Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilities
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 30 Dec 2004 04:20:51 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           tetex
 Advisory ID:            MDKSA-2004:166
 Date:                   December 29th, 2004

 Affected versions:      10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 Chris Evans discovered numerous vulnerabilities in the xpdf package,
 which also effect software using embedded xpdf code, such as tetex
 (CAN-2004-0888).
 
 Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
 Also programs like tetex which have embedded versions of xpdf.
 These can result in writing an arbitrary byte to an attacker controlled
 location which probably could lead to arbitrary code execution. 
 
 iDefense also reported a buffer overflow vulnerability, which affects 
 versions of xpdf <= xpdf-3.0 and several programs, like tetex, which use
 embedded xpdf code. An attacker could construct a malicious payload file
 which could enable arbitrary code execution on the target system
 (CAN-2004-1125).
 
 The updated packages are patched to protect against these
 vulnerabilities.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 c75d7af8ac2efc11d6fdc0df6809304d  10.0/RPMS/jadetex-3.12-93.1.100mdk.i586.rpm
 a38628da7c17a028cdec59064f842b9e  10.0/RPMS/tetex-2.0.2-14.1.100mdk.i586.rpm
 39b6affec6f818446309590bfaff7002  10.0/RPMS/tetex-afm-2.0.2-14.1.100mdk.i586.rpm
 eb1f62b9fb1306018f466537a52ebd08  10.0/RPMS/tetex-context-2.0.2-14.1.100mdk.i586.rpm
 9fecc8b2559fbd0cacd8883471060ec7  10.0/RPMS/tetex-devel-2.0.2-14.1.100mdk.i586.rpm
 3d9a926734a4c4693da46e94d96e367b  10.0/RPMS/tetex-doc-2.0.2-14.1.100mdk.i586.rpm
 f9cb43a4c44048d8f52359da684bec30  10.0/RPMS/tetex-dvilj-2.0.2-14.1.100mdk.i586.rpm
 be176389f8d2e1edbc935b3aaf489f50  10.0/RPMS/tetex-dvipdfm-2.0.2-14.1.100mdk.i586.rpm
 fffe1cb5015310963d60d7881097bda9  10.0/RPMS/tetex-dvips-2.0.2-14.1.100mdk.i586.rpm
 724424998639f66d0be41f27af7978e5  10.0/RPMS/tetex-latex-2.0.2-14.1.100mdk.i586.rpm
 ebde42e85a62ab73f7fdf2af4e0e49ce  10.0/RPMS/tetex-mfwin-2.0.2-14.1.100mdk.i586.rpm
 e2eca42c115c5540e26ca702b074bf70  10.0/RPMS/tetex-texi2html-2.0.2-14.1.100mdk.i586.rpm
 19529166e556b87854401791f567f686  10.0/RPMS/tetex-xdvi-2.0.2-14.1.100mdk.i586.rpm
 38ebef2194ed1c8950364bd1af24eb56  10.0/RPMS/xmltex-1.9-41.1.100mdk.i586.rpm
 637514fe15251ebb39b6d5ec65514b83  10.0/SRPMS/tetex-2.0.2-14.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 a741143c6f70869701db3682f618e35b  amd64/10.0/RPMS/jadetex-3.12-93.1.100mdk.amd64.rpm
 6c2504e7a92f17b132bfe709ebf5a25d  amd64/10.0/RPMS/tetex-2.0.2-14.1.100mdk.amd64.rpm
 b24f02a98b1d3f04881f12d692323a95  amd64/10.0/RPMS/tetex-afm-2.0.2-14.1.100mdk.amd64.rpm
 23031051edd62f7b59b33335d1c8846f  amd64/10.0/RPMS/tetex-context-2.0.2-14.1.100mdk.amd64.rpm
 a19d8eaf80260fdfb701634cdcf8bf34  amd64/10.0/RPMS/tetex-devel-2.0.2-14.1.100mdk.amd64.rpm
 8eae31a5c2f2430fdf7a6f07318465aa  amd64/10.0/RPMS/tetex-doc-2.0.2-14.1.100mdk.amd64.rpm
 dc91e4c7222a2078c61850972020c19b  amd64/10.0/RPMS/tetex-dvilj-2.0.2-14.1.100mdk.amd64.rpm
 a7200a22447c42371c23ff5ee586df2c  amd64/10.0/RPMS/tetex-dvipdfm-2.0.2-14.1.100mdk.amd64.rpm
 245d5423d50adf60a9d05c3bc0868122  amd64/10.0/RPMS/tetex-dvips-2.0.2-14.1.100mdk.amd64.rpm
 3a0369fc158cfe813e97feff9c64ddd0  amd64/10.0/RPMS/tetex-latex-2.0.2-14.1.100mdk.amd64.rpm
 ada985d1330877120cff9f907d30c265  amd64/10.0/RPMS/tetex-mfwin-2.0.2-14.1.100mdk.amd64.rpm
 d8604cec79664570994cbba838fbda87  amd64/10.0/RPMS/tetex-texi2html-2.0.2-14.1.100mdk.amd64.rpm
 886d233a3b4ce5246f57843a7e13fd88  amd64/10.0/RPMS/tetex-xdvi-2.0.2-14.1.100mdk.amd64.rpm
 fec3aaa15684f4cefb08c150b4dc3e40  amd64/10.0/RPMS/xmltex-1.9-41.1.100mdk.amd64.rpm
 637514fe15251ebb39b6d5ec65514b83  amd64/10.0/SRPMS/tetex-2.0.2-14.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 c018bb4c0dd71bc00e30d9bf8f9355ac  10.1/RPMS/jadetex-3.12-98.1.101mdk.i586.rpm
 8766ee73c6f53ea2a7c73065d0737e6a  10.1/RPMS/tetex-2.0.2-19.1.101mdk.i586.rpm
 0f8b27c62be9dffbd24aafefaa91ae14  10.1/RPMS/tetex-afm-2.0.2-19.1.101mdk.i586.rpm
 fe4e007ba5d1a2ff5582b8f3ac37f107  10.1/RPMS/tetex-context-2.0.2-19.1.101mdk.i586.rpm
 b51e30366aa2d0f6705cd9f47b4cc8eb  10.1/RPMS/tetex-devel-2.0.2-19.1.101mdk.i586.rpm
 bfd9a1fae367b94f84bddc47a664f145  10.1/RPMS/tetex-doc-2.0.2-19.1.101mdk.i586.rpm
 2006a5e5a0ab239aabc72ec1cc317ba8  10.1/RPMS/tetex-dvilj-2.0.2-19.1.101mdk.i586.rpm
 13a8fbae47c079bf25ae14fc00a04eff  10.1/RPMS/tetex-dvipdfm-2.0.2-19.1.101mdk.i586.rpm
 0b940e4b1a5dcb9a4319603ae7c2e60c  10.1/RPMS/tetex-dvips-2.0.2-19.1.101mdk.i586.rpm
 93a9e10c4481d4849fbd34b5603e732a  10.1/RPMS/tetex-latex-2.0.2-19.1.101mdk.i586.rpm
 64c8858d00ca93aa0bd56e46ff760705  10.1/RPMS/tetex-mfwin-2.0.2-19.1.101mdk.i586.rpm
 0c6e7741dd217fe289f938ffde385b89  10.1/RPMS/tetex-texi2html-2.0.2-19.1.101mdk.i586.rpm
 2d59aa6f98604f55336a62c22abbe3dc  10.1/RPMS/tetex-xdvi-2.0.2-19.1.101mdk.i586.rpm
 b57e279bbb4ed20851c75ff00e8251ed  10.1/RPMS/xmltex-1.9-46.1.101mdk.i586.rpm
 026aa0fa94c518da4f3659364bee2891  10.1/SRPMS/tetex-2.0.2-19.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c570889cca89def0d7495fae7cbb4397  x86_64/10.1/RPMS/jadetex-3.12-98.1.101mdk.x86_64.rpm
 79c2039c46a7a0b9e12e49d58446a050  x86_64/10.1/RPMS/tetex-2.0.2-19.1.101mdk.x86_64.rpm
 c88b323db95603cf2df6e4f9bda9a502  x86_64/10.1/RPMS/tetex-afm-2.0.2-19.1.101mdk.x86_64.rpm
 482670da1f161fd0eed8da70d1ae2dad  x86_64/10.1/RPMS/tetex-context-2.0.2-19.1.101mdk.x86_64.rpm
 64977b808c06865f42836c10a2383b41  x86_64/10.1/RPMS/tetex-devel-2.0.2-19.1.101mdk.x86_64.rpm
 1f47fea865ec6e17ec67e110dee27942  x86_64/10.1/RPMS/tetex-doc-2.0.2-19.1.101mdk.x86_64.rpm
 b65a9afac21bba71f0c92e45b2de86b7  x86_64/10.1/RPMS/tetex-dvilj-2.0.2-19.1.101mdk.x86_64.rpm
 ac830cecbb2f9bb08a6f21bd63182cae  x86_64/10.1/RPMS/tetex-dvipdfm-2.0.2-19.1.101mdk.x86_64.rpm
 53896fe3fb471adb5d79b8fa1b5155ff  x86_64/10.1/RPMS/tetex-dvips-2.0.2-19.1.101mdk.x86_64.rpm
 c9074ea704ed1677cdbd496279ee14aa  x86_64/10.1/RPMS/tetex-latex-2.0.2-19.1.101mdk.x86_64.rpm
 bf5c86b54feb8d667150b926a60d2bbf  x86_64/10.1/RPMS/tetex-mfwin-2.0.2-19.1.101mdk.x86_64.rpm
 51598825f27f549b4e2d0d8b748532a5  x86_64/10.1/RPMS/tetex-texi2html-2.0.2-19.1.101mdk.x86_64.rpm
 05e68143337cfdd882012b1950ae7c53  x86_64/10.1/RPMS/tetex-xdvi-2.0.2-19.1.101mdk.x86_64.rpm
 d4a3f7a1a21c333b97cb117cf8f69194  x86_64/10.1/RPMS/xmltex-1.9-46.1.101mdk.x86_64.rpm
 026aa0fa94c518da4f3659364bee2891  x86_64/10.1/SRPMS/tetex-2.0.2-19.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB04IjmqjQ0CJFipgRAnLEAKC/lfie9g5e2HZGprNrOZ1pi0lJgwCePMX/
ZXvynzlNfLqzeWIL6cXFEPI=
=B+Xl
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilities Mandrake Linux Security Team (Dec 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]