.0.2-14.2.C30mdk.i586.rpm
 44040f05b2e7102bbd1a380f664a5467  corporate/3.0/RPMS/tetex-doc-2.0.2-14.2.C30mdk.i586.rpm
 a12fcd0d1d32333f3b35db8ed26f700c  corporate/3.0/RPMS/tetex-dvilj-2.0.2-14.2.C30mdk.i586.rpm
 be5e8c23a2ae789add263c27f5436ee0  corporate/3.0/RPMS/tetex-dvipdfm-2.0.2-14.2.C30mdk.i586.rpm
 c860bf20a37e24e3d033b30dec262d47  corporate/3.0/RPMS/tetex-dvips-2.0.2-14.2.C30mdk.i586.rpm
 3998ef51524aac72b036a6125b4914a2  corporate/3.0/RPMS/tetex-latex-2.0.2-14.2.C30mdk.i586.rpm
 95d5aa79cfcc4b86f0fe675587f0886e  corporate/3.0/RPMS/tetex-mfwin-2.0.2-14.2.C30mdk.i586.rpm
 15649bafe0fe99d73a3ea76c42de20f3  corporate/3.0/RPMS/tetex-texi2html-2.0.2-14.2.C30mdk.i586.rpm
 4316a252663322c106375779825cc04f  corporate/3.0/RPMS/tetex-xdvi-2.0.2-14.2.C30mdk.i586.rpm
 472b4f90c8c97796a90c8c9f602dbe93  corporate/3.0/RPMS/xmltex-1.9-41.2.C30mdk.i586.rpm
 25a861bbcc9bd9b119b022d95b3fa8d0  corporate/3.0/SRPMS/tetex-2.0.2-14.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB9yJlmqjQ0CJFipgRAmRZAJ4oCt3Cp46pUGDlVwNdFLBWlsxZfACgg7RO
IhOLTHvlWob/LZZOjxJo/j4=
=XJ1V
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability Mandrake Linux Security Team (Jan 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]